I am trying to run SonarQube using Sonar runner in local dev box for pre-commit check. We have a central SonarQube server where a analysis is done every day and published to the dashboard. When we are running on local dev box everytime the the issue report contains all the issues as new hence incremental data is not available. I have also tried both incremental and preview mode but the result is some.
Please find below the version of the tools used.And also configuration files. Please let me know if some other data is required.
SonarQube version : 5.1
Sonar Runner version : 2.4
sonar-runner.properties
sonar.host.url=http://[central sonar server]:9000/
sonar.issuesReport.html.enable=true
sonar.login=admin
sonar.password=admin
sonar-project.properties
sonar.projectKey=myProj:myProj-master
sonar.projectName=MASTER_PROJECT
sonar.projectVersion=21.0
sonar.sources=./src
sonar.binaries=./bin/
sonar.issuesReport.html.enable=true
sonar.exclusions=com/**/test/*.java
sonar.skipPackageDesign=true
sonar.profile=SonarWay
sonar.preview.excludePlugins=devcockpit,buildstability,pdfreport,report,buildbreaker,views,jira,issueassign,scmstats
Command Used :
c:\sonar-runner-dist-2.4\sonar-runner-2.4\bin\sonar-runner -e -Dsonar.analysis.mode=preview -Dsonar.issuesReport.console.enable=true -Dsonar.issuesReport.html.enable=true
Updated with additional properties tried as well. in sonar-runner.properties
I believe your problem is tied directly to your use of a local server.
The purpose of preview analysis is to allow you to compare your local changes with what's on the remote SonarQube server. Since your remote server is update every night, running your preview against it will show you the issues you've introduced that day. Instead, you're running against a local instance which gets updated with a full analysis... never? Which (if true) would be why all your issues show up as new.
To execute a preview analysis against your remote server, you will need both the global Execute Preview Analysis permission and the project-level Browse permission for the project in question.
If for some reason you're unable to get those permissions (which is possibly why you're running a local SonarQube server?) Then you'll want to do the same full checkout and analysis locally every night that's being done for the official, remote server. I.e. you'll probably have to set up a second, parallel architecture. In short, it's probably easier in the long run to nag to get the appropriate permissions on the remote server.
Issue is resolved . 2 things fixed the issue.
Creating a user with the required permissions.
Installing "Issues Report" plugin
Related
We have a SonarQube server that is actively used by several other teams in the company, but which my team hasn't been using for several years.
When I tried to encourage my team to start monitoring code quality with Sonar again, I discovered that the Project in Sonar is being updated on a regular basis.
However, no-one in the team has any idea where these updates are coming from!
Sonar is not included in our main project POM file (we use Maven), and as far as I can tell, it's not being triggered by Jenkins (the Sonar plugin for Jenkins does not appear to be installed or configured).
That leaves a scheduled execution of a SonarScanner as the most likely source for these updates. However, in a company with several hundred servers and thousands of users, I have no idea where to start looking for this scheduled job!
Is there anything in the Sonar logs that would point to the source of the update, or anything I can configure so that this kind of information is logged?
Your best bet is to monitor to access log of the SonarQube server.
It's in logs/access.log of a SonarQube installation.
It includes the IP address and timestamp of requests,
as well as the project key when a scanner pushes analysis results to the server.
It should be easy to identify the origin of any scan.
I configured a project in SONAR(6.1) to run from jenkins and configured to use clearcase as scm.
sonar.scm.provider=clearcase
And our clearcase is configured to use Local and Tst Streams.
Now when i checkout and checkin any changes into Local Stream for the first time it creates new branch for the changes .
When i checked the clearcase annotate(BLAME) information, its showing up correctly. But in SONAR it is showing incorrect.
Here is the information from annotate
0 sgadey01 \main\FW_3.0.0.0_TST\FW_3.1.2.0_TST\FW_3.1.2.0_LOCAL\1 | | System.out.println("testing");
and information from SONAR as in the below link with user bdiaz.
https://s28.postimg.org/8m8l921rh/sonarerror.png
Is there any known limitation with sonar? for cvs plugin they mentioned revision has to be passed manually in limitations(https://github.com/SonarSource/sonar-scm-cvs).
