I have very little exposure to SonarQube but have been asked to make a document explaining how to set up / use "sonar-project.properties file". Any information or input would be greatly appreciated.
Here are some resources to get you started
https://www.wrightfully.com/setting-up-sonar-analysis-for-c-projects/ - See Step 6: The sonar-project.properties file.
https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner
There are also some sample projects on github, you can refer to the project.properties files there as well,
https://github.com/SonarSource/sonar-scanning-examples
Create a configuration file in the root directory of the project:
sonar-project.properties:
# Must be unique in a given SonarQube instance
sonar.projectKey=my-project
# This is the name and version displayed in the SonarQube UI.
# Was mandatory prior to SonarQube 6.1.
sonar.projectName=My project
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file.
# Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=src
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
Reference:
https://docs.sonarqube.org/latest/analysis/analysis-parameters
https://www.devopsschool.com/tutorial/sonarqube/sonarqube-properties.html
Related
I'm trying to use SonarScanner with SonarCFamily plugin on my C codebase on ubuntu. I see that the scanner is able to only detect "code smells - duplicate blocks of code" in my codebase and no other forms of bugs/vulnerabilities. I intentionally added a memory leak in the code and SonarQube couldn't detect it while open source SA tool Cppcheck was able to. Am I missing some setting in the sonar-project.properties file ? My sonar.properties file is as follows. Are there any settings needed in the server/SonarCFamily plugin for the tool to detect other forms of SA errors ?
# must be unique in a given SonarQube instance
sonar.projectKey=c-sa-test
# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.
sonar.projectName=c-sa-test
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# This property is optional if sonar.modules is set.
sonar.sources=src
# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8
sonar.host.url=http://localhost:9000
sonar.cfamily.build-wrapper-output=bw_output
sonar.c.file.suffixes=.c,.h
sonar.cpp.file.suffixes=.cc,.cpp,.cxx,.c++,.hh,.hpp,.hxx,.h++,.ipp
Found the root cause - Was missing providing some elements of the project build process as input to the build wrapper. Once those were added, SonarQ provided a detailed report.
I had the exact same problem where SonarCFamily was only reporting code duplications. It was due to an incorrect build process as input to the build wrapper. In my case, I was using SonarScanner.MSBuild and on my build-wrapper line, I didn't have the Configuration and Platform specified, so my projects were not getting built or scanned. The final working lines were:
SonarScanner.MSBuild.exe begin /k:"your key" /d:sonar.cfamily.build-wrapper-output=”bw_output”
build-wrapper-win-x86-64.exe --out-dir bw_output MSBuild.exe your_solution.sln /p:Configuration=Release /p:Platform=x64
SonarScanner.MSBuild.exe end
I have seen the other 2 appends and added sonar.languages=COBOL to my sonar-project.properties file to no avail.
I think it's basically more a case of not understanding the documentation (or the latter never having been "idiot tested"").
My problem is as follows. My properties file contains the following entries:-
# sonar.sources=../../mfuser/seb/source/
sonar.sources=C:/mfuser/SEB/Source
sonar.cobol.file.suffixes=cbl,cpy
sonar.cobol.copy.suffixes=cpy
#
sonar.languages=COBOL
When I run the sonar-scanner bat file, I'm seeing output like this:-
WARN File C:\mfuser\seb\source\vvira20.cbl is ignored. It is not located in module basedir c:\sonar-scanner\bin
To me this gives the impression that I can point to the directory containing my COBOL code, but at the same time the actual code HAS to be in c:\sonar-scanner\bin. Surely, that can't be the case? If it is, what is the point with the sonar.sources entry in the properties file?
In addition, onece I get this working, is there some way of specifying a parm/wild card so as to analyze SPECIFIC files. I tried sonar.sources=C:/mfuser/SEB/Source/vno* but that didn't seem to make any difference.
Thanks
You ran sonar-scanner from its own directory instead of running from the project directory. As the documentation says:
Run the following command from the project base directory
sonar-scanner
This same documentation recommends to create the sonar-project.properties file at the root of the project directory and to set the "sonar.sources" property to a path which is relative to the sonar-project.properties file.
Alternatively, you may want to use the "sonar.projectBaseDir" property. See the documentation for analysis parameters.
