ANT Task: SonarQube Scanner Code Coverage report using JaCoCo - ant

I'm using the below property to generate JaCoCo XML report
<property name="sonar.coverage.jacoco.xmlReportPaths" value="${basedir}/sonar-task/reports/jacoco.xml" />
When I invoke this ANT Task from Jenkins, I'm seeing the below exception in Jenkins logs and so I don't see the Code Coverage value in SonarQube
15:09:49 [sonar:sonar] Apache Ant(TM) version 1.10.7 compiled on September 1 2019
15:09:49 [sonar:sonar] SonarQube Ant Task version: 2.6.0.1426
.
.
.
15:14:55 [sonar:sonar] Sensor JavaSquidSensor [java] (done) | time=262215ms
15:14:55 [sonar:sonar] Sensor JaCoCo XML Report Importer [jacoco]
15:14:55 [sonar:sonar] Coverage report 'C:\Softwares\Jenkins\workspace\MYA_DevOps_PIPELINE\.\sonar-task\reports\jacoco.xml' could not be read/imported. Error: {}
15:14:55 [sonar:sonar] java.lang.IllegalStateException: Failed to parse JaCoCo XML report: C:\Softwares\Jenkins\workspace\MYA_DevOps_PIPELINE\.\sonar-task\reports\jacoco.xml
15:14:55 [sonar:sonar] at org.sonar.plugins.jacoco.XmlReportParser.parse(XmlReportParser.java:96)
I can see the HTML reports and I can see the jacoco.xml file is getting generated as well. But the content inside this file is not XML.

Just add the below line while you generate an XML JaCoCo report
<xml destfile="${sonar.coverage.jacoco.xmlReportPaths}"/>

Related

"Exception caught while parsing Xanitizer XML report file" : ParserConfigurationException occurs while running SonarQube Scanner for Ant Task

I'm trying to setup SonarQube with Xanitizer on my local machine so that the findings of the last generated Security Findings XML, get picked up by the SonarQube Plugin for Xanitizer so that it can display the results on the SonarQube server.
The analysis of the files and the generation of the report is done manually from within the Xanitizer software. The XML file is generated under the parent unzipped directory of Xanitizer, and not inside the SonarQube or the Sonar Scanner directories.
The Xanitizer plug-in is configured with SonarQube and I can see the Xanitizer rules getting added on the Sonar server. However, while running the Sonar Scanner Ant Task, it is supposed to read and parse the Security-Findings-List.XML file, but an Exception is thrown during the running of the Ant task with the below stacktrace -
[sonar:sonar] Sensor NoSonar Sensor [php] (done) | time=0ms
[sonar:sonar] Sensor XanitizerSensor [xanitizer]
[sonar:sonar] Reading Xanitizer findings from 'D:\SonarFiles\Xanitizer-3.1.0\KeurigHybrisSecurity-Findings-List.xml' for project 'Hybris Java Project analyzed with the Sonar Ant Task'
[sonar:sonar] Exception caught while parsing Xanitizer XML report file 'D:\SonarFiles\Xanitizer-3.1.0\KeurigHybrisSecurity-Findings-List.xml'.
[sonar:sonar] javax.xml.parsers.ParserConfigurationException: FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present.
[sonar:sonar] at com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl.setFeature(Unknown Source)
[sonar:sonar] at com.rigsit.xanitizer.sqplugin.reportparser.XMLReportParser.parse(XMLReportParser.java:58)
[sonar:sonar] at com.rigsit.xanitizer.sqplugin.XanitizerSensor.analyse(XanitizerSensor.java:120)
[sonar:sonar] at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:57)
[sonar:sonar] at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:49)
[sonar:sonar] at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:78)
[sonar:sonar] at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:175)
[sonar:sonar] at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
[sonar:sonar] at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
[sonar:sonar] at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:262)
[sonar:sonar] at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:257)
[sonar:sonar] at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:247)
[sonar:sonar] at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
[sonar:sonar] at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
[sonar:sonar] at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:47)
[sonar:sonar] at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:86)
[sonar:sonar] at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
[sonar:sonar] at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
[sonar:sonar] at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:118)
[sonar:sonar] at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:117)
[sonar:sonar] at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
[sonar:sonar] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[sonar:sonar] at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
[sonar:sonar] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
[sonar:sonar] at java.lang.reflect.Method.invoke(Unknown Source)
[sonar:sonar] at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
[sonar:sonar] at com.sun.proxy.$Proxy0.execute(Unknown Source)
[sonar:sonar] at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
[sonar:sonar] at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
[sonar:sonar] at org.sonarsource.scanner.ant.SonarQubeTask.launchAnalysis(SonarQubeTask.java:99)
[sonar:sonar] at org.sonarsource.scanner.ant.SonarQubeTask.execute(SonarQubeTask.java:81)
[sonar:sonar] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[sonar:sonar] at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
[sonar:sonar] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
[sonar:sonar] at java.lang.reflect.Method.invoke(Unknown Source)
[sonar:sonar] at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[sonar:sonar] at org.apache.tools.ant.Task.perform(Task.java:348)
[sonar:sonar] at org.apache.tools.ant.Target.execute(Target.java:435)
[sonar:sonar] at org.apache.tools.ant.Target.performTasks(Target.java:456)
[sonar:sonar] at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[sonar:sonar] at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
[sonar:sonar] at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
[sonar:sonar] at org.eclipse.ant.internal.launching.remote.EclipseDefaultExecutor.executeTargets(EclipseDefaultExecutor.java:36)
[sonar:sonar] at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[sonar:sonar] at org.eclipse.ant.internal.launching.remote.InternalAntRunner.run(InternalAntRunner.java:452)
[sonar:sonar] at org.eclipse.ant.internal.launching.remote.InternalAntRunner.main(InternalAntRunner.java:139)
[sonar:sonar] Sensor XanitizerSensor [xanitizer] (done) | time=2ms
[sonar:sonar] Sensor Coverage Report Import [csharp]
As a result the Xanitizer findings do not get reflected on the Sonar Server. I was not able to find any resolution on the internet. How can I resolve this issue?
Versions of softwares used -
sonarqube-6.3.1,
Xanitizer-3.1.0,
sonar-scanner-3.0.1.733-windows
What JDK version are you using? I can not reproduce this exception with Java 8 (all other tool versions are the same).
Nevertheless, it looks like a bug in the plugin, so please file a bug report here https://github.com/RIGS-IT/sonar-xanitizer/issues or send an e-mail with the additional information to support#xanitizer.net
Stackoverflow is not the right platform for this, I think ;)
Regards
Norman (Xanitizer support)

