I am have successfully setup Sonar to do some analysis on my C# project where we are already making use of NCover. Our code has NCover exclude attributes and we would like to use these in Sonar to make the analysis meaningful. I have managed to find a few things on the web (e.g. http://marc.info/?l=sonar-user&m=133896735312253) but the links to the JIRA is dead and doensnt ever seem to have been addressed. Does anyone know if it is possible to make use of NCover exclude attributes within Sonar? If not then we will have to look at alternatives.
The SonarQube C# plugin (since version 3.x) only imports code coverage reports generated by 3rd party tools. The information on which lines are to be covered by tests (i.e. "executable" lines), as well as which lines actually were covered by tests, are provided by the report generated by the tool.
These NCover exclusions should be applied by NCover itself, and should not require special support from SonarQube.
Related
We had recently implemented SonarQube in our team and we have a dashboard configured
We've been able to see some of the details but the line coverage and code coverage is 0 always
Can you advise what we're missing ? I've checked the configuration and all of it seems to be in place
Assuming the latest SonarQube version, note that, as mentioned in this thread
Version 5.12 of our SonarJava analyzer deprecated use JaCoCo’s binary format (.exec files) to import coverage.
As a replacement, we developed the sonar-jacoco plugin, which imports JaCoCo’s XML coverage report, and this is the preferred option now. I
That page illustrates how to include those reports for a maven or a gradle project. Again, it depends on the nature of your projects.
The code base I am working with has a lot of generated code. In addition, there are also some deprecated files that I would want to exclude from SonarQube analysis. I've read up the documentation and looked at some answers on here about that, but it does not help in my case.
I have a multi-module maven project. So I have multiple projects in my workspace that are all part of a large application. Say I want to exclude this file:
/home/username/workspace/com.mst.rtra.importing.message/bin/com/mst/rtra/importing/message/idl/parse/idlparser.java
I don't really know how to write this in the exclusions settings on SonarQube because of how long the filepath is. Also, what if I want to exclude another file, but from a different module, say :
/home/username/workspace/com.mst.rtra.interpreter.create/
I am confused about I should write this in the exclusions box in project settings. Should I write the absolute file path due to the multi-module nature of this project? Or is there some other convention used?
In addition, if I want to exclude generated files from analysis, I would need to put file:/generated-sources/ as I saw in another answer. However, after analysis, I can still view the analysis results of those files when I open up the project in SonarQube dashboard.
We use ant rather than maven, and an older version of the Sonar ant task at that. But what works for us is setting a sonar.exclusions property in our build.xml, which accepts wildcards for filenames. For example:
<property name="sonar.exclusions" value="**/com/ex/wsdl/asvc/*.java,**/com/ex/wsdl/bsvc/*.java"/>
That skips analyzing all the code generated from a wsdl file for two services. You ought to be able to do something similar for maven.
My co-workers and I would like to incorporate SonarQube into our existing projects. Our normal development process for Java projects involves running Checkstyle on code changes to ensure they follow our style rules, committing the project to our code repository and having Jenkins build and package the latest version. We’d like to add SonarQube to this final step (through the Jenkins plugin) but we don’t want to duplicate all of our Checkstyle rules in SonarQube, since this would require us to maintain two separate sets of rules and make things more complicated if we need to make changes to the rules. We don’t want to completely switch to SonarQube since we’d like to still run Checkstyle before we commit code to our repository. We’d also prefer to maintain our own Checkstyle files as the main set of style rules as opposed to maintaining the style rules on SonarQube and downloading the generated XML files for our local development.
So is there any way to “upload” (so to speak) our existing set of Checkstyle XML files to SonarQube for it to use in its evaluation?
Thanks for the help.
AFAIK, it is not possible to have Sonar use the Checkstyle definitions from the repository. Is is, however, possible to have Sonar use the current Checkstyle suppression filter from the repository.
As for the rules definitions, I think you will have to maintain them in Sonar, and when anything is changed, also change the copy in the repository which is used by eclipse-cs. This is redundant, but at least it affects only one person - the rest of the team can reap the benefits. This approach also enables intentional differences, e.g. when some Eclipse-specific issue is checked (say, something concerning source folders, which don't exist in Sonar).
The path to the suppressions filter file can be configured in Sonar to refer to the location where your stuff is checked out for Sonar analysis. So that part can be maintained in the repository without any redundancy.
From my point of view, you should make a choice: use SonarQube or Checkstyle but not both.
Checkstyle on code changes to ensure they follow our style rules => Can't you replace this step with SonarQube. See for example: http://docs.codehaus.org/display/SONAR/Using+SonarQube+in+Eclipse or http://docs.codehaus.org/display/SONAR/Issues+Report+Plugin
I need to write a Sonar plugin to keep track of the library classes that are used the most in a project.
So far I read the Coding a Plugin guide but I am a little bit confused. Does Sonar provide any facility to perform analysis (Something like parsing of Java code, creation of Abstract Syntax Trees, ...) or should I look for an external tool that does it and use Sonar only as a reporting tool?
Sonar provides a framework for publishing your own code analysis results into to Sonar so that they are in a single place. Although it does some analysis of it's own it mostly relies on other static code analysis tools and just integrates them into the lifecycle, e.g., test coverage can be implemented by cobertura or clover.
Sounds to me though like you just to get a measure of the Afferent couplings which can be configured for a single library. Not sure how you would manage it for cross library dependencies as most of the plugins work by using instrumenting the code at compile time which would not be possible for classes already in a jar.
If you just want to generate an AST then you should check out this question.
I am using SONAR for Code Quality checks of my projects. In one project I would like to know the code coverage of a library which is included in the classpath (maven dependency).
Is it possible to configure SONAR (with embedded COBERTURA) to also instrument the specific library for code coverage analysis? As cobertura instruments the bytecode this should be possible but I do not know if it is supported by cobertura (even indepentend from SONAR).
Any hints are welcome.
Regards
Klaus
You would have to set up cobertura(maven target) yourself and import the results(See dynamic analysis)
sonar.dynamicAnalysis=reuseReports
sonar.cobertura.reportPath=PATH_TO_RESULT
But I will not help much:
you would need the src files of the jar to see the coverage, otherwise you would just get % numbers and I'm not even sure sonar will show the extra covered files
the coverage for your whole project will always include the % of the library, so it will go down
It is better to test each project with its own unit tests on its own.