I am new to Sonar, in our project we are using SonarQube. Please tell the steps to get all the rules defined.
In what format? You can view them all using the rule search interface:
Or get them as JSON using the rule search api
Related
I am using gradle 6.8 and MarkLogic version is 10.0-5.2,
My XQuery code is in directory \ml-gradle\src\main\common. When I run the command mlLoadModules to load XQuery into the modules database it loads with default URI /common/test.xqy.
I want to add some prefix to the URIs e.g. /rsc/common/test.xqy. How can I achieve that?
Note: I don't want to create an extra folder in my source for prefix "rsc".
It's not supported, though you could write a custom Gradle task to change the URI to whatever you like.
Why do you not want to create an "rsc" folder above "common"? I think other developers would find it much more intuitive that "rsc/common/test.xqy" becomes "/rsc/common/test.xqy" when loaded, rather than "common/test.xqy" becomes "rsc/common/test.xqy", which begs the question - where is "rsc" coming from? And then that developer would need to understand what property / custom code is adding that "rsc".
I want to add customized java rules in sonarqube. I have googled it and found that we need to make a pluggin for that. But can't find any proper link describing to make the rule. Any help would be appreciable.
You can follow "Writing Custom Java Rules 101", which describes how to make a sonar-packaging-maven-plugin artifact.
When implementing a rule, there is always a minimum of 3 distinct files to create:
A test file, which contains Java code used as input data for testing the rule
A test class, which contains the rule's unit test
A rule class, which contains the implementation of the rule.
As mentioned in "Custom Rules for Java", To go further, you can explore a sample plugin containing other custom rules.
This project can be browsed or downloaded.
I am currently trying to update update a rule through the web api of sonarqube. I was trying to pass information like Serverity, Description and Remediation Function with the post request with the parameters according to the web api documentation. Everytime I tried to do that I got a response of 400.
But when I edited the request parameters to pass only the markdown_note and the key it worked and the note was set.
I honestly don't know what I am missing. According to the documentation it should work.
The description of the api/rules web services is :
Get and update some details of automatic rules, and manage custom
rules.
You can only update custom rules, not rules provided by language plugins.
The only exception to this is indeed the fact that you can add some notes on all rules.
Does SonarQube have a rule which will scan a files content for a reqular expression and if found during a scan will mark as an issue?
Example:
I want a rule which that will scan each file for the word "AcmeProducts" and mark it as "Critical" if found.
Thanks
Jason
I was able to accomplish this by creating a custom rule based on the Comment pattern matcher rule in sonarqube.
I'm not sure if such rule exists.
You could implement a custom plugin to provide such rule.
Something that's very close to what you need is the HasTagSensor of the Xoo Plugin, which is not a real plugin, but a sample to demonstrate and test features of the plugin API.
The HasTag rule implementation that I linked raises an issue for each occurrence of some configured string (not a regex).
Based on this, you could implement a rule that uses a regex parameter instead of a string.
I think that what you are looking for is implemented in the sonar checkstyle plugin.
To configure such a rule :
Install the sonar checkstyle plugin. The instructions to follow is
given here, on the sonar checkstyle plugin GitHub page :
https://github.com/checkstyle/sonar-checkstyle.
Reboot your sonar instance to make the new plugin available
Configure a new rule, using the following menu sequence :
"Quality profile"
select the quality profile to modify
in the rule list, select "Activate more"
in the "repository" section, select "checkstyle" to filter checkstyle's plugin rules
select the rule template "Regexp Singleline" and create a new rule base on a regex detecting your prohibited key word.
I have a web app project where the quality is measured under sonarqube.
As i'm dealing with an external code within my project files
Recently i have had some issues appearing due to that exetrnal code and which i'm not focusing on its quality :
So i wanna just delete the issue to appear from my sonar dashboard (which looks like the following):
The solutions that i have had where not really usefull , as :
i was suggested to change the level of the rule itself from "issue" to "info" :
And of course that seems to be not usefful because , i won't affect the rule itself
the second suggestion was to use the :
#SuppressWarnings decorator in my blocks of code where the issues appeared ; : for example use it under classes or methods or even fields
-> this method results in adding some code to my extarnal code and that won't be also good as i'm not even having the permission to do it.
I wanna just the simpliest solution to delete the issue from the sonar dashboard , just suppress it from the SonarQube interface , strangely it seems that there is no a direct way to do it :
Any better ideas ??
The easiest way is excluding external code from the report with narrowing the focus feature.
Just add to your sonar-project.properties file path pattern to exclusion, for example
# Exclude all classes ending by "Bean"
# Matches org/sonar.api/MyBean.java, org/sonar/util/MyOtherBean.java, org/sonar/util/MyDTO.java, etc.
sonar.exclusions=**/*Bean.java,**/*DTO.java
# Exclude all classes in the "src/main/java/org/sonar" directory
# Matches src/main/java/org/sonar/MyClass.java, src/main/java/org/sonar/MyOtherClass.java
# But does not match src/main/java/org/sonar/util/MyClassUtil.java
sonar.exclusions=src/main/java/org/sonar/*
If you're not interested some issues because it's not your code, then you should not have SonarQube analyze that code. According to the SonarQube documention:
We recommend that you exclude generated code, source code from
libraries, etc.
You should check in particular the following settings in the same documentation page:
sonar.sources
sonar.exclusions
These settings will be taken into account the next time you run an analysis.