sonar 4.3: How to push xml output to sonar dashboard - sonarqube

We have written on tool to do some certain quality check on code. Now we want to integrate that tool to sonar and push the result on sonar dashboard.
Just wanted to know how to do it. Let's say my tool output is in xml format.

You may want to have a look at the Sonar .NET Tests library as a reference. It imports generated coverage reports in XML format into SonarQube. A possible starting point is this class:
https://github.com/SonarCommunity/sonar-dotnet-tests-library/blob/master/src/main/java/org/sonar/plugins/dotnet/tests/CoverageAggregator.java

Related

how to upload Code coverage report for PL/SQL Code to Sonarqube and to Teamcity?

i have generated Code coverage report for PL/SQL Code with utplsql but i don t how to upload it to Sonarqube and then to Teamcity ?
The way you use SonarQube is to drive scans of your source code from build automation, using one of the tools written to run the scan. Two choices are the maven "sonar:sonar" goal, and the "sonar-scanner" tool. Both of these have command-line properties that specify the location of the "lcov.info" file. SonarQube will then produce a scan report that you can view from its user interface.

How to disable code coverage in sonarqube since 6.2

Since we updated to SonarQube 6.2 it seems code coverage plugin got merged in the core.
It shows red flags everywhere and I can’t find how to turn it off, we do not use code coverage.
You don't specify what language(s) you're analyzing. I'll assume Java and/or JavaScript. Starting from 6.2, SonarQube supports "force coverage to 0", which marks as uncovered executable lines in files that don't show up in any coverage reports. (That's assuming the underlying code analyzers support the feature, and Java and JavaScript already do.) The purpose is to have a more accurate picture of what's missing when you actually are using unit tests. Without this feature, it's impossible to tell whether a file that's omitted from coverage reports is missing because it has no executable code or because there are no tests on it - even when there should be.
Since you're not using unit tests (really?) you can exclude all the source files in your project from coverage calculations via the UI: Administration > Analysis Scope > Coverage Exclusions. A pattern value of **/*.* ought to do it for you.
Code coverage feature is in SonarQube misleading. To turn this off:
Under Quality gates create new or copy existing profile.
There delete Coverage metric
SonarQube Version: 9.2

getting trouble to generate sonar test report

I am using sonarqube on my windows server, and it is working find from my client PCs, now I need to generation sonar test report in form of file, pdf, html or in any format to display it to my client. I tried but am not getting any solution, would you please help me, that how to export sonar test report from sonarqube server.
You're not finding that "report export" feature because SonarQube is about continually monitoring the evolution of your code, not printing out a point in time and pinning it to the wall.
If you really have to have something like this, then screenshots are the easiest way to go. Alternately, you can pull current state data using web services and build your own report.

SonarQube: include files outside of the project into analysis

I'm testing SonarQube with a .Net solution file. I'm trying to figure out which files exactly get uploaded/imported into the SonarQube database. Based on my tests with the SonarQube MSBuild runner, it analysis and uploads all files which are stated in the .csproj project file(s) (only those that can be associated with a language plugin because I have set "Import unknown files" to false).
Is there a way to specify additional files which should be analyzed and imported? I had some hope for the "sonar.inclusions" setting, but it's not exactly what I need because the description says Patterns used to include some source files and only these ones in analysis.
I'd like to just specify additional files.
My use-case: at the moment, SonarQube does not create issues for compiler warnings (see Displaying C# compilation warnings in Sonar?) (which in my opinion is really sad/weird for a tool that wants to improve code quality). So my idea is to use msbuild with an xml-logger, import the generated xml log file and use the XML plugin with custom XML path rules to extract the compiler messages.
Similar issue for analyzing Delphi code. I found an old SonarQube Delphi plugin which I could not yet get to work with SonarQube 5.x, but I'd like to try to get at least the compiler messages into SonarQube (convert Delphi compiler output into XML, get SonarQube to import this file, use custom XML path rules).
Is there a way to get SonarQube to analyze/import such additional files?

Is there a Sonar API to get line level coverage for a given resource?

I am running clover before running the sonar ant task and providing its xml output to Sonar 3.7.
Is it possible to later fetch the line level coverage data for a given Java file using one of the Sonar webservice API's?
If not, is there a library that I can use to get the same info from clover xml without writing all the parsing code?
Well if you need a complete report to line level granularity.
You should go for html reports of Clover.
They provide details from the highest level such as project and packages to lowest level of details like complexity of each package or source file, method coverage, line coverage etc. (If proper attributes are specified)
Many of the above specified things are provided in XML report as well but HTML generated by Clover is very interactive and fancy. You can actually see all the source files in that report and figure out the parts which were covered in the file.
As you already have the xml report generation target, you can add html report task as well into it.
Hope this helps. :)

Resources