I’d like to ask for help. I installed the plugin and successfully added the SonarQube server. I upgraded to version 4.1.2. I use IntelliJ IDEA 13.0.2.
I also successfully associated the project and inspection warnings appeared. But when I fix the issue the status is not updated.
How to synchronize ?
I also run inspection by name ‘SonarQube issues’.
Nevertheless after running the inspection the warnings are also there, where the code was fixed. It seems to me the synchronization somehow fails.
Any idea, what todo, please?
What I had done in my situation.
Installed SonarQube 4.4.
Installed IntelliJ 13.1.4b (the same history was with 13.0.4).
Configured SonarQube intelliJ plugin (not community provided one but plugin from SonarSource). All instructions are under the link on Wiki.
Attached to Sonar project. Every step just as SonarSource recommends.
This gave me mapping from Sonar onto source code. But it does not update when I simply fix the issue. But if I fix issues I then re-post project onto Sonar through mvn sonar:sonar and this gives me updated picture next time I run inspection through sonarqube plugin.
But this is not 100% what is wanted. But definitely better than nothing. Also I have imported Sonar rules through QAPlug - this is far less useful. But notable faster.
Overall this configuration allows me to make what is needed but I'd like to receive real incremental processing without publishing local changes onto Sonar server.
Give a try to the SonarQube IntelliJ Community Plugin, it is made for fixing issues detected by jenkins on the local dev machine. Different then the official plugin you will need to do more configuration by yourself, but it gives you also the freedom to specify your local analysis script like you need.
What you need to do:
configure the plugin
setup sonar server
setup local analysis script
Afterwards you can run SonarQube (new issues) inspection, this will run the script and show the results in the Intellij. If you are fixing issues, you can just rerun the inspection from inside the inspections results tool window. This will rerun the script and show new results.
see also: https://github.com/sonar-intellij-plugin/sonar-intellij-plugin
Related
We are using SonarQube Developer Edition Version 8.2 (build 32929) for our Java project and passing metric for duplication, test coverage is set at x%. Now for a git pull request actual metric is below this set limit, the jenkins build goes fine. But after merging into master, it is checking for the same metric against the entire code and build apparently fails.
I am looking for a way to check my code in the pull request itself against the entire master branch for possible duplications, coverage, etc. way in advance and not wait for a surprise until my build fails after merging.
Any ideas are appreciated. Thank you.
You can add sonarlint plugin in your IDE and verify it before committing your changes in local. It would help to fix bugs before commit.
I agree whit the last answer.
If you have a big project, you can verify all modified files by sonarlint plugin.
I have a class annotated with Lombok's #Data, in a gradle project, using the Sonarqube and Jacoco plugins.
The source code is available here on github
I have a locally running sonarqube server running as a docker container, started like this:
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube
I have added a "lombok.config" file, asking it to add #Lombok.Generated annotations to its generated code, as per the Global Config keys section here in the docs.
lombok.addLombokGeneratedAnnotation = true
And I have the following Sonar condition configuration.
When I run the sonarqube target for the very first time, it reports that the project passes.
If I then switch the lombok.addLombokGeneratedAnnotation to be false, and rerun the sonarqube target, it reports that there is a failure:
If I then switch the lombok.addLombokGeneratedAnnotation back to true, and rerun again, sonarqube reports that the project is still failed. And I can't get the project to pass again.
I then changed the group name in the build.gradle file, to force the sonarqube gradle plugin to create a new project within the Sonarqube server. When I do this, the project passes again.
I've never changed any of the source code during this process.
Please does anyone have an idea why Sonarqube is behaving this way?
I've never changed any of the source code during this process.
Oh, but you have. Or rather, Lombok has by inserting (or not) annotations in your code.
You're using a Quality Gate that looks only at "New Code". On your first analysis, no code is new, so none of it is up for consideration. Then you twiddle your Lombok settings, regenerate and reanalyze. Lombok apparently makes some changes in your code. I've never used Lombok so I can't expand on exactly what's happening here, but you can click through on the New Coverage-related metrics on the project homepage to get to a list of files. Drill into a file to see what's being considered "new" in it (yellow highlight). Look to the marginal markings (red, green, yellow striped) to see what's considered covered.
N.B. Your quality gate currently demands 99% coverage on conditions in new code. This is unrealistic and past the point of diminishing returns. You should reconsider this value. IMO 85-95% is more realistic depending on your team.
For future reference, we found that the problem was solved by updating the SonarJava plugin to the newest 5.1.1 release.
I think this ticket in release 5.1, to upgrade to Jacoco 0.8.0 may be the thing that started to honour the #Lombok.Generated annotation.
I have installed the latest sonarLint plugins with Intellij 2016.1.2.
Analyze on the fly works fine. However, I can't find in the IntelliJ "Analyze" tab any "Analyze with SonarLint". In the SonarLint window>issues tab, I can only see scope "current file" or "opened files". I don't see any Project scope.
So my question is how to trigger the analysis on my whole project ?
Since SonarLint v2.8, it's possible to analyze all files in the project.
Open the SonarLint Tool Window, go to the Project files tab, and click in the "play" button.
There is also an action to which you can assign a shortcut.
More information here: https://www.sonarlint.org/intellij/howto.html
The easiest two ways to do project analyze:
Choose Analyze | Analyze with SonarLint
Press Ctrl + Shift + S
As #Duarte - SonarSource Team suggests Sonar-Lint has a different purpose. It is intended to use to analyze for code changes in current file(s). i.e. it cannot perform analysis which needs to compare 2 files. (ex: finding duplicates, coverage etc.)
For your purpose that best way to achieve is running SonarQube with preview mode.
Update:
As per this, the preview mode has been deprocated in v 6.6 and will be dropped in future.
they stated many times that their intent is to support only new issue being introduced running an on-fly analysis on files being changed.
If you wanna run a full analysis you should use the SonarQubeCommunity plugin or visit your remote Sonar Server.
If you wanna gather only coverage information within your IDE, use the Jacoco plugin.
However there is an open feature request to browse those issues directly in the SonarLint plugin: https://jira.sonarsource.com/browse/SLE-54
Yes, that screenshot is confusing, but that feature was previously available.
Since version 2.8 analysis of all files in the project is possible.
I have implemented Sonar Java Plug-in(Maven) following the example here : https://github.com/SonarSource/sonar-examples/tree/master/plugins/java-custom-rules. Copied the generated sonar-plugin in /extensions/plugins directory. Restarted the SonarQube server and ran the analysis using the mvn sonar:sonar.
I can see the new Rules being added in Rules tab but no issues are being logged and also the status of Rule is active. Looks like the Rules are not considered at the time of analysis. Is there anything i am missing?
You have to enable your new rules on a quality profile.
Actually in our project, we are planning to start developing code (with SONAR to analyze from beginning only) , So we are making use of sonar plugin in eclipse. We know how to analyze code by configuring project to SONARQUEBE and making use of maven build tool as well as using sonarrunner. Instead of building maven for every code changes and analysing , is there any way that prompts (as well as show error lines ) sonar to immediately analyze just after saving the java file ?
Help will be appreciated..... Thanks in advance
There is currently no way to tie an sonar analysis to a save action.
However, you do not need to run the maven based analysis. Assuming you use a recent version of SonarQube and SonarQube ide (4+ and 3.3), you can simply run the analysis using the shortcut (ALT-Ctrl-Q, by default).
Using incremental mode with SonarQube 4+, this is actually really fast, because it analyzes only the changed files as compared to the last successful SonarQube run.
Of course, you need make sure that your buildserver regularily runs your full SonarQube builds as well.