Can SonarQube automatically analyse our sourcecode for us at any specified time? Do we have to manually analyze the code always? I just started using SonarQube and couldn't find anything on this question on Google or Sonar's website.
No, there is currently no built-in scheduling in SonarQube. Most people use jobs (dedicated or not) in some continuous integration engine (Jenkins, Bamboo, etc.) for their analyses.
SonarQube itself cant do any analysis. Analysis can be done only thorough SonarQube Runner, Build tools (ANT,MAVEN,Gradle)and Build Automation tool / CI tools.
Scheduling can be done through Build Automation Tool / CI tools.
For Jenkins: You can follow this documentation.
http://docs.sonarqube.org/display/SONAR/Triggering+SonarQube+on+Jenkins+Job
Related
I want to use SonarQube for Code Quality analysis. I have Hudson as the CI tool and have integrated clearcase. How do I use SonarQube when the Ant build happens? Do I need to install SonarQube in a server and use a plugin to access it?
Can someone help me?
Install SonarQube web server as a first step. Default port will be localhost:9000.
After installing SonarQube you need to create an Ant target. Sample Script is available on GitHub. If Hudson is working correctly earlier. It will pick up the changes in Ant Script and perform the Analysis. After the completion of Analysis report will be generated and accessible at SonarQube Web Dashboard.
sonarQube and teamcity relative question.
I want to use SonarQube into CI workflow which integrated by teamcity. I want to know how to stop the CI workflow when SonarQube finds some bugs or bad code style. Does a solution exist?
You need to set up a Quality Gate, then look at adding the Build Breaker plugin
I have a simple problem, with a simple answer probably, but I can't find what is it. We want to deploy SonarQube along with Checkstyle and some other tools, but we can't find out is it meant for a centralized, server deployment, or on each developer machine? All tutorials show installations on separate machines and being used in the localhost, while there is a public instance example, and the requirements and specs certainly look service-like.
On the other hand, I'm not getting how do the developers submit their code for checks if it is on a server.
So, in short, how is it deployed? Any checklist or something similar would be of great help.
The SonarQube "runtime" architecture has several elements:
SonarQube server. It contains a database (e.g., MySql) and an
embedded web server (Tomcat). The SonarQube server stores the
results of analyses (the metrics), but does not execute the code
analyses. This server provides a web UI that shows the dashboard of
the projects, various metrics and drill down into code, admin options. It uses a pluggable architecture--you can add/remove funcitionality via plug-ins.
Program that runs code analysis on the developer machine. There are options: (a) if they are using Eclipse or IntelliJ, they can use the respective SonarLint plug-in, which provides configuration properties, menu options to run analysis, a view to show violations, etc.; (b) developers can also run code analysis via maven (mvn sonar:sonar) or gradle (gradlew sonarqube); (c) developers can execute the various code analyses through a program called SonarQube Runner.
All these options of programs that run the analysis on the developer machine need to be configured to communicate with a SonarQube server. For example, when you run code analysis in IntelliJ using SonarLint, the metrics will be uploaded to the server. This server is typically shared by all developers, but it can also be localhost.
Program that runs code analysis on the CI/CD server. The job/pipeline that builds a software project can be configured to run SonarQube code analysis. It can be done via maven or gradle just like on the developer's machine, or via a plug-in. There are SonarQube CI plug-ins for Jenkins, Hudson, Bamboo, and others. Depending on the size of your project, you may want to configure the code analysis to run once a day only, and not upon each code commit or changes to dependencies. The SonarQube code analysis executed on the CI server will likewise send the generated metrics to the SonarQube server.
The SonarQube architecture documentation is very poor (not to say absent), so it's hard to get the big picture. I hope this helps.
SonarQube (formerly just "Sonar") is a server-based system. Of course you can install it on your local machine (the hardware requirements are minimal). But it is a central server with a database.
Analyses are performed by some Sonar "client" software, which could be the sonar runner, the sonar ant task, the sonar Eclipse plugin etc. The analysis results can be automatically uploaded to the server, where they can be accessed via the sonar Web application.
In an environment with many developers, you should run a build server (e.g. Hudson or Jenkins), which performs automatic sonar analyses as part of the nightly build. Other schedules are possible, but the developers should know when they can expect updates of the server-side analysis results. The results of the automated analysis can be displayed in the individual developer's Eclipse editor by way of the sonar Eclipse plugin.
The architectural documentation on Sonar is quite sparse. I've looked for a picture to visualize what I just described, but could not find one ...
We are trying to install a CI Platform with (Jenkins,sonar,eclipse ...).
So that every developer can make analysis on his code before commit, I'm wondering between two alternatives :
running local analysis with the sonar plugin.
install the different plugins that sonar use (findbug,pmd,checkstyle ...) and configure them to meet the sonar configuration.
I'm not sure which alternative to use? I used to work with findbugs,pmd, checkstyle in eclipse and they look great.
Can you tell me which is the best alternative?
Thanks in advance.
Regards.
With Sonar plugin you can manage the violations like:
Create a review
Mark a violations as false positive or fixed
View the hot classes and hot violations
View yours reviews
If you use separate plugins you have to go sonar web to do that.
The great advance of sonar is the reviews.
Other question is how many projects you have and will have. I currently work with more than 70 projects and many profiles. Is more simple to me run analysis with one plugin, because I need just add the server and find the project. With other plugin you need add the link for each project in each plugin configuration.
Why not install the Sonar Eclipse plugin?
This was designed to solve the following problems:
Sonar does not support parallel analysis of the same project. This issue rules out the option of each developer running Sonar locally. (See SONAR-2761, SONAR-3306)
You don't really want developers uploading metrics and source code into the Sonar database. They could be working on an uncommitted workspace and would therefore cause both inaccuracies and confusion if Sonar is being used for code review.
Sonar is really designed to be run from a continuous integration server (like Jenkins), building code that has been submitted onto a shared codestream (or branch)
The big advantages of using the Eclipse plugin are:
True local analysis, no updates of the Sonar database
Configuration of the other tools is retrieved from the Sonar server and jars automatically downloaded.
Centralized management of Sonar quality profiles
I have a series of Maven Scripts which are to be run in Linux Platform for doing Reversion and Lableing for my Project. I would like to know what Building Tools i can use to automate the Maven Scripts in the Linux Platform?
Also say suppose I have got some error while doing the Reversioning / Lableing of the code. How can the Automate tools Handle these scenarios.
Please let me know of the effective tools and I would certainly reply back whether those do help me out or not!
I would suggest leveraging a "job" coordinator such as Jenkins or Cruise Control to manage any and all of our automation. Maven is natively supported and understood by these tools. An agent will reside on your server, and do the bidding of your coordinator.
Jenkins is a good solution to automate maven build:
easy to install
easy integration with maven
allow you to automate simple task after build failure/success like sending email
many plugins including this one that allow you to do more complex task after a build failure (or build success)
Any one of this
Jenkins
Hudson
Atlassian bamboo
TeamCity
After using LuntBuild, Jenkins and teamcity I can say without a doubt that TeamCity is by far the superior choice.
I think it's free for a small configuration (3 agents, and up to 10 build configurations).
It very easy to install and configure, compatible with most source control systems.