ant sonar - class not found error

I'm seeing the following errors when running ant with sonar. I'm not even using those classes on my code. ANy ideas?
[sonar:sonar] Sensor JavaSquidSensor
[sonar:sonar] Configured Java source version (sonar.java.source): 8
[sonar:sonar] JavaClasspath initialization...
[sonar:sonar] JavaClasspath initialization done: 2603 ms
[sonar:sonar] JavaTestClasspath initialization...
[sonar:sonar] JavaTestClasspath initialization done: 2247 ms
[sonar:sonar] Java Main Files AST scan...
[sonar:sonar] 64 source files to be analyzed
[sonar:sonar] Class not found: javax.annotation.Nullable
[sonar:sonar] Class not found: com.google.errorprone.annotations.CanIgnoreReturnValue
[sonar:sonar] Class not found: com.google.errorprone.annotations.concurrent.LazyInit
[sonar:sonar] Class not found: com.google.j2objc.annotations.RetainedWith
[sonar:sonar] Class not found: javax.annotation.Nullable
[sonar:sonar] Class not found: com.google.errorprone.annotations.CanIgnoreReturnValue
[sonar:sonar] Class not found: com.google.errorprone.annotations.concurrent.LazyInit
[sonar:sonar] Class not found: com.google.j2objc.annotations.RetainedWith
[sonar:sonar] 21/64 files analyzed, current file: xxxx
[sonar:sonar] 63/64 files analyzed, current file: xxxx
[sonar:sonar] Java Main Files AST scan done: 21433 ms
[sonar:sonar] 64/64 source files have been analyzed
[sonar:sonar] Java bytecode scan...
[sonar:sonar] Java bytecode scan done: 464 ms
[sonar:sonar] Java Test Files AST scan...
[sonar:sonar] 7 source files to be analyzed
[sonar:sonar] Java Test Files AST scan done: 1689 ms
[sonar:sonar] 7/7 source files have been analyzed
[sonar:sonar] Package design analysis...
[sonar:sonar] Package design analysis done: 26 ms
[sonar:sonar] Sensor JavaSquidSensor (done) | time=29620ms
[sonar:sonar] Sensor Lines Sensor
[sonar:sonar] Sensor Lines Sensor (done) | time=13ms
[sonar:sonar] Sensor CoberturaSensor
Thank you in advance.
This debug information is likely related to n-th level dependencies. This is info-only and printed as a warning that the analysis might not be as detailed as possible because those binaries weren't available to factor in to it.

