Is there a way to have several profiles for one project in Sonar ?
For example we have a Java EE project with : EJB and WebApp (JSP and Back Bean).
We have 3 quality profiles: Java, Web and XML. To "execute" these 3 profiles on our project we run three sonar analysis and create 3 result projects in Sonar.
We use views to regroupe these three projects, is there a way to have one project that use 3 profiles and not use views?
We want to use views to group different projects and not on the same project.
You can't have multiple profiles for the same project. But if you want this, you just have to create your own custom profile which has all the rules defined in your profiles. For Example, let's say you have quality profile "Android Lint" and "Sonar Way", and if you wan't to check your project against both these profiles, just do the following:
Go to Quality Profiles tab in SonarQube
Click on Back Up on the Profiles you want. It will download an .xml file for each profile.
Just go through the .xml file and figure out how it is written and then Create a new .xml file which contains the rules of both the profiles and give it a cool name.
Go back to Quality Profiles tab in SonarQube
Click on Restore Profile and upload your .xml file.
That's it.
You now have your own custom quality profile with all the rules that you want.
UPDATE:
In the latest version of SonarQube (I am using 6.2), you can use the concept of "Inheritance" to combine multiple quality profiles. You can now set a parent quality profile for any profile. Using this you can chain multiple quality profiles.
See: SonarQube: How to apply multiple quality profiles to one project?
Applying multiple profiles for one project is not possible.
I see two alternatives: Merging your profiles as already mentioned or scanning the same project under a different "branch" (as in SonarQube terminology).
For a scan under a different branch refer to the sonar quality profile to project association. Please be aware that the syntax of the maven call is actually wrong, use this one instead:
mvn ... -Dsonar.profile="Your profile name" -Dsonar.branch=YOUR BRANCH
Using this will create a new project under the same name plus the branch as postfix. (projectName:branchName)
Regarding the merge of two profiles the easiest way is within the Rules tab:
Select Quality Profile x in Filter View
Bulk Change (in the upper right of the List View)
Activate In
Select Quality Profile y
This will automatically merge the two sets and prevent redundancy.
Just expanding on #guitarium 's answer above:
For SonarQube 7, you can simply do the following on the SonarQube web portal to add extra rules from other profiles into a custom profile (same as merging, really):
Go into Quality Profiles and click the dropdown next to a profile you want to merge
select Copy
Give the copy a cool name
Click on the new copy to go into it's Quality Profiles page
Go to Actions -> Activate more rules
Click Bulk Change , then Activate in and select your new cool profile
You now have a super cool merged profile. Nice job
Related
From the Job log it looks like Travis enable all Sonar way that is available
...
INFO: Quality profile for css: Sonar way
INFO: Quality profile for java: Sonar way
INFO: Quality profile for js: Sonar way
INFO: Quality profile for ruby: Sonar way
INFO: Quality profile for web: Sonar way
...
Is there a way to choose which quality profiles Travis will enable?
My repo is Ruby and I want to enable Ruby quality profile only.
You can define empty quality profiles with no rules for the languages you're not interested in, and then activate those empty profiles in your project.
Go to your organization's page, and then the Quality Profiles tab
Click Create, enter a name (for example "empty"), select the language
You will need to repeat this for each language
Go to your project's page, and then Administration / Quality Profiles, and select the newly created "empty" quality profile for each language
If that sounds tedious, you could script it, with the help of the web API:
token=your-sonarcloud-token
org=your-sonarcloud-organization-key
project=your-sonarcloud-project-key
languages=(abap apex c cobol cpp cs css flex go java js jsp kotlin objc php plsql py ruby scala swift ts tsql vbnet web xml)
for lang in "${languages[#]}"; do
params="language=$lang&name=empty&organization=$org"
curl -u"$token:" "https://sonarcloud.io/api/qualityprofiles/create?$params" -X POST
params="project=$project&language=$lang&qualityProfile=empty&organization=$org"
curl -u"$token:" "https://sonarcloud.io/api/qualityprofiles/add_project?$params" -X POST
done
This will set the empty profile for all languages. So you will need to go to Administration / Quality Profiles of your project to set a non-empty profile for the languages you're interested in.
I know that SonarCube could exclude certain codes or modules.
My question is that, currently i have certain project, i only want to scan part of the codes using all SonarCube rules;
but at same time, for other parts of same project codes, i only want to apply some of the Sonar rules(for example, rules relates to security).
See this image for my example
Any experts can give me some hints, whether sonar can do this using maven or not, and how if possible. thanks.
This is not a common use case, but I see two options:
Create two quality profiles, and analyze your project twice using a different project key and a different quality profile. In SonarQube it will show 2 different projects. Using file inclusion/exclusions, you can partition your modules in the two projects. Note that having two projects could bring some difficulties, for example if you use PR analysis. Still you can have an overall view of the quality using an application to group them.
Keep a single quality profile and single project, but use advanced issue exclusion patterns to exclude issues you don't want on specific files. Managing those exclusions could be a bit tedious.
I am generating sonar report from teamcity sonar runner but I see that Quality Profile is set to
Use 'Sonar way' (XML) but I want it to be Stop using sonar way (xml).
Can anyone suggest the parameter or setting I need to do.
Note: I can not share the logs or screenshots here because of organization policy.
The way to handle this is to use the UI to assign the project to the profile(s) you want it to use: Project-level Administration > Quality Profiles. You'll be presented there with an option to assign a profile for each language available in the instance.
If you simply must do this from TeamCity, then use web services to assign the profile. Although once assigned, assignments "stick" so this really is something you should be able to do from the GUI and then just leave alone.
I used parameter sonar.Language=cs. it excluded xml analysis and now I see Stop using sonar way (xml).
https://docs.sonarqube.org/display/SONAR/Analysis+Parameters
sonar.language
Set the language of the source code to analyze. Browse the Plugin
Library page to get the list of all available languages. If not set, a
multi-language analysis will be triggered.
Our use case for Sonar creates new Sonar projects for each branch of our repository. How do we automatically associate the new branch project with a (non-default) Quality Profile and Quality Gate?
We're running this in a Maven project if that's relevant.
We had the same issue, within our company, and the only solution was to use the deprecated attribute sonar.profile (https://docs.sonarqube.org/display/SONAR/Analysis+Parameters).
Sidenote:
Generally there is also a interesting view on how to analyze branches. The general recommendation from sonarSource suggests to only use preview modes for short living branches. As a fact bitbucket-plugins with a richer featureset than just commenting issues, sadly need branch based analysis.
https://jira.sonarsource.com/browse/SONAR-5370 - the property will be removed in 4.5.1 based on the sonar task
Use the api/projects/create web service to provision your projects. You can then call api/qualityprofiles/add_project to assign your new project to the proper profiles. (You'll need to have first looked up the profile id's tho with api/qualityprofiles/search.)
Say I have the following sources defined in my sonar project properties file.
sonar.sources=src/client/app,src/server
Could I get SonarQube to use one quality profile for one path, and a different profile for the other?
Is this possible?
It's possible to apply multiple quality profiles to a project only as separate SonarQube projects with separate keys and analyses.
I.e. You'd have to analyze twice: once for each directory.
Your next question, of course, is how to re-combine the products of the two separate analyses. The answer is that that's only available with the Governance($) plugin, and Governance is only LTS-compatible (5.6 at this writing.)