I have setup SonarQube 4.5.1 on Windows, backed by a SQL server (2012). The analyzer is running on a Linux box. I have changed the sonar.properties on the Linux box to point to the SQL server and the data is getting uploaded correctly.
I also have the web server configured correctly to query the data from the SQL server.
However, if I change the rules (add new rules, change rule values, etc), the setting changes are not reflected in my analyzer box. Is there a configuration step that I am missing?
This turned out to be trivial.
In the sonar-runner.properties file under /etc/sonar-runner/conf folder, set the server.host.url correctly.
----- Default SonarQube server
sonar.host.url=http://sonar.webserver:80
Related
When I use this command on my local system the static code analysis report is generate perfectly on my local dashboard but when I am replacing it with the remote sonar url it always shows 0 bugs,0 vulnerabilities.
Sonar server version is different for the two ; can it be the reason for this?
sonar-scanner -Dsonar.projectKey=foo -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.projectName=bar -Dsonar.projectVersion=1
Yes, if the version is different it can be definitely the reason for the analysis to show different results, as analyzers which are used to analyze the code are downloaded from the server. Also your quality profile (i.e which rules are enabled) is defined by the server.
Sonar scanner version:3.0.1.733
Sonarqube version: 5.6.5
We have a sonar scanner on a Windows box which scans our project and submit a result to our Sonar server which is now on a Linux box. Prior to this, both the scanner and the sonar server and sonar db were on the same Windows box and we did not have any issues. We took a sonar db backup and restored it on another database on our new Linux box (now Sonar DB and Sonarqube server are on our Linux box). The server was installed from the native packages
My Issue now is when our scanner submits to the server no issue get reported. We used to have some issues before and now everything is reset back to zero.
I investigated a little bit, I can see the background tasks were received and processed successfully. Even the server UI shows the date of the latest scan.
The scanner reports success as well. I ran the scanner in the debug mode and I can see connections to the server with 200 status responses.
I cannot see anything out of ordinary in the logs.
If I re-point the scanner back to my old Windows sonar box it still shows correct number of issues.
Could anyone help me on this?
Usual suspect
Inconsistent measures and/or issue counts just after a SonarQube migration/upgrade can indicate that the local ElasticSearch index has been corrupted.
(reminder: ElasticSearch is a search engine used by SonarQube to index issues, rules etc. so that it can access this data rapidly without having to query the database all the time, see SonarQube Architecture).
Solution
stop SonarQube
erase sonar_install_dir/data/es
start SonarQube (note: restart
might take longer due to reindexing)
Root-cause analysis
To the question of why did that happen in the first place: a common case is an ElasticSearch index not being properly rebuilt after upgrading and/or changing database. Here's a typical scenario: you first start SonarQube on embedded H2 database, experiment a bit with it, then plug it to a full-fledged database. If the ElasticSearch index does not get scratched/rebuilt in between, then the index gets corrupted as the database/dataset it used to be in synch with just changed all of the sudden.
Good news
An improvement is coming in SonarQube v6.6 to better detect/handle this scenario at the application level (i.e. detect that ElasticSearch index should be rebuilt because the DB changed). See SONAR-5681 - When a change occurs on the DB, the Elasticsearch index must be dropped .
Is it possible to use a rule set defined in .Xml (based on SonarQube- und FindBugs rules) and run it without setting up a SonarQube server.
I want to use SonarLint in Eclipse for some Java projects with only the input of the rule set i get forwarded from other projects of the company.
You can use SonarLint standalone - in which case you will get the default, non-editable rule set - or connected to your SonarQube server - in which case you will get the rules in the profile that's applied to your project.
There is no middle ground where you could feed a list of rules in standalone mode.
I've successfully built up a SonarQube server, and I wrote several custom rules to review the code. Now, I can use the server and custom rule with Jenkins and with Maven only when the code is on the same server.
My question is when I develop maven project on another computer, and I want to use maven build or maven install, how can I still use the certain SonarQube server? Simply add plugins in the pom.xml can't use the SonarQube server I established, and the custom rules I developed are also not taken into effect.
As stated in the docs, you only need to make sure the address of your SonarQube server is available to the analysis. Beyond that, you should provide the token of a user with analysis permissions (and 'create project' permissions if the project doesn't already exist) and analyze away.
Of course, this pre-supposes that your SQ server is visible on your network.
We currently have two SonarQube servers (v4.5.1) running on two separate Windows 2012 servers each with its own MS SQL database server. One is our Development server and the other is our production server. The idea being that we test out all rule changes on the development server first, once we are happy that they are correct we port them to the Production server.
When we first setup the two servers we simply took a backup of the Development server database and restored it on the Production server. At this point both systems were in sync.
We have recently made some modifications to the Development rules set, however when we tried the same approach to move these to the production server it did not work.
The production box seemed to remember the previous rule set. There seems to be a cache of the previous rules that we can't work out how to clear.
Before restarting SonarQube with the new DB in place we deleted the temp folder as that appears to keep a cached H2 database, but that did not solve the issue. We also tried starting it up and using the /setup url but this did not appear to work either.
Is there a way to completely reset the SonarQube server prior to restoring the database so that it has no knowledge of the previous rule set?
Alternatively is there a better way to export and re-import the entire rule set between two servers?
We looked at exporting the rule profile, but this did not appear to contain the full detail of the rules.
Thanks
Pete
For the moment, this is not possible to fully synchronize rules and quality profiles between 2 servers because of SONAR-5366. You can watch and vote for this ticket.
Concerning the cache that you seem to have, this is probably the E/S indexes which are located in <install_dir>/data/es folder. What you can do is:
stop you server
fully delete the <install_dir>/data folder
restart the server: your rules should be in sync with the DB