SonarQube integration with Jenkins

I am trying to integrate SonarQube runner in my build process. My build steps consists of an ant build and sonar-runner task. I have attached the Screenshots later. I am getting an error stating "
Unable to determine database dialect to use within sonar with dialect
null jdbc url localhost
Build step 'Invoke Standalone SonarQube Analysis' marked build as failure
"-
[MyProject] $ /var/lib/jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/Default-SonarQube-Runner/bin/sonar-runner -X -e -Dsonar.jdbc.url=localhost ******** ******** -Dsonar.host.url=http://qa.MyProject.com:9000 ******** ******** -Dsonar.projectBaseDir=/var/lib/jenkins/workspace/MyProject -Dproject.settings=/var/lib/jenkins/workspace/MyProject/sonar-project.properties
SonarQube Runner 2.4
Java 1.7.0_95 Oracle Corporation (64-bit)
Linux 3.13.0-48-generic amd64
INFO: Error stacktraces are turned on.
INFO: Runner configuration file: /var/lib/jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/Default-SonarQube-Runner/conf/sonar-runner.properties
INFO: Project configuration file: /var/lib/jenkins/workspace/MyProject/sonar-project.properties
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Work directory: /var/lib/jenkins/workspace/MyProject/.sonar
INFO: SonarQube Server 5.1
07:06:34.641 INFO - Load global repositories
07:06:34.651 DEBUG - Download: http://qa.MyProject.com:9000/batch/global (no proxy)
07:06:34.744 INFO - Load global repositories (done) | time=105ms
07:06:34.745 INFO - Server id: 20160304110723
07:06:34.747 INFO - User cache: /var/lib/jenkins/.sonar/cache
07:06:34.755 INFO - Install plugins
07:06:34.755 DEBUG - Download index of plugins
07:06:34.755 DEBUG - Download: http://qa.MyProject.com:9000/deploy/plugins/index.txt (no proxy)
07:06:34.841 DEBUG - Loaded 2196 properties from l10n bundles
07:06:34.842 INFO - Install JDBC driver
07:06:34.842 DEBUG - Download index of jdbc-driver
07:06:34.842 DEBUG - Download: http://qa.MyProject.com:9000/deploy/jdbc-driver.txt (no proxy)
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
Total time: 0.681s
Final Memory: 3M/59M
INFO: ------------------------------------------------------------------------
ERROR: Error during Sonar runner execution
org.sonar.runner.impl.RunnerException: Unable to execute Sonar
at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher.java:91)
at org.sonar.runner.impl.BatchLauncher$1.run(BatchLauncher.java:75)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonar.runner.impl.BatchLauncher.doExecute(BatchLauncher.java:69)
at org.sonar.runner.impl.BatchLauncher.execute(BatchLauncher.java:50)
at org.sonar.runner.api.EmbeddedRunner.doExecute(EmbeddedRunner.java:102)
at org.sonar.runner.api.Runner.execute(Runner.java:100)
at org.sonar.runner.Main.executeTask(Main.java:70)
at org.sonar.runner.Main.execute(Main.java:59)
at org.sonar.runner.Main.main(Main.java:53)
Caused by: Unable to determine database dialect to use within sonar with dialect null jdbc url localhost
Build step 'Invoke Standalone SonarQube Analysis' marked build as failure
Finished: FAILURE
Inside my Jenkins->Manage Jenkins->Configure System , I have configured the sonar qube section as shown in the screenshot below-
Here is the screenshot of my build config-
I am not getting the clue on how to debug ? Any suggestion ?
Here are the version details-
SonarQube Runner 2.4
Sonar Version 5.1
Can you double check if you are specifying the correct JDBC URL. In the screenshot attached, SonarQube is configured with datasource URL as 'localhost'.
The stacktrace again says you do not have a database dialect specified. This can be specified in the sonar properties file.
I realised, what was wrong here. I had added incorrect database dialect in my jenkins configuration (Jenkins->Manage Jenkins->Configure System). See the screenshot. Earlier i had used
localhost
instead of
jdbc:mysql://localhost:3306/sonar?autoReconnect=true&useUnicode=true&characterEncoding=utf8

