We want to remove a specific component from an project on sonar dashbaord. Is there any way to do that - maybe directly in the sonar database ? I could find only the deletion of whole project on sonar dashboard. The deletion of the component is needed as source code has to be protected and now it is visible to all see source code users of the project which is wrong.
sonar version 4.5.1
You should restrict code viewing permissions.
If it's truly the case that you have users who should be able to see some components but not others then I would advise extracting the sensitive component(s) into another project on which you can impose tighter restrictions.
Related
I have issues reported for my project through PMD analysis and am allowing sonarqube to consume the report through external properties.
Now I can see the external issues in sonar UI, but am not able to change the issue status from open to confirmed…there is no dropdown available.
I am using SonarQube 8.5.1 version.
Could someone help how will be able to change the issue status for these?
see here
There are a couple of limitations with importing external issues:
you can't manage them within SonarQube; for instance, there is no ability to mark them False Positive.
you can't manage the activation of the rules that raise these issues within SonarQube. External rules aren't visible on the Rules page or reflected in Quality Profiles.
Specifically, I want to run some analysis on the issues generated and rules violated. So I want to design the system to have a few click actions in the web interface of sonar and initiate the analysis in the back-end. The reason for this is that the analyses are run only during some cases and I don't want the instance with my plugin to have additional load during each run.
Also if possible could you point me in the right direction?
I couldn't find anything on here. http://docs.sonarqube.org/display/DEV/Web+API
Please note I have been searching this very recently and am also new to SonarQube.
SonarQube server is for performing analysis only. What I was looking was for the server to give the user access to control the analysis. But using independent plugins to do static analysis could work.
I solved this issue by splitting the plugin into
A plugin for doing inline analysis work (if a need for doing our own static analysis arises)
A WebApp to classify issues, listing them by projects, etc.
This approach seemed more attractive when after discussion, we decided that all functions we wanted out widget to do, our WebApp itself could do. From SonarQube version 6.2, the ruby APIs are going to be deprecated and so moving to a REST-based approach would give an enduring solution.
I recently attempted to change a sonar project into another project module.
I found out in SONAR-4245 that the existing project has to be delete in order to have it in a module.
However, I would like to keep the project history.
Is that possible ?
Unfortunately that's not possible, and we don't plan to make it possible for the moment.
I have configured one project in sonar and integrated sonar with maven for build time analysis of the project.
After analysis, report is generated and uploaded to Sonar for browsing. But once another user compiles the same project their report overwrites mine.
Basically I want that one user's report on one project is not overwritten by report from other user. A user must be able to see their current violations independently. Is it possible in Sonar?
Sonar stores it's analysis on a daily basis, which explains why it's kind of pointless to run analysis several times in a day. Each analysis run will overwrite that day's existing results, which in turn spoils ongoing statistical analysis.
I would suggest running Sonar, from a dedicated build server like Jenkins (which has a Sonar plug-in). This daily analysis will populate the Sonar database and keep the project dashboard current. This architecture also enables you to keep the database credentials confidential.
Obviously developers would like to see the results of their bug fixing. For that I'd recommend running the Sonar Eclipse plug-in. The latest version will run the same Sonar analysis locally. Recent versions of Sonar also enable you to assign violations to developers for resolution.
This is not possible, last performed analysis will always be the one you browse in the interface. However, I guess what you need is the Issue Report Plugin which will enable analysis to store results locally, with the dry-run option.
This way your developers will be able to run an analysis on their code and see the violation delta without pushing the results.
You can do it by explicitly setting the below properties in pom.xml
<properties>
<sonar.projectKey>Test</sonar.projectKey>
<sonar.projectName>Test</sonar.projectName>
</properties>
Every user should set different projectKey and projectName, if you want that one user's report on one project is not overwritten by report from other user.
Is there anyway to migrate individual projects and merge them into an existing instance of Sonar?
Background:
I've setup a new instance of Sonar by performing a normal backup and restore. Another team, also using Sonar, want to migrate their projects over to this new server as well. I'm now faced with a data merging problem.
This is currently not possible. The best way to achieve this is to replay the project history by running Sonar analyses with the "-Dsonar.projectDate=xxxx-xx-xx" property.
For more information, take a look a the "sonar.projectDate" description on the "Analysis Parameters" documentation page.