I'm calling sonar from maven:
mvn clean install sonar:sonar
How can I configure the findbugs rules?
Do I have to configure the rules in maven as suggested in Import FindBugs configuration from Sonar to Maven?
Where can I find a documenentation how to write the configuration file?
Is the configuration in sonar still relevant?
The documentation doesn't help.
How can I configure the findbugs rules?
Use the SonarQube web GUI. Click on "Quality Profiles" in the black area at the top, then choose "Java". The Maven plugin will download your definitions from there and use them.
Do I have to configure the rules in maven as suggested in Import FindBugs configuration from Sonar to Maven?
Nope. Configure them only in SonarQube, and you're all set.
Where can I find a documenentation how to write the configuration file?
That would be the FindBugs docs. But you don't need to do that if you're using SonarQube.
Is the configuration in sonar still relevant? The documentation doesn't help.
Yes it is relevant. The SonarQube documentation is generally not very helpful, but configuring rules is quite straightforward using the GUI. You should have a good chance even without documentation.
Related
I have PMD and FindBugs configured in eclipse as well as Gradle. The Gradle reports are consumed by Jenkins, which lists a set of violations, which seem to be different than those reported by Eclipse.
I would like to set my Eclipse FindBugs and PMD settings to be the same as the defaults for the corresponding Gradle Plugins.
What are the default PMD RuleSets and FindBugs effort configured for the Gradle Plugins ?
See the documentation for the findBugs gradle plugin here and PMD plugin here.
For findbugs, it uses effort = 'default'. See the documentation for findBugs to see what that entails.
For PMD, it looks like it uses "basic". You can check out the PMD docs to see what that entails.
I am new to SonarQube and using SonarQube 5.1. I read from somewhere that it is a replacement for FindBugs and CheckStyle. So does it mean it internally runs FindBugs and CheckStyle? But I counldn't find any FindBugs and CheckStyle plugins inbuilt. From where does Sonar take the rules?
You can install Checkstyle and FindBugs plugins separately, enable their rules in your profile and thus use them in your analysis. However, #SonarSource has made a concerted effort to replace such rules with 'native' rules, and if you do install these extra plugins, you will find many of their rules marked Deprecated.
You can see the replacement progress in the deprecation reports for FindBugs, Checkstyle and PMD.
You can install FindBugs and CheckStyle from the Update Center, on the administration section of SonarQube (default: login as user "admin" with password "admin" )
Once installed the plugins, when you do a sonar analysis in your code (for example: mvn sonar:sonar ), the machine running the analysis will get the .jars from Sonar itself, run locally, and then upload the results back to Sonar.
I want to learn how to use CheckStyle.
I am doing static code analysis in Hudson, as first part, I installed Static Analyser and CheckStyle plugins in Hudson. But I am not able to find out how to use it in official Hudson checkstyple page also.
official page : http://wiki.hudson-ci.org/display/HUDSON/Checkstyle+Plugin
I saw some documents in Maven checkstyle plugin that we have to mention some configuration in pom file and run the targets.
Then, I got doubt, if I am doing with Maven, why we need the CheckStyle plugin install in hudson?
Is it possible to configure CheckStyle in Hudson job for a Java project instead of changing in pom or not? It here is both ways, then which one is better?
Do you have the steps to configure CheckStyle plugin in Hudson?
If you've installed the plugin in Jenkins/Hudson, you should now be able to add the checkstyle goal to your project/job.
In the goals section of your Jenkins Maven job, add "checkstyle:checkstyle" to enable the checkstyle plugin to analyse your project.
I am using 1.467 and Jenkins JDepend plugin 1.2.3.
When I build, it generates the JDepend report.
No problem.
THe problem is that I get reports on classes like:
org.apache.commons.fileupload
org.hibernate.ejb
Packages report on classes that I didn't write.
How I configure this so that it JDepend only run on classes that I write?
com.mycompany.myproject
for example.
Thanks.
JDepend Maven Plugin looks quite old and seems to be in beta. It does not support a way to exclude packages/classes. I assume jenkins JDepend Plugin uses the information from this to generate the report.
JDepend itself provides options to include/exclude classes/packages from analysis. JDepend ant task provides support for this as well.
One possibility would be to use jdepend ant task using maven antrun plugin (or directly invoke jdepend using maven exec plugin) to do the analysis and specify the report file to jenkins plugin for reporting.
i got it to work by setting the goal to "jdepend:generate" and setting the Pre-generated JDepend file to "target/jdepend-report.xml"
Is there a way to get sonar to use the checkstyle configuration from my pom file? I have the maven checkstyle plugin setup, and I have the maven sonar plugin (version 2.7) setup, but sonar seems to use its default checkstyle configuration. I know I can create a new quality profile and upload the checkstyle file, but I would think that the maven plugin should use the one from the pom. Any help here is appreciated.
thanks,
Jeff
It used to be possible from Sonar 1.11 to Sonar 2.2 by using a parameter sonar.reuseExistingRulesConfiguration. It was removed from Sonar 2.3.
See SONAR-583
See SONAR-1706