Thanks
sandy
The SonarQube ClearCase SCM Provider is simply running cleartool annotate from command line and parsing output (see https://github.com/SonarQubeCommunity/sonar-scm-clearcase/blob/master/src/main/java/org/sonar/plugins/scm/clearcase/ClearCaseBlameCommand.java) so I'm really surprised you get different results.
You can try to restart analysis and force the SonarQube scanner to collect blame again (there is a cache to not compute blame on files were content was not changed compared to previous analysis):
sonar-scanner -Dsonar.scm.forceReloadAll=true
SonarQube 5.6.1
I need to allow users to run SonarQube analysis locally in preview mode, but I do not want them to be able to push anything to the server.
I see that there is this assignable ability:
EXECUTE ANALYSIS Ability to get all settings required to perform an
analysis (including the secured settings like passwords) and to push
analysis results to the SonarQube server.
I need users to be able to do the first half of this:
...get all settings required to perform an analysis...
But not this part:
...push analysis results to the SonarQube server.
With SonarQube 5.6.1, making it possible for users to run preview analyses but not push results to the server require the 2 following things:
Those users don't have the global "Execute Analysis" permission
Those users have the "Browse" permission on their projects
That's all they need.
Note that if your developers are using IntelliJ, Eclipse or Visual Studio, you should encourage them to use SonarLint (connected to your SonarQube server) instead of running "preview" analyses manually. This will be far more efficient. And even if they don't have such IDE, they'd better use SonarLint for CLI.
I've followed this guide to have my TeamCity build running some JMeter tests, but I'm not seeing the "RemotePerfMon" tab for the server statistics. I have the "Performance Statistics" tab, and I can see that the statistics are definitely being collected, as there is a monitoring.csv file being created and populated in the build agent's work directory.
Any ideas on how I can get the tab to display?
I'm using TeamCity v9.1.6 with JMeter plugin version 83, everything running on Windows 8.
Additional Info:
I've found that there is an open issue on Github for this problem, so I'm obviously not the only one facing this issue.
Make sure TeamCity is NOT running as Administrator
After quite a while playing around with it, I discovered that the problem was that both the TeamCity Server and the TeamCity build agent were running on the same machine, but the Build agent was running as Administrator. Stopping both the services and restarting them as a regular user fixed the issue.
I believe the root of the issue was that the monitoring.csv file was created by the Build Agent as Administrator, then wen the non-admin server agent attempted to parse it, it failed. This error doesn't seem to get logged anywhere, and TeamCity responds to the error by simply not displaying the tab.
I've configured sonarqube server on my local machine to run and I committed the initial project with Analysis mode. Also, I created an ant target for the developers to run in incremental mode to view their new issues. I installed issuesReport on sonar server and using it from the ant file to generate html files.
However, when each developer syncs with svn and runs the ant target, they see violations by other developers under the new issues instead of only their issues.
I expected the sonarqube plugin only scan newly edited file by the developer, but is instead showing all the new files that are introduced by other developers.
To make it work properly I have to run an analysis mode from my machine. However this fixes the problem only for me, my colleagues still see all the violations as new.
How does SonarQube decide if an issue is new or not? If each developer has to run a full analysis every time, this would be big over head. Is there something am I missing?
Thanks in advance for your time and help.
An issue is considered "new" if it does not exist on the analysis server. If you run a full analysis on a CI server on a scheduled basis, it will feed the server with issues and reduce the risk of developers seeing other developer's issues in issues report in preview mode.
Please note, that the sonar documentation says, incremental mode is only for the developers and that too for the code they run against sonar prior to scm (SVN or GIT) commit.
See incremental section on the page: http://www.sonarqube.org/analysis-vs-preview-vs-incremental-preview-in-sonarqube/
The sonar report, when run with incremental mode, will show the developer, how much issue will be generated, if he commits the code. This way developer gets to know, what he can do to keep the sonar issues low. This is the whole purpose of incremental mode.
Hope this answers your question!!!