I would like to know whether sonar analyze the below javascript,jquery,knockout.js,languages? if yes is it licensed or free. Can you please share me the link to download this plugin so that we can integrate to analyze this project. We are using sonarqube 5.0.1 version. We are fine for latest sonarqube 6.2 version, But need to know whether it supports?
You can check the link below for a list of Plugins available for Sonar
https://docs.sonarqube.org/display/PLUG/Plugin+Library
Related
I'm using SonarQube 6.3.1 with default profile Sonar way. I have the newest SonarJava plugin installed (4.8.0.9441).
I can see that the rule SQL binding mechanisms should be used is activated.
I have installed SonarLint 2.9.0 plugin for Intellij and connected to running SonarQube server.
After copying example violation from Sonar page I can see in my IDE that plugin works fine. Everything seemed perfect up to this moment.
Unfortunately, analysis on SonarQube server doesn't find this vulnerability. The same goes for another owasp-a6 rule Cookies should be secure (also found by Sonarlint). But on the other hand, some owasp rules work (i.e. Console logging should not be used).
Is this a known Sonar issue that some rules are omitted? Exclusions are not a problem, I'm pretty sure that those files are being analyzed because some other issues have been found.
What is the difference between the Sonarqube java plugin repository under rules>repository> Sonarqube Java rules and the default profile Sonar way under quality profiles. The first one has 322 rules, while the second one has 229. What is missing from the Sonar way profile? I am using Sonarqube 5.2 server.
First, the version of your Java Plugin is more relevant than the version of your SonarQube server. The server ships with a copy of the Java plugin, but the two are versioned independently, and it can never be assumed that you're running the version of the plugin that ships with the server.
To answer your question, the Sonar Way profiles are designed to be absolutely non-controversial out of the box. So rules about what line '{' should be on, for instance, aren't included. There are also rules that are desirable only in certain coding situations. For instance, not everyone is going to be interested in the proper use of Struts, so those get left off too.
We have Eclipse Java EE IDE for Web Developers.
Version: Luna Release (4.4.0)
Build id: 20140612-0600
I have installed SonarQube Plugin in my eclipse and have configured the SonarQube Server. Tested the Server connection in Eclipse.
Windows>Preferences>Sonar>Servers. Connection is successful.
I am able to associate my project to Sonar in eclipse and get the report locally.
After fixing the violated issues , Is there a way we can publish the new report from our Local to the SonarQbe server dashboard.?
First, you appear to be using an old version of the plugin; the most recent version of SonarLint for Eclipse has not yet re-established the connected experience (although that's coming soon). You may be interested in upgrading because SonarLint checks your code as you work; there's no longer a need to trigger the analysis. This way, issues are brought to your attention immediately instead of your having to remember to look for them.
Now to your question: there is not a way to push your updated results from Eclipse directly into the SonarQube platform; you'll need to perform a full analysis. Keep in mind that in-IDE analysis runs most but not all rules. I.e. you're not going to get issues in Eclipse from the rule about too-low coverage thresholds, for instance. Ditto duplicatons. Those are only run as part of the full analysis.
I'm currently coding a plugin for sonar ( custom rules ) . Which JDK and API should I use in order to be compatible for teh majority of sonar instances ? JDK6 ?
Thanks for your response
From the Sonar website
Prerequisite
The only prerequisite for running Sonar is to have Java (Oracle JRE 6
onwards) installed on your machine.
Check more details here
You can use Java 6 onwards It is also mentioned in the SONAR web site.
As said above you can use Java6. Indeed you must use Java6.
When a sonar analysis is launched, the launcher of the analysis (sonar runner or maven) will use your sonar instance as a plugin repository. This means that each jar plugins will be downloaded on the machine performing the analysis. Then each plugin will be asked if it should be executed or not.
Hence, if a plugin is built using Java7, you need to run sonar using Java7 and you also need to run any analysis with Java7, even if this plugin is disabled.
Which one is better and in what way because I do use FindBugs, PMD reports and CheckStyles plugins along with code coverage plugin. If anyone could guide me please let me know.
The latest version is almost always the better one. But you can try yourself. You can have as many different eclipse versions installed as you like. So grab a 3.6, add your plugins and enjoy the advantages.
Your plugins should run in 3.6 and if you encounter problems, I'm pretty sure there are updated versions available already.
Eclipse 3.5 - New and Noteworthy
Eclipse 3.6 - New and Noteworthy
3.6 is better because the number is looking nicer
If you already use Eclipse 3.4 and have a functional working environment and is pleased with it, then stay with that since a lot of small things change from release to release.
There is a lot of new facilities which may be interesting to you, but not necessarily anything warranting an upgrade. You can have a 3.6 installation next to a 3.4 installation without any problems so you can try it out, while being productive in 3.4.