Code coverage for Manual Regression using sonar and jacoco

I am trying to generate code coverage for webapp for manual testing using jacoco and sonar.
I am able to generate jacoco.exec file by modifying the catalina.bat in following way:
SET JACOCO=-javaagent:\jacoco-0.7.5.201505241946\lib\jacocoagent.jar=destfile=C:\jacoco.exec,append=true,includes=*
set JAVA_OPTS=%JAVA_OPTS% %JACOCO%
I then copy the jacoco.exec file to a target folder inside sonarcube and run ant sonar. The build.xml has following entries:
<!-- The following properties are required to use JaCoCo: -->
<property name="sonar.dynamicAnalysis" value="reuseReports" />
<property name="sonar.java.coveragePlugin" value="jacoco" />
<property name="sonar.jacoco.reportPath" value="target/jacoco.exec" />
<!-- Define the SonarQube target -->
<target name="sonar">
<taskdef uri="antlib:org.sonar.ant" resource="org/sonar/ant/antlib.xml">
<!-- Update the following line, or put the "sonar-ant-task-*.jar" file in your "$HOME/.ant/lib" folder -->
<classpath path="../apache-ant-1.9.6/lib/sonar-ant-task-2.3.jar"/>
</taskdef>
<!-- Execute the SonarQube analysis -->
<sonar:sonar/>
</target>
</project>
The output I get from ant if following. I don't see any coverage in the report at the url
http://localhost:9000/dashboard/index/org.codehaus.sonar:example-java-ant
Am I missing something?
c:\sonarqube>ant sonar
Buildfile: c:\sonarqube\build.xml
sonar:
[sonar:sonar] Apache Ant(TM) version 1.9.6 compiled on June 29 2015
[sonar:sonar] SonarQube Ant Task version: 2.3
[sonar:sonar] Loaded from: file:/C:/apache-ant-1.9.6/lib/sonar-ant-task-2.3.jar
[sonar:sonar] INFO: Default locale: "en_US", source code encoding: "windows-1252" (analysis is platform dependent)
[sonar:sonar] INFO: Work directory: c:\sonarqube\.sonar
[sonar:sonar] INFO: SonarQube Server 5.2
[sonar:sonar] 17:18:52.370 INFO - Load global repositories
[sonar:sonar] 17:18:52.959 INFO - Load global repositories (done) | time=588ms
[sonar:sonar] 17:18:53.034 INFO - User cache: C:\Users\Administrator\.sonar\cache
[sonar:sonar] 17:18:53.932 INFO - Load plugins index
[sonar:sonar] 17:18:53.952 INFO - Load plugins index (done) | time=20ms
[sonar:sonar] 17:18:54.677 INFO - Process project properties
[sonar:sonar] 17:18:57.381 INFO - Load project repositories
[sonar:sonar] 17:18:57.493 INFO - Load project repositories (done) | time=112ms
[sonar:sonar] 17:18:57.535 INFO - Apply project exclusions
[sonar:sonar] 17:18:57.667 INFO - Load quality profiles
[sonar:sonar] 17:18:57.983 INFO - Load quality profiles (done) | time=315ms
[sonar:sonar] 17:18:58.039 INFO - Load active rules
[sonar:sonar] 17:19:00.610 INFO - Load active rules (done) | time=2571ms
[sonar:sonar] 17:19:00.636 WARN - 'sonar.dynamicAnalysis' is deprecated since version 4.3 and should no longer be used.
[sonar:sonar] 17:19:00.797 WARN - SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.
scm.provider to define SCM of your project.
[sonar:sonar] 17:19:00.800 INFO - Publish mode
[sonar:sonar] 17:19:00.805 INFO - ------------- Scan Simple Java Project analyzed with the SonarQube Ant Task
[sonar:sonar] 17:19:01.844 INFO - Language is forced to java
[sonar:sonar] 17:19:01.887 INFO - Load server rules
[sonar:sonar] 17:19:02.373 INFO - Load server rules (done) | time=486ms
[sonar:sonar] 17:19:02.755 INFO - Base dir: c:\sonarqube
[sonar:sonar] 17:19:02.756 INFO - Working dir: c:\sonarqube\.sonar
[sonar:sonar] 17:19:02.781 INFO - Source paths: src
[sonar:sonar] 17:19:02.786 INFO - Source encoding: windows-1252, default locale: en_US
[sonar:sonar] 17:19:02.787 INFO - Index files
[sonar:sonar] 17:19:02.854 INFO - 0 files indexed
[sonar:sonar] 17:19:02.857 INFO - Quality profile for java: Sonar way
[sonar:sonar] 17:19:02.999 INFO - Sensor Lines Sensor
[sonar:sonar] 17:19:03.005 INFO - Sensor Lines Sensor (done) | time=6ms
[sonar:sonar] 17:19:03.006 INFO - Sensor QProfileSensor
[sonar:sonar] 17:19:03.095 INFO - Sensor QProfileSensor (done) | time=89ms
[sonar:sonar] 17:19:03.096 INFO - Sensor SCM Sensor
[sonar:sonar] 17:19:03.097 INFO - No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
[sonar:sonar] 17:19:03.100 INFO - Sensor SCM Sensor (done) | time=4ms
[sonar:sonar] 17:19:03.100 INFO - Sensor Code Colorizer Sensor
[sonar:sonar] 17:19:03.106 INFO - Sensor Code Colorizer Sensor (done) | time=6ms
[sonar:sonar] 17:19:03.107 INFO - Sensor CPD Sensor
[sonar:sonar] 17:19:03.108 INFO - JavaCpdEngine is used for java
[sonar:sonar] 17:19:03.110 INFO - Sensor CPD Sensor (done) | time=3ms
[sonar:sonar] 17:19:03.304 INFO - Analysis reports generated in 192ms, dir size=5 KB
[sonar:sonar] 17:19:03.320 INFO - Analysis reports compressed in 15ms, zip size=2 KB
[sonar:sonar] 17:19:03.758 INFO - Analysis reports sent to server in 424ms
[sonar:sonar] 17:19:03.762 INFO - ANALYSIS SUCCESSFUL, you can browse
Looking at log of analysis we cannot see any JaCoCo sensor executed. JaCoCo sensor is executed only if you have java file in your analysis which you don't as you can see per 0 files indexed line in your log.
To explain this behaviour you have to understand that JaCoCo sensor will only report coverage on files indexed so if there are no java files, there is no point to execute it.
So to report and compute coverage you would have to import a coverage report related to some source files you analyze in your project.

