How do I import existing phpcodesniffer results into sonar? - sonarqube

I'm starting out with Sonar. We've got about 10 custom sniffs in our own standard for PHP_Codesniffer and are using a subset of various sniffs of other standards. PHP_Codesniffer works like a charm and generates a report in Checkstyle format.
How can I get Sonar5.1 to import this codesniffer-results-in-checkstyle-format.xml file?
I heard this was possible in older versions of the PHP plugin, but I'm not sure if that relates to a ruleset.xml or to the actual results of the run.

It's no longer possible to import external rules from tools like CodeSniffer, PHPDepend, ... The PHP Plugin rely now exclusively on SonarQube Rules Engine as it is mentioned here : http://docs.sonarqube.org/display/PLUG/PHP+Plugin and it provides out of the box 110 predefined rules.
You can write as of now custom rules unless you customize directly the PHP Plugin.
If some rules are missing, you are more than welcome to share with us your suggestions.

Related

How can I produce github annotations by creating report files on disk?

I am trying to find a portable way to produce code annotations for GitHub in a way that would avoid a vendor-lockin.
Mainly I want to dump annotations inside a file (yaml, json,...) during build process and have a task at the end that does transform this file into github annotations.
The main goal here is to avoid hardcoding support for github-annotation into the tools that produce them, so other CI/CD systems could also consume the annotation-reports and display them in their UI.
linters -> annotations.report -> github-upload
Tools like flake8 are able to produce output in parsable format file:line:column: message, but I need to know if there is any attempt to standardize annotations so we can collect and combine them from multiple tools and feed them to the CI/CD engine.
Today I googled up what the heck those "Github Action Annotations" are all, and this was among the hits:
https://github.com/marketplace/actions/annotations-action
GitHub action for creating annotations from JSON file
As of now that page also contains:
This repository uses npm packages from #attest scope on github; we are working hard to open source these packages.
Annotations Action is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
I didn't try it, again, just a random google hit.
I am currently using https://github.com/yuzutech/annotations-action
Sample action code:
- name: Annotate
uses: yuzutech/annotations-action#v0.3.0
with:
repo-token: ${{secrets.GITHUB_TOKEN}}
input: ./annotations.json
title: 'Findings'
ignore-missing-file: true
It does its job well but with one minor defect. If you have a findings on a commit/PR you get to see the finding with a beautiful annotation right where you need it. If you re-push changes, even if the finding persists, the annotation is not displayed on later commits. I have opened an issue but I have not yet received an answer.
The annotations-action mentioned above has not been updated and it does not work with me at all (deprecated calls).
I haven't found anything else that worked exactly as I wanted it to.
Update: I found that you can use reviewdog to annotate based on findings. I also created a GitHub action that can be used for Static Code Analysis here https://github.com/tsigouris007/action-semgrep-reviewdog. You can visit the entrypoint.sh file and check how I piped the custom output to reviewdog utilizing jq.

sleroy SonarEsLintPlugin EsLint Custom Rules

I am using sleroy/SonarEsLintPlugin plugin to integrate eslint with sonarqube v6.7.2. I have these three other eslint plugins that I want to integrate into sonarqube v.6.7.2.
A. redux-saga
B. react
C. jsx-a11y
and below is my sonar-project.propeties file:
sonar.projectKey=abc
sonar.projectName=xyz
sonar.projectVersion=0.0.0.1
sonar.sources=app/
sonar.exclusions= app/utils/**/*,
sonar.language=js
sonar.javascript.file.suffixes=.js,.jsx
sonar.profile=ReactJs
sonar.eslint.eslintpath=node_modules/eslint/bin/eslint.js
sonar.eslint.eslintconfigpath=package.json
sonar.eslint.eslintrulesdir=react,redux-saga,jsx-a11y
sonar.sourceEncoding=UTF-8
sonar.login=pqr
sonar.password=jkl
These three plugins rules are specified on eslint-rules.properties file and it is showing these rules on sonarqube also.
but the problem here is that sonarqube is not generating any report related to these three rules even I have intentionally made a mistake.
can anyine please check whether I have specified "sonar.eslint.eslintrulesdir" path right or I am missing something.
Please help me with this I am into this issue since past 3 days.

How to import data to sonarqube database?

I have my own report in a custom format and I want to import it somehow to sonar database to use sonar's widgets to show it. Is it possible in general? Is there any tools to do it?
This will require a custom plugin. Not knowing what type of data you're dealing with, I'll guess that the Generic Test Coverage plugin might be a good model.
You shoud try to do it using the webservice api. That's the recommanded way to do it.
The supported api is self documented on your SQ instance. Here is the API of the nemo instance : http://nemo.sonarqube.org/api_documentation

Get uRapidFlow logs for an import profile batch

I am running a php script using a cron job to run a uRapidFlow / RapidFlow import profile. Here is the documented code I found to help me do this.
I need to be able to run through the imported batch, row by row, and do some processing based on if the row was imported successfully or not. It would also be very convenient and useful to be able to send email notifications on failed imports in general as well. If anyone has any idea, or can point me in the right direction, I would be very grateful. I don't see any documentation for this online, so I am going through the module code and database trying to figure it out myself.
I am using Magento EE 1.12.0.2
The best bet, unless you modify the uRapidFlow extension (check license information before doing so). Would be to extend it and use a observed event.
Try the observer : catalog_product_import_finish_before Which is triggered after each product is imported. Bare in mind this solution would be triggered globably for any manual imports, so if you build a small extension, perhaps make it easy to toggle on and off.
More can be found on Magento's observers here : http://www.magentocommerce.com/wiki/5_-_modules_and_development/0_-_module_development_in_magento/customizing_magento_using_event-observer_method
Note as you've not specified which version of Magento you are using, you'll have to check if that observer is supported in your version.

Sonar - Can we use for OSB/BPEL code review?

I am new to sonar,just heard about this tool.
Can we use this tool to perform code review for FMW(Fusion Middleware) -OSB(Oracle Service Bus)/BPEL project ?
If so can anyone give some inputs on this?
The official plugin-List : http://docs.codehaus.org/display/SONAR/Sonar+Plugin+Library/ does not mention support for your tools.
But sonar can be extended with custom plugins, so you may be able to write your own plugins to provide metrics for your tools.
What level of review you want to cover? It is really easy to make your own review tool for BPEL. All BPEL resources are XML files. For example if you want to check for naming convetion of BPEL activities, you can define a simple XPath based rule.
Ex:
//sequence/#name ~= "^sequence.*".
A Java program can use the above XPath to pull-out all sequence names from the xxxx.bpel file and compare it against a regular expression. Similar rules can be created for checking WSDL usage, partner links, end-point addresses, usage of Error handling etc.

Resources