Not able to exclude some java packages from local server analysis - sonarqube

We have upgarded sonar server 3.5.1. In order to use sonar I have upgraded my local eclipse to Juno(4.2) and sonar plugin to 3.1. Sonar server is able to exclude some packages usign sonar.excustions key and does not show violations for those packages. But when I run report for sonar local analysis I see even though I added sonar.exclusions from local properties it does show violations for exluded files. How i can resolve this issue.
Thanks in advance.
Sapana.

There's currently a limitation on Sonar side (see http://jira.codehaus.org/browse/SONAR-4265) that prevents modules to retrieve all their related settings when analyzed independently from their root project.
Feel free to watch and vote for the ticket.

Related

Integrated JaCoCo results in SonarQube using Jenkins Maven Multitarget-App

after fighting now with integrating JaCoCo results into my SonarQube to see code coverage for more then one working day, I will try to open another post regarding this topic, because the internet is really messed with postings.
Preconditions:
SonarQube: Version 6.7.2
Maven: 3.5.2
Windows Server2012 R2
I successfully integrated Sonar Scan and results are published. I added the configuration for JaCoCo in the pom.xml of my application and the result files are generated after the build and just using the JaCoCo Jenkins plugin they can be displayed on the Jenkins dashboard. But I did not figure out what Analysis properties the Jenkins action "Execute SonarQube Scanner" needs in order to import the results and display them.
Is "scan" the correct operation or do I need something else to trigger the import?
I saw so many variantes of giving JaCoCo and Sonar the correct parameters, that I do not have a clear picture any more. Any hints maybe looking at my parameters?
As described in the docs, since you're building with Maven you should analyze with it too. There's some global setup you want to do (see the docs) but once that's done, you'll add this to your job instead of your current SonarQube Scanner build step:
$SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL
Note that this needs to come after your build and test execution. The JaCoCo reports should be picked up automatically.
I successfully integrated it now with these Analyses properties and it is working.
sonar.projectName=
sonar.projectKey=
sonar.login =
sonar.password =
sonar.sources=./
sonar.java.binaries=./
sonar.jacoco.reportPaths=./trackingboard-service/target/jacoco.exec
sonar.jacoco.reportMissing.force.zero=true

How to rename projects in Sonar Qube

I have a few projects which use pom.xmls to run the sonar analysis. Their names are:
Myproject1
Myproject2
Myproject3
Myproject4
I want to rename them on the sonar dashboard:
MyprojectA
MyprojectB
MyprojectC
MyprojectD
whats the simplest way to achieve this? I know that we can update the key, and then on-board the project with the desired name. Is it possible for me to use the same key and update the project display name?
P.S: I use sonarqube version 6.1
I had to eventually change the project name in the settings.xml file. This contained my sonar.projectname and sonar.projectkey. Then, I had to onboard the app on the sonar dashboard with the new details and run the analysis. However, i still feel that a simple renaming feature could have been easy.
Since it is more of an enterprise version of sonar we are not allowed to upgrade the sonar version immediately.

sonar-3.5.1 deploying project on sonar server but code not showing

I have upgraded my sonar version from sonar-3.2 to sonar-3.5.1 and upgraded sonar-runner from sonar-runner-1.1 to sonar-runner-2.2.2, now when i am deploying project on newly installed sonar 3.5.1 it run successfully and showing ANALYSIS SUCCESSFUL, it also show project name on sonar server when i use localhost:9000 on browser but code is not showing there, no violations are coming etc.
i am using sonar in two ways and both results the same. Two ways are:
1. using sonar standalone through sonar runner from cmd.
2. integrating sonar with Jenkins(1.515) and using maven(3.0.4)
when i do sonar analysis on sonar 3.2 everything is working fine in both of the above cases but problem comes only when i use sonar 3.5.1.
Can anybody help me out on this issue??
Please suggest what would be the possible way to overcome this issue..
your revert will be appreciable.. Thanks in advance!!
Please refer below for logs
and sonar dashboard
So I do confirm that the Sonar Java plugins have been deleted from the extensions/plugins directory and that's why you don't get any measures/violations when analysing a java project. Here is the link to download version 1.2 of the Sonar Java plugin ecosystem : http://docs.codehaus.org/download/attachments/230396085/JavaEcosystem-1.2.zip. You just have to decompress this archive, place all jar(s) in the extensions/plugins directory and relaunch the Sonar server.

Eclipse sonar plugin vs findbugs+pmd+checkstyle eclipe plugins

We are trying to install a CI Platform with (Jenkins,sonar,eclipse ...).
So that every developer can make analysis on his code before commit, I'm wondering between two alternatives :
running local analysis with the sonar plugin.
install the different plugins that sonar use (findbug,pmd,checkstyle ...) and configure them to meet the sonar configuration.
I'm not sure which alternative to use? I used to work with findbugs,pmd, checkstyle in eclipse and they look great.
Can you tell me which is the best alternative?
Thanks in advance.
Regards.
With Sonar plugin you can manage the violations like:
Create a review
Mark a violations as false positive or fixed
View the hot classes and hot violations
View yours reviews
If you use separate plugins you have to go sonar web to do that.
The great advance of sonar is the reviews.
Other question is how many projects you have and will have. I currently work with more than 70 projects and many profiles. Is more simple to me run analysis with one plugin, because I need just add the server and find the project. With other plugin you need add the link for each project in each plugin configuration.
Why not install the Sonar Eclipse plugin?
This was designed to solve the following problems:
Sonar does not support parallel analysis of the same project. This issue rules out the option of each developer running Sonar locally. (See SONAR-2761, SONAR-3306)
You don't really want developers uploading metrics and source code into the Sonar database. They could be working on an uncommitted workspace and would therefore cause both inaccuracies and confusion if Sonar is being used for code review.
Sonar is really designed to be run from a continuous integration server (like Jenkins), building code that has been submitted onto a shared codestream (or branch)
The big advantages of using the Eclipse plugin are:
True local analysis, no updates of the Sonar database
Configuration of the other tools is retrieved from the Sonar server and jars automatically downloaded.
Centralized management of Sonar quality profiles

User specific sonar reports for same project

I have configured one project in sonar and integrated sonar with maven for build time analysis of the project.
After analysis, report is generated and uploaded to Sonar for browsing. But once another user compiles the same project their report overwrites mine.
Basically I want that one user's report on one project is not overwritten by report from other user. A user must be able to see their current violations independently. Is it possible in Sonar?
Sonar stores it's analysis on a daily basis, which explains why it's kind of pointless to run analysis several times in a day. Each analysis run will overwrite that day's existing results, which in turn spoils ongoing statistical analysis.
I would suggest running Sonar, from a dedicated build server like Jenkins (which has a Sonar plug-in). This daily analysis will populate the Sonar database and keep the project dashboard current. This architecture also enables you to keep the database credentials confidential.
Obviously developers would like to see the results of their bug fixing. For that I'd recommend running the Sonar Eclipse plug-in. The latest version will run the same Sonar analysis locally. Recent versions of Sonar also enable you to assign violations to developers for resolution.
This is not possible, last performed analysis will always be the one you browse in the interface. However, I guess what you need is the Issue Report Plugin which will enable analysis to store results locally, with the dry-run option.
This way your developers will be able to run an analysis on their code and see the violation delta without pushing the results.
You can do it by explicitly setting the below properties in pom.xml
<properties>
<sonar.projectKey>Test</sonar.projectKey>
<sonar.projectName>Test</sonar.projectName>
</properties>
Every user should set different projectKey and projectName, if you want that one user's report on one project is not overwritten by report from other user.

Resources