Maven with sonar authentication - maven

I am running maven with sonar. Since I activated authentication on sonar for security purposes, since then I got the following error:
[ERROR] Can´t access to Sonar or project doesn't exist on Sonar instance. HTTP KO to http://localhost:9000/api/resources?resource=com.myproject.soft:soft&depth=0&format=xml
java.io.IOException: Can´t access to Sonar or project doesn't exist on Sonar instance.
at org.sonar.report.pdf.util.SonarAccess.getUrlAsDocument(SonarAccess.java:132)
at org.sonar.report.pdf.entity.Project.initializeProject(Project.java:98)
according to http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven I should use the following parameters:
-Dsonar.login=login -Dsonar.password=password
Those settings are not working for me.
The full command I am using is:
mvn install sonar:sonar -Dsonar.login=login -Dsonar.password=password

This is a limitation of the PDF Report Plugin that is developed by Klicap:
http://jira.codehaus.org/browse/SONARPLUGINS-1510
If you remove this plugin, then everything should be back to normal.

We have the same problem and resolved it by adding some credentials. Tested on Sonar 3.7 and Sonar PDF Plugin 1.3
In eclipse put this as your maven Goals:
org.codehaus.sonar-plugins.pdf-report:maven-pdfreport-plugin:1.3:generate -Dsonar.host.url=http://localhost:9000 -Dreport.type=executive -Dsonar.pdf.username=admin -Dsonar.pdf.password=admin

Related

SonarQube analysis from maven and Jenkins have different results

I am using SonarQube version 6.7 for running analysis of Maven projects using the command mvn clean verify sonar:sonar from the project directory using command prompt and get the results. The sonar configurations in settings.xml for maven (v3.5.3) are added respectively.
In Jenkins (version 2.161), I have installed SonarQube Scanner for Jenkins (v2.8.1) plugin. The SonarQube Server configuration is configured as below.
In the Jenkins maven project, I have configured the post steps as below.
I have checked the Prepare SonarQube Scanner environment in the Build Environment section and the Build goal is -e clean verify sonar:sonar.
My issue is, when the SonarQube analysis for a maven project is triggered through command prompt using the command mvn clean verify sonar:sonar, I am getting the results as expected. But when the Jenkins job is triggered with the configurations above for the same maven project, the results are different and incorrect. What am I missing?
P.S- In the Post-build Actions, I can see the SonarQube analysis with maven is deprecated.
Thanks in advance.
You use different scanners. First you used SonarScanner for Maven (mvn sonar:sonar). Next you used Basi SonarScanner, which requires manual configuration of all options.
The best option to sole it is always use the same scanner. You have Maven project, so you can enable Prepare SonarQube Scanner environment in Build Environment, and next execute Sonar goal $SONAR_MAVEN_GOAL in Build.

local sonar analysis using a remote sonar server

I am doing a sonar analysis from my machine using a sonar instance on a remote server.
Local machine: Window7, apache-maven-3.2.5
Remote sonarcube server: sonarcube Version 3.7.3
I am using below command from command prompt:
mvn sonar:sonar -Dsonar.jdbc.url=<jdbcurl> -Dsonar.host.url=<sonarserver url>
I have defined a sonar profile for running the same
Whe I run the said mvn command, then I am getting below error:
[ERROR] Failed to execute goal org.codehaus.mojo:sonar-maven-plugin:2.6:sonar (default-cli) on project builder-allmodules: Can not execute SonarQube analysis: Can not execute Findbugs: java.lang.RuntimeException: edu.umd.cs.findbugs.NoClassesFoundToAnalyzeException: No classes found to analyze in mymavenproject\target\classes *xyz.jar *F:\m2\repository\commons-io\commons-io\2.4\commons-io-2.4.jar *abc.jar *lmn.jar aaa.jarbbb.jar *ggg.jar
mymavenproject\target\classes: doesn't have any classes, instead, there is bundled jar at mymavenproject\target\ which contains all the classes
Also, another issue is that it is trying to analyze all the dependent jars also which should not be the case as I need sonar analysis for my project only
Can you let me know what I might be missing?
Because you've included FindBugs rules in your analysis profile, you're required to provide unbundled classes to the analysis.