Sonar Ant 4.4.1 not launching - IllegalStateException

I use
Sonar Qube - 4.4.1
JDK Version 1.7
Sonar Ant Task version: 2.1 - I was able to launch my sonar server successfully and when I try to execute my build.xml with ant, I"m getting below error - could someone help please:
sonar:
[sonar:sonar] Apache Ant(TM) version 1.9.6 compiled on June 29 2015
[sonar:sonar] Sonar Ant Task version: 2.1
[sonar:sonar] Loaded from: file:/D:/NEW_SONARQUBE_HOME/sonar-ant-task- 2.1.jar
[sonar:sonar] INFO: Default locale: "en_GB", source code encoding: "UTF-8"
[sonar:sonar] INFO: Work directory: D:\ATG9.1\DWInt\CoreCommerce\.sonar
[sonar:sonar] INFO: Sonar Server 4.4.1
BUILD FAILED
D:\NEW_SONARQUBE_HOME\buildCoreCommerce.xml:28: java.lang.IllegalStateException:
Fail to download libraries from server
at org.sonar.runner.impl.Jars35.dowloadFiles(Jars35.java:79)
at org.sonar.runner.impl.Jars35.download(Jars35.java:58)
at org.sonar.runner.impl.JarDownloader.download35(JarDownloader.java:56)
at org.sonar.runner.impl.JarDownloader.download(JarDownloader.java:40)
at org.sonar.runner.impl.BatchLauncher$1.run(BatchLauncher.java:59)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonar.runner.impl.BatchLauncher.doExecute(BatchLauncher.java:57)
at org.sonar.runner.impl.BatchLauncher.execute(BatchLauncher.java:50)
at org.sonar.runner.api.EmbeddedRunner.doExecute(EmbeddedRunner.java:71)

Resources