Import project into Sonar - sonarqube

Is there anyway to migrate individual projects and merge them into an existing instance of Sonar?
Background:
I've setup a new instance of Sonar by performing a normal backup and restore. Another team, also using Sonar, want to migrate their projects over to this new server as well. I'm now faced with a data merging problem.

This is currently not possible. The best way to achieve this is to replay the project history by running Sonar analyses with the "-Dsonar.projectDate=xxxx-xx-xx" property.
For more information, take a look a the "sonar.projectDate" description on the "Analysis Parameters" documentation page.

Related

Automatically associate new Sonar project with custom quality profile and quality gate

Our use case for Sonar creates new Sonar projects for each branch of our repository. How do we automatically associate the new branch project with a (non-default) Quality Profile and Quality Gate?
We're running this in a Maven project if that's relevant.
We had the same issue, within our company, and the only solution was to use the deprecated attribute sonar.profile (https://docs.sonarqube.org/display/SONAR/Analysis+Parameters).
Sidenote:
Generally there is also a interesting view on how to analyze branches. The general recommendation from sonarSource suggests to only use preview modes for short living branches. As a fact bitbucket-plugins with a richer featureset than just commenting issues, sadly need branch based analysis.
https://jira.sonarsource.com/browse/SONAR-5370 - the property will be removed in 4.5.1 based on the sonar task
Use the api/projects/create web service to provision your projects. You can then call api/qualityprofiles/add_project to assign your new project to the proper profiles. (You'll need to have first looked up the profile id's tho with api/qualityprofiles/search.)

Running updated quality profile against existing projects in sonar qube

I currently have a SonarQube instance setup with multiple projects. Currently I get multiple requests every few weeks to update the quality profile to include a new rule or to remove an old one. This is usually followed by me having to recreate the projects and then sequentially running analysis again so that I can have the differential view again starting from a baseline code. This is becoming a pain as the number of projects grow. Is there any alternative to this? For instance is there any way to tell Sonar to pick up the new rules from the quality profile and run the existing analysis again against these rules.
If I don't do that I get a spike in issues as new rules get added and a new analysis is run as the existing analysis wasn't run against those rules and doesn't have an accurate issue number.
Thanks for the help!
Once you have linked a profile to a project, you can change the rule set and it will be used during the next analysis. As you add or remove rules, spikes are normal. Propably what you want to ensure is that for example no new rules are introduced as you want to ensure the quality is not going down, but is always improved. You can do it using quality gates and build breaker plugin. Hopefully I could help.
I am not sure to understand very well what you want to do, if this is running again a new (changed) profile to all previous versions of a project, or to apply different profiles on different versions of a project.
Maybe this could help you ?
SonarQube - analyzing branches of the same project
How to configure Maven to run a SonarQube project analysis with two different quality profiles?

Using sonar in pretty big team

We have something about 20 people in our team and we are using sonar for now to analyse new code before submiting it to the main stream. So each designer uses it's own Sonar installed on his machine.
What I'm trying to do is to create a one instance of the Sonar which each designer will be able to use. The only concern I have is what will happen if:
One designer will launch analysis on one revision of file and right after that the second designer will launch analysis on another revision of this file (in the worst case we can have a bunch of such a files). First designer won't be able to see his violations and won't be able to see code he wrote at all. Do we have some mechanism to overcome this?
What will happen if two designers will analyse the same project at the same time? AFAIK, Sonar won't allow them to do so. Any workaround for this?
Of course, we can, somaehow, create a project on the sonar side for each team member, but this has it's drawbacks, such as issues, marked as false positive in one proect won't appear as such an issues in another project and so on.
Any ideas on such an issues?
What you probably want to set up is:
a central Sonar instance that analyses the code base on a regular basis (for instance every day) based on the code located in the repository. This instance should be the reference and the project manager(s) will use it to monitor the project.
ask the developers to run local analyses before commiting their code:
either using Sonar Eclipse if you're coding in Java, C++ or Python. Everything is perfectly described in the documentation, more precisely the "Checking code prior to commit" section
or using the Issues Report plugin if your language is not supported yet in Sonar Eclipse.

Eclipse sonar plugin vs findbugs+pmd+checkstyle eclipe plugins

We are trying to install a CI Platform with (Jenkins,sonar,eclipse ...).
So that every developer can make analysis on his code before commit, I'm wondering between two alternatives :
running local analysis with the sonar plugin.
install the different plugins that sonar use (findbug,pmd,checkstyle ...) and configure them to meet the sonar configuration.
I'm not sure which alternative to use? I used to work with findbugs,pmd, checkstyle in eclipse and they look great.
Can you tell me which is the best alternative?
Thanks in advance.
Regards.
With Sonar plugin you can manage the violations like:
Create a review
Mark a violations as false positive or fixed
View the hot classes and hot violations
View yours reviews
If you use separate plugins you have to go sonar web to do that.
The great advance of sonar is the reviews.
Other question is how many projects you have and will have. I currently work with more than 70 projects and many profiles. Is more simple to me run analysis with one plugin, because I need just add the server and find the project. With other plugin you need add the link for each project in each plugin configuration.
Why not install the Sonar Eclipse plugin?
This was designed to solve the following problems:
Sonar does not support parallel analysis of the same project. This issue rules out the option of each developer running Sonar locally. (See SONAR-2761, SONAR-3306)
You don't really want developers uploading metrics and source code into the Sonar database. They could be working on an uncommitted workspace and would therefore cause both inaccuracies and confusion if Sonar is being used for code review.
Sonar is really designed to be run from a continuous integration server (like Jenkins), building code that has been submitted onto a shared codestream (or branch)
The big advantages of using the Eclipse plugin are:
True local analysis, no updates of the Sonar database
Configuration of the other tools is retrieved from the Sonar server and jars automatically downloaded.
Centralized management of Sonar quality profiles

User specific sonar reports for same project

I have configured one project in sonar and integrated sonar with maven for build time analysis of the project.
After analysis, report is generated and uploaded to Sonar for browsing. But once another user compiles the same project their report overwrites mine.
Basically I want that one user's report on one project is not overwritten by report from other user. A user must be able to see their current violations independently. Is it possible in Sonar?
Sonar stores it's analysis on a daily basis, which explains why it's kind of pointless to run analysis several times in a day. Each analysis run will overwrite that day's existing results, which in turn spoils ongoing statistical analysis.
I would suggest running Sonar, from a dedicated build server like Jenkins (which has a Sonar plug-in). This daily analysis will populate the Sonar database and keep the project dashboard current. This architecture also enables you to keep the database credentials confidential.
Obviously developers would like to see the results of their bug fixing. For that I'd recommend running the Sonar Eclipse plug-in. The latest version will run the same Sonar analysis locally. Recent versions of Sonar also enable you to assign violations to developers for resolution.
This is not possible, last performed analysis will always be the one you browse in the interface. However, I guess what you need is the Issue Report Plugin which will enable analysis to store results locally, with the dry-run option.
This way your developers will be able to run an analysis on their code and see the violation delta without pushing the results.
You can do it by explicitly setting the below properties in pom.xml
<properties>
<sonar.projectKey>Test</sonar.projectKey>
<sonar.projectName>Test</sonar.projectName>
</properties>
Every user should set different projectKey and projectName, if you want that one user's report on one project is not overwritten by report from other user.

Resources