SonarQube - analyzing branches of the same project - sonarqube

I know that there is no "new project" button on SonarQube UI. However, I have two branches of the same project that I want to do analysis on. The thing is that since the project names are the same, SonarQube will upload the analysis results of the two branches into the same project on SonarQube Server. How do I configure SonarQube so that one branch will upload analysis results to one project and the other branch will upload results to another project on SonarQube server?

You might want to look at this part of the Sonar documentation, specifically at the sonar.branch parameter. It seems to be designed for what you want to do, and is working that way for us.

As the sonar.branch parameter is deprecated and the Developer Edition costs money, one possible option it to use the already mentioned branch plugin for SonarQube Community Edition (LGPL).
Update: seems like the repo is gone, not sure why. Active fork can be found here.

If you use SonarQube Runner, then you have to change the sonar.projectKey property to different values. If you use maven based analyses, then add -Dsonar.projectKey="Something" to your command. Example:
mvn sonar:sonar -Dsonar.projectKey="My project in first branch"
mvn sonar:sonar -Dsonar.projectKey="My project in second branch"
You can change the project name in a similar way with the sonar.projectName property.

This blog post by the SonarQube team suggests that treatment of branches will be improved in version 6.
Additionally, if you are using pull requests, have a look at its pull request analysis plugins (both GitHub and BitBucket at the moment).

The sonar.branch parameter is deprecated from sonar version 7.1 so, for alternative for that and having separate branch analysis on sonarQube version 7.1 on-words you can use something like this.
I assume you have maven project. if not just remove -D from it and use it.
mvn sonar:sonar -Dsonar.projectKey=<projectname>
mvn sonar:sonar -Dsonar.projectName=<project-name>
The project key should be unique. Otherwise it will combine the result of other branches who has the same project key.

Related

Alternative to sonar.analysis.mode parameter

I'm using Sonarqube 7.9 and Gitlab with a maven docker image that calls my Sonarqube using mvn --batch-mode verify sonar:sonar -DskipTests=true -Drevision=$REVISION_UNSTABLE $SONAR_OPTS -Dsonar.analysis.mode=issues.
The thing is that the parameter sonar.analysis.mode is not used anymore since version 7.4 but I can't find out what parameter do I need to use instead.
At the build development branch I just want to check the issues related to the code and I don't want to publish anything. Only when I publish a tag or a production code I must publish results to Sonarqube interface. So what do I need to run my code with the previous issues and publish parameters? Is there any alternative to sonar.analysis.mode?
The direction SonarSource are pushing people in is to use branch/pull-request analysis to detect new issues across branches. I'd suggest you want to be using feature branches for your typical analysis if you're not wanting to retain history for a long time.
The branch analysis feature requires you use Developer Edition to work out-the-box, however there is a plugin that provides branch support on developer edition should you want to try it.
Your build/scan command would then become something similar to:
mvn verify sonar:sonar -DskipTests=true -Drevision=$REVISION_UNSTABLE $SONAR_OPTS -Dsonar.branch.name=develop

How to rename projects in Sonar Qube

I have a few projects which use pom.xmls to run the sonar analysis. Their names are:
Myproject1
Myproject2
Myproject3
Myproject4
I want to rename them on the sonar dashboard:
MyprojectA
MyprojectB
MyprojectC
MyprojectD
whats the simplest way to achieve this? I know that we can update the key, and then on-board the project with the desired name. Is it possible for me to use the same key and update the project display name?
P.S: I use sonarqube version 6.1
I had to eventually change the project name in the settings.xml file. This contained my sonar.projectname and sonar.projectkey. Then, I had to onboard the app on the sonar dashboard with the new details and run the analysis. However, i still feel that a simple renaming feature could have been easy.
Since it is more of an enterprise version of sonar we are not allowed to upgrade the sonar version immediately.

Move "Won't fix" between projects in Sonarqube

I am using SonarQube to analyze my code before uploading to Gerrit and as a step in the review process in Gerrit. The same code is analyzed twice and I have two projects, e.g. "development-project" and "gerrit-project" in SonarQube. I then sometimes marks something as "Won't fix" or " False positive" etc in my "developpment-project". I would like to move that to the "gerrit-project". Is that possible?
I was in similar situation and I created simple command line tool for copying Won't Fix and False-Positive resolution types from one SonarQube project to another. A bit clumsy solution, you need to run it after each merge, but better than manually resolve the same issues in two or more SonarQube projects.
You can find the tool on GitHub - https://github.com/HonzaTau/SqCopyResolution
Unfortunately you cannot. There is information, in SonarQube documentation, that projects created with sonar.branch parameter are treated as independent* projects.
*independent - not associated with any other project
http://docs.sonarqube.org/display/SONAR/Local+and+Branch+Analysis:
[...] you add the sonar.branch=[branch key] analysis property to the
release branch to create a second, independent project in SonarQube.

Sonarqube 5.1 TFS sonar msbuild runner with branches

We have just started using Sonarqube 5.1 integrated in TFS build as described on this page http://www.sonarqube.org/announcing-sonarqube-integration-with-msbuild-and-team-build/
We have one main branch, and two development branches for the same project.
What is the recommended strategy for handling this?
I want to be able to see analyze result trends over time and also let people working in different branches able to see analyze result for the branch they are working in. As far as I can see the Sonar msbuild runner (https://github.com/SonarSource/sonar-msbuild-runner) only supports projectkey, projectname and version, but not branch key.
Any advice and suggestions will be greatly appreciated!
Indeed Wangen, I do confirm that the MSBuild Runner 0.9 doesn't yet provide a way to inject some SonarQube properties and so including the "sonar.branch" property. This limitation is going to be dropped in version 1.0 of the MSBuild Runner. Nevertheless, you must be aware that the support of branches by SonarQube is really limited because at the end in your case you're going to have 3 different projects in SonarQube and for instance flagging an issue as false-positive won't lead to flag the same issue in another branch as false-positive.

Bamboo Selective Sonar Analysis

We are currently using Bamboo for our build tool and one of our stages contains a task to run Sonar analysis.
It works great except for the fact that results are published for both master and feature branches. Of course this means that if we build a branch then results will override the existing ones.
We have looked into Auto Branch in the Sonar task but we don't want a large number of branch projects in Sonar so this is a no-go for us.
How else can we selectively run Sonar analyses depending on the branch? I heard that using a property in our Maven pom.xml could work, I wonder if anyone has an example of that?
I add the -Dsonar.projectVersion=${bamboo.repository.branch.name} at runtime. That adds the branch as the project version.
I am using sonar-runner to execute the sonar analysis so since you're using maven, your mileage may vary - in other words convert that to whatever the maven version of that argument is.
So when I run the sonar-runner task I include that -D argument on the command line. Even running it with maven you should be able to pass it in on the command line. Whatever branch is building that's the one that will show up on the SonarQube dashboard.

Resources