I implemented custom rules for java as described here enter link description here. Rules are visible on the server side at rules page, but no one from them is applied to code during analysis.
I'm using sonar 5.1.1 and updated sonar-java-plugin to v3.2.
I'm wonder what's wrong. During debug using sonar-runner I noticed that my CheckRegistrar is loaded but checks from it is ignored.
The solution is simple...Rules have to be included in Quality Profile.......
Related
I'm working on the project, where the developers are trying to write understandable code, so there is no sense to use comments in a lot of places. We have a SonarQube, which is used in other projects and we cannot configure it. All we can do is configuring Sonar in our project's POM file. SonarQube is complaining, that there are not comments in our code with the rule "common-java:InsufficientCommentDensity". I know, that we can ignore some rules using sonar.issue.ignore.multicriteria properties like
<sonar.issue.ignore.multicriteria>junit.assertions.include.messages</sonar.issue.ignore.multicriteria>
<sonar.issue.ignore.multicriteria.junit.assertions.include.messages.ruleKey>squid:S2698</sonar.issue.ignore.multicriteria.junit.assertions.include.messages.ruleKey>
<sonar.issue.ignore.multicriteria.junit.assertions.include.messages.resourceKey>**/*.java</sonar.issue.ignore.multicriteria.junit.assertions.include.messages.resourceKey>
but it's not working with "common-java:InsufficientCommentDensity" rule. Why? And is there a way to ignore this rule in our case?
SonarQube version is 6.7 (build 33306)
Sonar Maven Plugin version is 3.4.0.905
I tested this quite a lot and finally found that setting common rules (anything that starts with "common-xxxx") from scanner side (pom, command line etc) will be ignored and wont work. The language specific rules can be passed as command line arguments and thats why the "squid:S2698" rule is getting ignored correctly. Here is the issue link on the SonarQube JIRA board and it says that it "wont be fixed".
https://jira.sonarsource.com/browse/SONAR-8230
The only option for you is to set the issue exclusion from UI. Here are the steps to set it from U.
If this is a common rule that you want to ignore, then make sure you have admin rights to your project. On the project Dashboard you should see the administration tab:
Click on Administration → General Settings
Click on Analysis Scope on the left hand side
Now set the below property:
Save and run the scan again.
I'm trying to create method without add comment or documentation it, I expected SonarLint would show errors based on rules, but I don't see any errors or warnings. Why?
The particular rules you're looking for are "common" rules applied at the server. You're not going to see them in SonarLint. But in general:
Out of the box, SonarLint runs with the Sonar way (default) profile. If you want additional rules applied in the IDE, you'll need to:
set up a SonarQube instance (assuming you don't already have one)
configure a Quality Profile to your liking
apply it to your project
connect your project in the IDE to the project on the server
At this point you will see (almost) all the same issues in both places.
Sonar scanner runs analysis for all the available plugins installed in SonarQube. But for some of the projects analysis should be run only for some languages(For example Java and Javascript).
sonar.language parameter allows me to set only one language.
Is there any way to set multiple languages for analysis.
Stop thinking in term of language, since this is a blur concept in SonarQube. Just exclude the files you don't want to analyze, using for example the property sonar.exclusions.
For example, when considering a pom.xml file, the "language" was historically XML (and rules provided by SonarXML). But we now also have rules provided by SonarJava.
The property sonar.language was deprecated in SonarQube 4.4 and might be removed in SonarQube 6.7 or later, because SonarQube can now use several languages (which seems to be exactly the issue that you face currently).
If you only want Java and Javascript issues to be reported, I suggest to create custom quality profiles for all other languages, containing 0 rules. You can then, for your project, explicitly assign those "void" quality profiles.
I would like to know if you have a junction between the two profiles of quality, creating a single.
I have a project that uses the JEE technology, and it uses javascript, java and JSF.
Wanted to make a junction of quality profiles (Web + Javascript + Sonar way with Findbugs)
Is there any way to do this?
I'm using sonarqube 4.3 and sonar runner 2.4.
According for your reply
I have to call the sonar runner several times
first for Sonar way in Web perfil
second for Sonar way in JavaScript perfis
third for Sonar way with Findbugs in Java perfis
would give me an example?
You actually don't have to do this and this is not the correct way to solve your problem anyway.
As of SonarQube 4.2 you can use the multilanguage feature and your files will be automatically analyzed by the correct language plugin (detection is based on file extension).
If you are using a version prior to 4.2 you will have to run multiple analysis with the correct language set each time.
According to the documentation I've found Sonar will not analyse test code by default. I found some Jira's that indicate it should be possible but nothing with enough information on how to do it.
It's java code setting under src/test/java. I use both the eclipse plugin for local analysis and sonar-runner plugin for gradle via a jenkins job on the CI server so ideally the solution would support both those.
Ta,
Andrew
As of SonarQube 4.2, the only way to have some test code analyzed is to activate rules from "PMD Unit Tests" repository inside your quality profile.
Note that these are rules specific to test code (like the existence of at least one assertion). You can't activate "standard" rules on test code yet. You can vote for the following ticket to extend the scope of source analysis: SONAR-3748