Quick question with regards to Sonar and JavaScript. I was able to get examples of JsTestDriver and Jasmine working with Maven - Hudson - Sonar (code coverage and tests). The only piece I am missing is the rules violations report. When I look at sonarsource's doc/post on the JavaScript plugin, it says that it comes with 60 default rules. But when I install the SonarQube JavaScript plugin and then go into my Quality Profiles (selecting the "Sonar way"), there are no rules within this profile. I assume this is why I am not seeing metrics produced within my project and so I was wondering does the SonarQube JavaScript plugin come with the 60 default rules described within the sonarsource site? Or do I need to create all my JavaScript rules?
Related
Gradle and Sonarqube here.
When I run ./gradlew sonarqube and view my analysis in the SonarQube web UI I got a bunch of different "code smells", some of which I agree with, and others which I do not.
I would like to configure SonarQube to report on the code smells I care about (agree with) but to ignore/exclude reporting on the ones I disagree with.
But looking in their documentation, it doesn't appear that SonarQube provides configurable rules, is that the case? If not, how do I (using Gradle) configure SonarQube's rule set for code smells?
I'm trying to create method without add comment or documentation it, I expected SonarLint would show errors based on rules, but I don't see any errors or warnings. Why?
The particular rules you're looking for are "common" rules applied at the server. You're not going to see them in SonarLint. But in general:
Out of the box, SonarLint runs with the Sonar way (default) profile. If you want additional rules applied in the IDE, you'll need to:
set up a SonarQube instance (assuming you don't already have one)
configure a Quality Profile to your liking
apply it to your project
connect your project in the IDE to the project on the server
At this point you will see (almost) all the same issues in both places.
I want to use a specific sonar profile with analysis mode preview for generating comments that go into our github pull requests.
The default quality profile for the project includes minor and info level rules which will cause hundreds of extra comments (and literally thousands of github notification emails). So it has to be a quality profile specific to this purpose.
Running the build like this:
mvn sonar:sonar -Dsonar.profile.java=PRComments -Dsonar.analysis.mode=preview
Fails with the following error:
sonar.profile was set to 'PRComments' but didn't match any profile for any language.
The PRComments quality profile exists and works perfectly if I don't specify the preview mode. And yes I know that -Dsonar.profile is deprecated and it makes me sad too.
For info I'm using the sonarqube github plugin http://docs.sonarqube.org/display/PLUG/GitHub+Plugin to push the comments into github - but the failure above appears even if I don't use this plugin. Unfortunately the github plugin doesn't seem to have an option to skip adding comments for violations below a configurable severity level.
Is this possible or do I have to give up?
According to the documentation I've found Sonar will not analyse test code by default. I found some Jira's that indicate it should be possible but nothing with enough information on how to do it.
It's java code setting under src/test/java. I use both the eclipse plugin for local analysis and sonar-runner plugin for gradle via a jenkins job on the CI server so ideally the solution would support both those.
Ta,
Andrew
As of SonarQube 4.2, the only way to have some test code analyzed is to activate rules from "PMD Unit Tests" repository inside your quality profile.
Note that these are rules specific to test code (like the existence of at least one assertion). You can't activate "standard" rules on test code yet. You can vote for the following ticket to extend the scope of source analysis: SONAR-3748
We are trying to install a CI Platform with (Jenkins,sonar,eclipse ...).
So that every developer can make analysis on his code before commit, I'm wondering between two alternatives :
running local analysis with the sonar plugin.
install the different plugins that sonar use (findbug,pmd,checkstyle ...) and configure them to meet the sonar configuration.
I'm not sure which alternative to use? I used to work with findbugs,pmd, checkstyle in eclipse and they look great.
Can you tell me which is the best alternative?
Thanks in advance.
Regards.
With Sonar plugin you can manage the violations like:
Create a review
Mark a violations as false positive or fixed
View the hot classes and hot violations
View yours reviews
If you use separate plugins you have to go sonar web to do that.
The great advance of sonar is the reviews.
Other question is how many projects you have and will have. I currently work with more than 70 projects and many profiles. Is more simple to me run analysis with one plugin, because I need just add the server and find the project. With other plugin you need add the link for each project in each plugin configuration.
Why not install the Sonar Eclipse plugin?
This was designed to solve the following problems:
Sonar does not support parallel analysis of the same project. This issue rules out the option of each developer running Sonar locally. (See SONAR-2761, SONAR-3306)
You don't really want developers uploading metrics and source code into the Sonar database. They could be working on an uncommitted workspace and would therefore cause both inaccuracies and confusion if Sonar is being used for code review.
Sonar is really designed to be run from a continuous integration server (like Jenkins), building code that has been submitted onto a shared codestream (or branch)
The big advantages of using the Eclipse plugin are:
True local analysis, no updates of the Sonar database
Configuration of the other tools is retrieved from the Sonar server and jars automatically downloaded.
Centralized management of Sonar quality profiles