When I run an incremental analysis on my project through maven, build warner plugin is not called, resulting in an analysis completing successfully even if there are violations.
I have quality gate setup correctly (0 violations) and I have tried configuring sonar sonar.preview.includePlugins with buildwarner plugin in General settings, but without luck - the plugin is still not called in an incremental analysis.
The plugin works correctly with SonarQube 5.1 as it is called in full analysis without problems.
It is the expected behavior. This plugin does not work for incremental analysis for now. But maybe soon. See http://sonarqube.15.x6.nabble.com/Sonarqube-and-Build-Breaker-Plugin-td5034703.html
Related
I'm using gitlab-ci pipeline, it will run a new docker container with following commands:
mvn --batch-mode verify sonar:sonar
-Dsonar.analysis.mode=preview
-Dsonar.gitlab.project_id=$CI_PROJECT_ID
-Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
-Dsonar.gitlab.only_issue_from_commit_file=true
-Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
-Dsonar.host.url=xxx
-Dsonar.test.inclusions="/src/test/java/**/*.java"
-Dsonar.login=xxx
It becomes quite slow for my project, almost run for 20mins.
I found it will scan all files instead of only the commited files.
Is there anything wrong with my configurations?
In some past SonarQube versions we changed the preview mode to only scan changed files. But it has some drawback, like not being able to properly detect cross file issues.
In recent SonarQube versions, the preview mode is deprecated in favor of pull request analysis. But even this PR analysis feature is scanning all files, for the same reasons (cross file issues, coverage measures, duplication detections, ...).
We stopped trying to do partial analysis, and are instead trying to optimize full analysis duration. How big is your project? Is SonarQube analysis time long compared to your regular build (compile + tests)? If yes, then I suggest you report you case on the SonarSource community forum.
Last day I was configuring a jenkins job to run sonar on my java project. I had sonar and jacoco plugins configured in my job. Sonar was throwing some error for which my sysadmin asked me to remove the jacoco plugin configuration from job. I removed and now sonar is saying it cannot find cobertura.xml.
So I am curious to know if sonar does analysis on already run jacoco or cobertura task or does it runs its own coverage analysis?
Short answer : In general, coverage is imported to SonarQube by reading a coverage report generated prior to any work of sonarQube.
Longer answer : Historically (read, about two years ago), SonarQube used to try to run coverage tool for java. This was a nightmare to maintain for every use cases and as such it is now up to the developers to provide a coverage report to SonarQube which will only act on those data (linking them to source, compute metrics, display them nicely).
In your case, that means you most probably have the cobertura plugin installed on your SQ instance and it is looking for a report to import.
We are using scripted build in our VSO environment and integrate with SonarQube, using the SonarQubePreBuild and SonarQubePostTest tasks.
Especially since SonarQube version 5.2 we experience that builds are always succeeding as long as SonarQube succeeds in generating the report.
For VSO Git pre-commit policies we have configured pull requests to start a build including SonarQube analysis.
However the configured Quality Profile is not met for the project, the build seems to succeed since SonarQube was able to do the actual analysis.
...But we want the build to fail....since quality conditions are not met.
We could add an additional custom (powershell) task to retrieve the results from the SonarQube instance, but what if we are running in preview mode and reports are not stored in the SonarQube database?
Before 5.2 you could use the Build Breaker Plugin to have the build fail in VSO. But the Plugin is no longer compatible with 5.2 and is planned to be included in Sonar Core in 5.4.
See this question for details.
I would like to know if it's possible to focus a sonar analysis in the classes you have modified.
Imagine you have a huge project, analyzed with a SonarQube Ant Task that can spend a lot of time analyzing all its code and generating the results in the server.
If you only modified 3 classes in this huge project... would be possible to make a shorter analysis with only that 3 classes and update the results?
I'm looking the 'sonar.sources' and 'sonar.exclusions' properties, but I cant find a solution.
My idea is to have the complete proyect analyzed in sonar server. If you use the Sonar Eclipse Plugin you can see all the info displayed, and if you use the sonar ant task you can update the information, but only analyzing the source you have modified.
This feature will be implemented in next version of SonarQube (4.0).
You can vote and watch the following ticket: SONAR-3677
We are trying to install a CI Platform with (Jenkins,sonar,eclipse ...).
So that every developer can make analysis on his code before commit, I'm wondering between two alternatives :
running local analysis with the sonar plugin.
install the different plugins that sonar use (findbug,pmd,checkstyle ...) and configure them to meet the sonar configuration.
I'm not sure which alternative to use? I used to work with findbugs,pmd, checkstyle in eclipse and they look great.
Can you tell me which is the best alternative?
Thanks in advance.
Regards.
With Sonar plugin you can manage the violations like:
Create a review
Mark a violations as false positive or fixed
View the hot classes and hot violations
View yours reviews
If you use separate plugins you have to go sonar web to do that.
The great advance of sonar is the reviews.
Other question is how many projects you have and will have. I currently work with more than 70 projects and many profiles. Is more simple to me run analysis with one plugin, because I need just add the server and find the project. With other plugin you need add the link for each project in each plugin configuration.
Why not install the Sonar Eclipse plugin?
This was designed to solve the following problems:
Sonar does not support parallel analysis of the same project. This issue rules out the option of each developer running Sonar locally. (See SONAR-2761, SONAR-3306)
You don't really want developers uploading metrics and source code into the Sonar database. They could be working on an uncommitted workspace and would therefore cause both inaccuracies and confusion if Sonar is being used for code review.
Sonar is really designed to be run from a continuous integration server (like Jenkins), building code that has been submitted onto a shared codestream (or branch)
The big advantages of using the Eclipse plugin are:
True local analysis, no updates of the Sonar database
Configuration of the other tools is retrieved from the Sonar server and jars automatically downloaded.
Centralized management of Sonar quality profiles