I want to add sonarlint plugin to my project. When I build with maven, the plugin should be automatically enabled without my intervention. Is there a way I could do it?
SonarLint is a local plugin that can be embedded in your IDE.
In the plugin setting you can put the "Automatically trigger analysis" in order to have feedback while writing.
In order to perform continuous integration you should use SonarQube, it is possible to integrate it with Jenkins or Codemagic and also with Maven.
It is possible to add SonarQube to your pull requests as well. You can see the doc here
You can find more information about the difference between SonarLint and SonarQube here
Related
I'm working on automating SVN Tag generation through JAVA and need some suggestions to start of with. This is how we do it manually - Check out a maven project/plugin from SVN repo and run a set of maven commands (mvn clean test, mvn release:prepare) to generate SVN tags, mvn release:prepare is the final command that would run unit tests, generate the tag and commit it to SVN and I'm working on automating this process.
I had a look at svnkit api which I can make use of to check out a project to the local file system and find a way to run the set of maven commands to generate tag URL, is there a maven JAVA plugin through which I can trigger maven commands? Or is there a much better way to do this other than JAVA?
I did my research on svn kit but could not find any relevant info to automate the maven process, probably I'm missing out on something.
It seems that you are looking for continuous integration.
I would recommend you to evaluate the use of Jenkins, which can be configured to periodically poll changes from SVN and launch a Maven build. Then, if the build succeeded and you decide to release it, you can perform a Maven release from Jenkins, which would take care of invoking the corresponding Maven goals. You can also configure a post-commit hook in SVN in order to launch a build after each commit.
To scan the dependencies of my project for known security vulnerabilities, I'm running the org.owasp:dependency-check-maven Maven plugin as part of a Jenkins pipeline build.
The plugin happily creates the report as XML in ${project.build.directory}/security-reports, and now I'd like to have it show up in the Test Results section of my pipeline build. Ideally, it would look like in these screenshots, but plain old xUnit output would probably be fine as well.
Unfortunately, I can't get it to work. I installed the OWASP Dependency-Check Jenkins plugin, which sounds just right according to its documentation. But it seems I cannot figure out how to configure it properly.
I also tried archiving the XML file like regular Junit results from my Jenkinsfile, using junit '**/target/security-reports/*.xml'. But the Junit step doesn't seem to recognise it and complains about not finding any reports.
Can anyone help?
To make Jenkins collect and display results of OWASP Dependency-check you need to have OWASP Dependency-Check plugin installed and to add Post-build Action step "Publish OWASP Dependency-Check analysis results".
You should provide the path to your XML file in settings for this step, by default **/dependency-check-report.xml is used.
I have a ivy project setup in jenkins, on which I like to run sonarqube analysis.
Unfortunately it is not possible (it seems) to add the sonarqube analysis on the project itself, but I need to create a mirror project (free-style) with sonarqube scanner as only build step.
I also need to set then the basedir not to the mirror project, but to the original one.
All this is a bit unfortunate and I was wondering whether there is another option to run a sonar analysis on an ivy project in jenkins ?
I have Jenkins 2.7.4, Sonarqube plugin 2.4.4
I could achieve my goal with using the PostBuildAction plugin.
This allowed to add the sonarqube-scanner job to be added at the end of the run.
I am trying to integrate sonarqube with eclipse to analyse simple java project.
But it is not happing. When we right click on simple java project and hit Configure-> Associate SonarQube, the window appear where field appear like Project and SonarQube project.
Project field is autopopulated with the java project you right clicked and What we need to enter in SonarQube project is not clear to me. Also no tab is appearing where we can do something like SonarQube -> Analyse.
(I have added sonaqqube plugin in eclipse and also set sonarqube server path to localhost:9000)
Please suggest.
The SonarQube Eclipse plugin lets you associate (and locally analyze) projects that have already been analyzed by other means (maven target, ant task, SonarQube runner). It is not meant as a way to launch persisted (shared) analyses.
So if you want to use the SonarQube Eclipse integration, please do a first analysis of your project, then try to associate it from Eclipse. This will allow you to synchronize the issues and perform local (preview) analyses.
[EDIT]
On recent (4.x) versions of SonarQube, you also have the option to provision your project on the server. This will allow you to associate your Eclipse project and perform preview analyses.
I'm looking for some best practices to rollout/setup a complete project setup with Eclipse to my dev team.
It's a maven based project that will work without Eclipse. But we want to distribute a preconfigure Eclipse version that have all plugins installed, we want to have a local update site to rollout update of this setup and so on.
Is there any good way to achieve this kind of setup? I know that i can provide a update site which contain some plugins, but can i define a set of plugins?
Is it possible that Eclipse pmd, Checkstyle, Findbugs and the code formatter use the settings from Maven?
Here are the two most important questions for me:
How to define a plugin set for an Eclipse installation, so that all developers have the same set of plugins installed.
Any way to use the configurations from pmd, Findbugs, Checkstyle and code formatter from Maven to be used inside eclipse
I had similar issues some time ago. Setting up eclipse with a bunch of plugins is really annoying. proko mentioned a plugin I didn't know, so I compared it to the solution I am using right now.
After 15 minutes of installing, trying it out and reading the doc, I gave up because it seems too heavyweighted for my needs.
The solution I am using myself is yatta Profiles: http://profiles.yatta.de
Especially your first requirement can be tackled with it. You can install all the plugins your team needs, click on a button to upload the configuration, and send the link to your team. Your colleagues just have to download your profile. All plugins will be installed automatically.
Here’s a link to an Eclipse profile with the plugins you mentioned (pmd, checkstyle, findbugs, maven): https://marketplace.yatta.de/profiles/a7Ig
Beside of your Eclipse installation via update site, here a possible plugin to manage configurations (question 2):
To distribute any settings of 'window-preference' to your whole dev team I can recomment 'workspace mechanics'.
You can record your settings and then provide them via your dev server.
If you distribute a shared Eclipse it's also easy to provide the proper workspace mechanics URL for any Eclipse installation (see Enterprise Configuration of Workspace mechanic).
Changes to the settings are checked on startup and the developers are always up to date.
Further information can be found on the official project page: https://code.google.com/a/eclipselabs.org/p/workspacemechanic/
This is part of a Development-Handbook in your Team!
All important plugins contains support for external configuration, also checkstyle, code-formatter and findbugs.
Distribute those configurations in a single website.
code-formatter: Open window->preferernces Java>Code-style>formatter -> Import and specify the configuration from a website you created (its a file dialog but you can specify uri's also).
Checkstyle: Open window->preferernces>Checkstyle and press New ... then choose External Configuration File
Findbugs: similar to Checkstyle.
There is no other way. We use a wiki to distribute the Development-Handbook and the Configuration.