Integrating sonarqube with Jenkins

I am trying to run sonar sonar:sonar by integrating sonarqube and jenkins. While doing, am getting the below error.
[ERROR] Failed to execute goal org.codehaus.mojo:sonar-maven-plugin:2.6:sonar (default-cli) on project iwm_common: Can not execute SonarQube analysis: org.slf4j.impl.SimpleLoggerFactory cannot be cast to ch.qos.logback.classic.LoggerContext -> [Help 1]
Jenkins version - 1.612
Sonarqube version - 3.6
JDK-1.7.0_76
Maven - 3.1.1
Jenkins WAR is deployed in server A and sonarqube is deployed in server B. I have not installed sonar-jenkins plugin in Jenkins.
Can anyone let me know whether sonar-jenkins plugin is mandatory to be installed in jenkins to integrate jenkins with any sonar server (eg:sonarqube).
If the answer is YES, then after installation of the required plugin, will adding the sonar server (eg:sonarqube) information under Manage Jenkins -> Configure system -> sonar resolve the above error ?
The error is related to sonar-maven-plugin and this plugin is not used in any of the project's pom.xml. Can anyone please explain whether this plugin gets referred as a part of sonar:sonar goal. Thanks.
The versions you specified are not compatible for running sonar analysis.
Please upgrade SonarQube version (current is 5.1.1) which requires
Java 1.7-1.8
SonarQube 5.0 or 5.1.1
Sonar-runner 2.4
Using latest version of sonarqube resolved the issue mentioned.

Unable to get sonar-fortify plugin configured with Jenkins and SonarQube

I have scoured the forums and cannot seem to quite understand the config for the fortify plug-in with Sonar.
I understand it simply builds a widget based on data from a previously generated .fpr file.
My setup:
Maven 3 project
Jenkins 1.606
SonarQube 5.0.1
Sonar-Fortify plug-in 2.0
Prerequisites:
.fpr file is in Jenkins workspace
Sonar is added to pom.xml
sonar-fortify-plug-in v2.0 added to pom.xml - (wasn’t sure this was needed or not)
Sonar server configured in Jenkins
sonar fortify plug-in v2.0 added to Sonar – (only see a dropdown to ‘enableReportLink’ under ‘Configure widgets’
should there be more config somewhere?
Questions:
Where should this property be set? Jenkins Sonar config, Sonar, pom file?
sonar-runner -Dsonar.fortify.reportPath=/path/to/project.fpr
Is that path to the .fpr file where it is within the Jenkins workspace?
The setup instructions on Github seem short and I feel I am missing something specific in my understanding.
Any help or direction to additional documentation is great appreciated.
First of all as documented version 2.0 can not be used anymore. Version 2.1 is going to be released soon. Vote for release will be started this week. Meanwhile you can:
download 2.1-SNAPSHOT version and copy it in extensions/plugins of your SonarQube server installation
restart server. The Fortify rules should be available in the page "Rules".
execute Fortify command "sourceanalyzer", independently from SonarQube. It generates a report file suffixed by .fpr.
execute a standard SonarQube analysis of your project by adding the property sonar.fortify.reportPath, for example:
mvn sonar:sonar -Dsonar.fortify.reportPath=/path/to/project.fpr
sonar-runner -Dsonar.fortify.reportPath=/path/to/project.fpr
If everything works, then you can automate these steps in Jenkins.

Sonar not picking up clover test results created by running maven in jenkins

I've been working on this all day and haven't been able to find a solution, so thought i'd turn to the stackoverflow community.
I have a server setup with Jenkins (version 1.454). It's configured to perform the build with Maven (version 3.0.4). The build command is as follows:
clean clover2:setup verify clover2:aggregate clover2:clover
Jenkins has the sonar plugin installed and configured. My sonar install (version 3) is on a different server to jenkins. After the build is completed, i can see the results on sonar (the basics of the build).
I have installed to sonar the clover plugin (sonar-clover-plugin-2.8.jar) manually by putting it into the 'extentions/plugins' folder. It appeared in sonar and I can configure it. I put in the license, version (3.1.4) and sonar.clover.reportPath as "target\site\clover\clover.xml".
When I run the build, it is successful as before, and I can see the basic results as before in Sonar, however, I cannot see any test code coverage results.
When I look at the maven build output I notice the following:
[INFO] Writing report to '/opt/jenkins/jobs/foo/workspace/target/site/clover/clover.xml'
and then near the bottom of the output:
[INFO] [15:08:36.586] Clover XML report not found
The following are also in my pom:
<sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
<sonar.clover.reportPath>target\site\clover\clover.xml</sonar.clover.reportPath>
<sonar.surefire.reportsPath>target\surefire-reports</sonar.surefire.reportsPath>
<sonar.core.codeCoveragePlugin>clover</sonar.core.codeCoveragePlugin>
<sonar.clover.version>${clover.version}</sonar.clover.version>
When I look on the jenkins box, I can see that it has generated the clover.xml file (infact in my fiddling I have the clover plugin working on jenkins, so i can see the results there!).
I'm guessing at this stage that there is some issue with jenkins and sonar being on seperate boxes.
Any help would be appreciated!
Cheers.
After a lot more fiddling around, it appeared that I needed to change the following:
<sonar.clover.reportPath>${project.build.directory}/site/clover/clover.xml</sonar.clover.reportPath>
<sonar.surefire.reportsPath>${project.build.directory}/surefire-reports</sonar.surefire.reportsPath>
A good reference was the following:
all about pom variables

Resources