I am trying to workout code analysis for my COBOL code with SonarQube. I installed sonarcobol plugin and using sonarscanner I am trying to check for analysis. when I do sonar-scanner in respective directory, it says success but unable to see analysis in SonarQube server.
Attached is my sonar-project.properties
sonar.host.url=http://xxxxx:9000/
sonar.login=admin
sonar.password=admin
sonar.projectKey=cobol
sonar.projectName=cobol
sonar.projectVersion=1.0
sonar.sources=.
sonar.sourceEncoding=UTF-8
## Cobol Specific Properties
# comma-separated paths to directories with copybooks
sonar.cobol.copy.directories=copybooks
# comma-separated list of suffixes
sonar.cobol.file.suffixes=cbl,cpy
sonar.cobol.copy.suffixes=cpy
## Flex Specific Properties
# retrieve code coverage data from the Cobertura report
#sonar.flex.cobertura.reportPath=coverage-report/coverage-cobertua-flex.xml
# PL/I Specific Properties
sonar.pli.marginLeft=2
sonar.pli.marginRight=0
from the Author's comment above:
I solved this by adding sonar.languages=COBOL in sonar-project.properties
Pasting here for convenience.
I'm trying to check the code quality of my project using Sonarqube.
I have created a Docker container which has both Sonarqube and my project.
I've added the Sonarqube bin file to my path:
/root/sonarqube-6.2/bin/linux-x86-64/.
I have started the Sonarqube script with: sonar.sh start.
Then, in my project's main directory I added a file sonar-project.properties with this content:
# must be unique in a given SonarQube instance
sonar.projectKey=my:project
# this is the name displayed in the SonarQube UI
sonar.projectName=My project
sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# Since SonarQube 4.2, this property is optional if sonar.modules is set.
# If not set, SonarQube starts looking for source code from the directory containing
# the sonar-project.properties file.
sonar.sources=.
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
Then, from the main directory of the project I am running this: sonar-runner.
However, the command is not recognised:
bash: sonar-runner: command not found
What am I doing wrong?
I'm trying to use sonar for static analysis on a c++ code. I've installed sonar and configured my project (it appears on the localhost sonar page, but i do not see any code violation for the respective code). I have the C++ community plugin installed.
My sonar-project.properties looks like this:
# required metadata
sonar.projectKey=DiceInvaders
sonar.projectName=Dice Invaders
sonar.projectVersion=1.0
# optional description
sonar.projectDescription=DiceInvaders by CS
# path to source directories (required)
sonar.sources=D:\\DiceInvaders\\Code
# path to test source directories (optional)
#sonar.tests=D:\\DiceInvaders\\Code
# path to project binaries (optional), for example directory of Java bytecode
#sonar.binaries=binDir
# optional comma-separated list of paths to libraries. Only path to JAR file is supported.
#sonar.libraries=path/to/library/*.jar,path/to/specific/library/myLibrary.jar,parent/*/*.jar
# The value of the property must be the key of the language.
sonar.language=c++
sonar.exclusions=**/*.ipch, **/**/*.rc
sonar.cxx.cppcheck.path = "C:\Program Files (x86)\Cppcheck\cppcheck.exe"
sonar.cxx.cppcheck.reportPath="D:\DiceInvaders\Code\cppcheck-reports\cppcheck.xml".
# Additional parameters
#sonar.my.property=value
I do not get any error when running sonar-runner from cmd.
If i run manually the cppcheck.exe tool on my project I can find violations. Why don't the violations appear on sonar's page?
Is there something else I should configure, am I doing something wrong?
I was able to make it work by running the cppcheck tool independently before sonnar-runner, and placing the generated xml report in the bin folder of sonnar-runner.
In the sonar-project.properties file I've specified the xml directly:
sonar.cxx.cppcheck.reportPath=cppcheck-result-1.xml
I had a similar problem, which was caused by a whitespace after 'sonar.language=cs'. Be sure that there is a linebreak immediately after 'cxx'. Hope it works.
The language key of the Sonar C++ Community plugin is not 'c++' but 'cxx'. See http://docs.codehaus.org/pages/viewpage.action?pageId=185073817.
So you must replace 'sonar.language=c++' by 'sonar.language=cxx'