SonarQube ecosystem upgrades (SonarQube and SonarLint) - sonarqube

We are using SonarQube 5.1 and want to upgrade to SonarQubee 5.2 or 5.3 due to some issues around issue assign area of SonarQube 5.1
We are also using SonarQube eclipse plugin 3.5.0
I noticed recently that SonarQube eclipse plugin 3.5.0 is not supported with SonarQube 5.2 as per http://docs.sonarqube.org/display/SONAR/SonarQube+in+Eclipse.
Also latest SonarLint release 1.2 cannot connect to remote Sonar Instance to fetch server rules. This feature was available with SonarQube eclipse plugin 3.5.0.
I found on Stackoverflow that SonarLint would support this feature with release 2.0 but there is no planned release date for 2.0
Getting remote config file for SonarLint if online, using local if offline
My question is why SonarQube ecosystem upgrades are not synchronised?
SonarQube eclipse plugin should support latest SonarQube releases until SonarLint is capable to connect to remote Sonar instance to fetch server rules.
How anyone who are supposed to take SonarQube upgrades to resolve problems with existing version could execute eclipse analysis?

As you have read, the SonarQube Eclipse plugin has been deprecated in favor of SonarLint for Eclipse. One of the main reasons behind this is that SonarLint for Eclipse is designed to be an independant product which lifecycle must be decoupled from SonarQube - in order to ease and speed up innovation on the user experience in the IDE. So by now, SonarQube and SonarLint upgrades are not synchronized by definition.
Still, your question is perfectly valid: why don't we make some last updates on the SQ Eclipse plugin as long as SonarLint is not able to connect to a SonarQube server? The main reason is that we believe so much in SonarLint that we want to focus all our attention and energy on that product, and therefore we want to move fast to be able to have the "connected-to-SonarQube" experience as soon as possible. Our telemetry tells us that most existing users and customers are currently using a SonarQube version that is still usable with the SQ Eclipse plugin, so I feel this is the right decision to work as fast as possible on SonarLint to make sure it can connect to a SonarQube instance in the upcoming months (when the next LTS is released).

The following combination works fine
(SonarLint + SonarScanner + SonarQube + Eclipse):
SonarLint: 3.5.0.201804241315
sonarScanner: sonar-scanner-3.2.0.1227-windows
SonarQube: 6.7.4 (build 38452)
sonar-scanner.properties:
sonar.host.url=http://localhost:9000
sonar.sourceEncoding=UTF-8
sonar.projectKey=JavaProject
sonar.projectName=MyJavaStandaloneProject
sonar.projectVersion=0.0.1-SNAPSHOT
sonar.sources=D:/eclipse/workspace/MyJavaStandaloneProject
sonar.java.binaries=D:/eclipse/workspace/MyJavaStandaloneProject/target/classes
pom.xml:
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.2</version>
</plugin>
</plugins>
</build>
Bind Eclipse projects to SonarQube projects:
Select a SonarQube server: localhost
Eclipse Project: MyJavaStandaloneProject
SonarQube Project: 'MyJavaProject' on server localhost
Click: Auto bind selected projects.
"Note: SonarQube Project: 'MyJavaProject' on server localhost
can be auto configured by clicking Auto bind button."
All configurations done.
Right click project and Run As Maven build ...
Goal: sonar:sonar
[INFO] ANALYSIS SUCCESSFUL

Related

Master branch analysis with Sonarqube (Community Edition)

I understand that it is possible to perform the analysis of the master branch with the Community version.
How can this be done? Since the only way I've found is using the sonar-scanner.
Thanks.
Sonarqube supports scanning of a branch per project in the Community Edition without any additional plugins installed. You typically do this using the scanner that fits into your build tool, e.g. Sonar Maven Scanner, Sonar Gradle Scanner, Sonar MSBuild Scanner plus some other scanners. You'll need to have a SonarQube server running somewhere (locally, or potentially Sonar Cloud) for the Scanner to communicate with.
The terminology may be what's misleading you here - SonarQube is split into 3 main parts:
Sonar Server: the user interface and API, typically run on a remote server
Sonar Scanner: the part that runs on your local/build machine, gathers details about your source code, libraries, test results, coverage etc and submits them to the Compute Engine
Sonar Compute Engine: the part that does all the work of analysing source and byte code, coverage, and test results to calculate any issues and produce quality metrics which Sonar Server then presents back as the result of a scan. This part is normally run as part of you launching Sonar Server so you wont typically have to do anything special to get this working.
You wont be able to get any results without having used all 3 of these parts, normally by downloading and running SonarQube, and then running the scanner using your build tool.
If you're wanting to scan more than a single branch in newer editions of SonarQube (7.3 and above) then you'll need to consider updating to SonarQube Developer Edition, or installing a plugin that support Community Edition Branch Analysis

Can i run analysis with sonarlint and see the same on sonarqube server without involving sonar scanner at all

I have installed Sonar Scanner and Sonar Qube and i am running code analysis with Sonar Scanner and i can see the results on Sonar Qube server in bowser. Also,I have SonarLint added in my VS2015 and i am using connected mode with my sonar qube server. And i run analysis with sonar lint also locally.
Sonar Scanner is a program that connects to a SonarQube server, downloads analyzers and active rules, runs the analyzers locally on your source code, and finally pushes the analysis results to SonarQube, so that you can manage the quality of your source code on SonarQube.
SonarLint is designed to analyze files as you work on them in your IDE (VS2015 in your case). It does not produce analysis reports and does not push them to SonarQube server. Not even in connected mode. The purpose of connected mode is to use the same analyzers and same rules as configured on SonarQube. Pushing analysis reports to the server is out of the scope of SonarLint.
In short, if you want to see analysis results on SonarQube and manage the quality of your software, you cannot skip the Sonar Scanner.

Does Sonar for Bamboo Add-on support branches after SonarQube 6.7?

The sonar.branch parameter is deprecated starting from SonarQube 6.7.
Will branch analysis on Sonar for Bamboo still function after upgrading to Sonarqube 6.7 without having the branch plugin?
Yes, the plug-in still supports the old branching model even with version 6.7.

Where can I find the "Customize On/Off" option?

In our Sonar Build Environment we use SonarQube Server Version 5.6.6 (64-Bit) and our analysis runs on a Sonar Client Build Operating System with Ubuntu 14.04.5 LTS (64-Bit).
Recently I have upgraded SonarQube from 5.1 to 5.6.6 (LTS). But under "Project Code" the "Customize ON|OFF" option is now missing.
Currently I can see only these options:
Lines of Code
Bugs
Vulnerabilities
Code Smells
Coverage
Duplications
In SonarQube version 5.1 I was using the "Customize ON|OFF" option to customize and add required columns.
How can I enable this feature back in SonarQube 5.6.6?
The feature does not exist any longer (it has been dropped when rewriting the Project space), and there's currently no plan to reintroduce it.

Sonar eclipse plugin needs sonar server installed

Is Sonar eclipse plugin needs a valid sonar server installed locally or remotely to do the quality profiles in eclipse.
Thanks,
cabear
As per the "Configuring SonarQube in Eclipse" documentation page, you can see that this is indeed required to have a SonarQube server installed somewhere.
If your project is not already under analysis, you'll need to declare
it through the SonarQube web interface.
Once your project exists in SonarQube, you're ready to get started
with SonarQube in Eclipse.

Resources