I have downloaded sonar and set it up
Want to analyze a project - so made changes related to plugin in pom and set up the URL for the sonar install as well as the database properties that sonar is using ( mysql )
My question :
Why do we need to specify the URL in the maven_home\conf\settings.xml ?
<sonar.host.url>http://localhost:9000</sonar.host.url>
Why is this required ?
My understanding is when I run the mvn sonar:sonar from my dos prompt - sonar plugin ( defined in pom . xml ) is analyzing and then inserting the data into the database - using the db information provided in the settings
what is the usage of above URL ?
Thanks,
satish
First of all that is the default URL. If specify nothing at all the Sonar plugin will assume that there is a sonar instance running locally on port 9000.
You are quite correct when sonar completes it's analysis it uploads all results into the database directly using JDBC. The URL parameter is required because the Sonar plugin also uses the Sonar REST API to retrieve information about your project when starting Sonar analysis.
Related
Which versions am I using (SonarQube, Scanner, Plugin, and any relevant extension):
SonarQube 7.9.1 (on a remote server)
Sonar maven plugin 3.7.0.1746 (in my pom.xml file)
Jenkins 2.222.1 (local server)
Maven 3.6.0
What am I trying to achieve:
I want to perform an analysis with a Jenkins Pipeline with my remote server
What have I tried so far to achieve this :
I have succeed to do an analysis with my IDE (intelliJ) and it works with the command :
mvn -B sonar:sonar
After that, the server note the last analysis with the Quality Gate.
Nevertheless, it does not work with my Jenkins Pipeline.
I do not understand why it works with the IDE and not with Jenkins.
I have put in my pom.xml a sonar.login which is a specific user token. This user has the right to execute an analysis on this particular project. In my ~/.m2/settings.xml, I have put the sonar.host.url.
I also tried to set up manually a SonarQube server in Jenkins (in system configuration). I put there the url and my token thanks to a secret text but it does not work to.
I have also generated a Webhook but this is for the qualitygate variable in the pipeline and I don’t think it matters here.
I don’t know what to test now…
Any idea ?
Thanks
It is ok now : I have added on a sonar installer in the settings. In addition I move the sonar.host.url from ~/.m2/settings.xml to my pom.xml file.
I have scoured the forums and cannot seem to quite understand the config for the fortify plug-in with Sonar.
I understand it simply builds a widget based on data from a previously generated .fpr file.
My setup:
Maven 3 project
Jenkins 1.606
SonarQube 5.0.1
Sonar-Fortify plug-in 2.0
Prerequisites:
.fpr file is in Jenkins workspace
Sonar is added to pom.xml
sonar-fortify-plug-in v2.0 added to pom.xml - (wasn’t sure this was needed or not)
Sonar server configured in Jenkins
sonar fortify plug-in v2.0 added to Sonar – (only see a dropdown to ‘enableReportLink’ under ‘Configure widgets’
should there be more config somewhere?
Questions:
Where should this property be set? Jenkins Sonar config, Sonar, pom file?
sonar-runner -Dsonar.fortify.reportPath=/path/to/project.fpr
Is that path to the .fpr file where it is within the Jenkins workspace?
The setup instructions on Github seem short and I feel I am missing something specific in my understanding.
Any help or direction to additional documentation is great appreciated.
First of all as documented version 2.0 can not be used anymore. Version 2.1 is going to be released soon. Vote for release will be started this week. Meanwhile you can:
download 2.1-SNAPSHOT version and copy it in extensions/plugins of your SonarQube server installation
restart server. The Fortify rules should be available in the page "Rules".
execute Fortify command "sourceanalyzer", independently from SonarQube. It generates a report file suffixed by .fpr.
execute a standard SonarQube analysis of your project by adding the property sonar.fortify.reportPath, for example:
mvn sonar:sonar -Dsonar.fortify.reportPath=/path/to/project.fpr
sonar-runner -Dsonar.fortify.reportPath=/path/to/project.fpr
If everything works, then you can automate these steps in Jenkins.
I am trying to setup MAVEN in my company's local network which is not connected to the internet directly. Also I'm using sonatype nexus for my central repository.
Problem starts when I run the command mvn archetype:create. The result is always build failure.
error no plugin found for prefix 'archetype' in the current project.
How do I solve this issue?
Maven is trying to look up the full plugin artifact ID that corresponds the "archetype" prefix.
To do this it reads the available prefixes from this path: /org/apache/maven/plugins/maven-metadata.xml
Since you're using Nexus this is likely coming from a group repository, e.g.:
http://:8081/nexus/content/groups/public/org/apache/maven/plugins/maven-metadata.xml
You'll need to look carefully at your maven configuration and your build log to see where exactly it is trying to retrieve this information. There will likely be additional information about the failure if you run Maven with the debug ("-X") flag.
If it's trying to retrieve it from your Nexus instance see here for information on how to diagnose the issue:
https://support.sonatype.com/entries/21437881
I am running my analysis with Maven, triggered by a Jenkins job. As a DBMS i am using MySQL thats running on the same server as Jenkins does but my sonar instance is running on my local machine (connected to the MySQL DB). I don't want to run it on the server, yet. I would prefer to not run it at all for the time being.
Is it possible to run the analysis without a running sonar instance? Why do I have to configure the server URL (the login too) in both, the Jenkins plugin and the pom.xml?
The described architecture on SonarQube Platform Overview indicates that the analyser and server are not directly connected (only via DB).
When i try to run the analysis from Jenkins with no Server URI the build process is throwing the following message:
[ERROR] Failed to execute goal org.codehaus.mojo:sonar-maven-plugin:2.2:sonar (default-cli) on project xxx: SonarQube server can not be reached at http://localhost:9000. Please check the parameter 'sonar.host.url'. Connection refused -> [Help 1]
Thats exactly what i expected, he is trying to connect to the SonarQube instance that i did not want to run.
You don't have to configure the URL to Sonar in the POM if you are using the Sonar plugin to push results to Sonar.
Sonar 'instance' you are referring to is for you to visually see the post code analysis result. If you don't have the Sonar UI web application installed, code analysis is still run by Maven either through Jenkins or your IDE or in the command prompt/shell.
I am running maven with sonar. Since I activated authentication on sonar for security purposes, since then I got the following error:
[ERROR] Can´t access to Sonar or project doesn't exist on Sonar instance. HTTP KO to http://localhost:9000/api/resources?resource=com.myproject.soft:soft&depth=0&format=xml
java.io.IOException: Can´t access to Sonar or project doesn't exist on Sonar instance.
at org.sonar.report.pdf.util.SonarAccess.getUrlAsDocument(SonarAccess.java:132)
at org.sonar.report.pdf.entity.Project.initializeProject(Project.java:98)
according to http://docs.sonarqube.org/display/SONAR/Analyzing+with+Maven I should use the following parameters:
-Dsonar.login=login -Dsonar.password=password
Those settings are not working for me.
The full command I am using is:
mvn install sonar:sonar -Dsonar.login=login -Dsonar.password=password
This is a limitation of the PDF Report Plugin that is developed by Klicap:
http://jira.codehaus.org/browse/SONARPLUGINS-1510
If you remove this plugin, then everything should be back to normal.
We have the same problem and resolved it by adding some credentials. Tested on Sonar 3.7 and Sonar PDF Plugin 1.3
In eclipse put this as your maven Goals:
org.codehaus.sonar-plugins.pdf-report:maven-pdfreport-plugin:1.3:generate -Dsonar.host.url=http://localhost:9000 -Dreport.type=executive -Dsonar.pdf.username=admin -Dsonar.pdf.password=admin