SonarQube VSTS extension pull request commenting - tfs

The SonarQube docs specify:
When analysis is triggered from a Pull Request the SonarQube Scanner for MSBuild - End Analysis task decorates the updated source code in the Pull Request with the new code quality issues, instead of pushing the analysis report to the SonarQube server.
How can you turn this on? We are using TFS 2018 with version 3.x of the SonarQube TFS/VSTS extension.

The SonarQube for MSBuild - End Analysis task is deprecated now and it can not be used.
The workaround is execute SonarQube.Scanner.MSBuild.exe end command manually.
You can queue your build by the private agent which installs SonarQube Scanner for MSBuild.

Related

Is there any sample solution about bitbucket pull request(not cloud) which is triggering sonarcube analyze on jenkins?

we would like to start a sonarqube analyze on developers' branches (bitbucket) just before pull requests via jenkins . Is there a sample solution?as far as i understood "sonar for bitbucketserver" plugin only shows the analysis results it does not trigger sonarqube analysis . Our scanner will be on jenkins
without a CI tool I was able to trigger analysis by adding the plugin sonar-stash to sonarqube. This way integrating with Bitbucket. Command I executed in sonarqube server, under sonar-scanner/bin folder:
./sonar-scanner -Dsonar.analysis.mode=preview
-Dsonar.stash.notification=true
-Dsonar.stash.project=JAVA
-Dsonar.stash.repository=abcd
-Dsonar.stash.pullrequest.id=2
-Dsonar.stash.password=**********

Upload analysis results to SonarQube using Jenkins

I have to Upload analysis results to SonarQube using Jenkins. Please suggest me.
My XML path is - C:\UC\UC_Cart\results.xml. Do I need to download any plugins for the same.
My Issue- How to End Analysis under Sonarqube Scanner for MSBuild.
I mean..Where should I include this section in Jenkins
End the SonarQube Analysis and upload it to the SonarQube server
MSBuild.SonarQube.Runner.exe end
https://docs.sonarqube.org/pages/viewpage.action?pageId=6389772
Followed this URL
You're missing the End Analysis step, which you should find in the list of available build steps. Add it to your job after the build and the analysis report should be sent automatically to the server. There are specifics in the docs.

Failing a build in Jenkins using the Quality Gate plugin

I m trying to fail a build in my Jenkins server using the Quality Gate plugin (v2.5). In my jenkins i have installed SonarQube plugin (v2.4.4) and SonarQube Scanner v2.6.1. I have configured a SonarQube server as well v5.6
I have defined a quality gate (for eg bugs > 10) in my server for the project which i m building using my Jenkins server. I have created a freestyle job for the same in Jenkins. What i want to achieve is the build in Jenkins should fail whenever the Quality Gate requirement is not met.
I use the "Execute SonarQube Scanner" option in my build step in Jenkins and the Quality Gate option in the post build action (with my project key). I have defined the parameters for sonar analysis in the Analysis Properties section.
Currently, when the quality gate threshold is not met the status changes to failed on the SonarQube server but the build is passed in Jenkins. During the next execution of the same job in Jenkins the build is failed by the Quality Gate. That is the build status is not changed in synchronization with the SonarQube server but in the following execution,
Can you pls let me know what m i missing here ?
it's been a while since you posted this but maybe I can help at least with my understanding.
In SonarQube 5.6 (don't know when this changed) the build analysis is been analysed in a background task in SonarQube. So the Jenkins Build is finished after it posted the analysis to the server and the build is finished long before the background task on the SonarQube server is finished.
During or on the end of the background task in SonarQube it checks the QualityGate.
So the Jenkins plugin get's always "outdated" QualityGate status at least with SonarQube versions higher than 5.6.
It's possible to extend the Jenkins plugin and add a "wait for background task" option. Of course this would lead longer build times in Jenkins. This is already done in this fork of the "Quality Gates Plugin".
Hope this all right :-)
see the also the doku here

How to configure Sonarqube with Jenkins and Perforce

How do I implement Sonarqube with Jenkins and Perforce,I have configured Sonarqube in our server and our source code is in Perforce,I know we can install perforce plugin in Sonarqube,so if I configure perforce plugin in Sonarqube ,will it fetch the latest code from perforce and analyse it?
SonarQube will not fetch source code by itself. You have to configure Jenkins to do that (there is a Jenkins plugin for Perforce).
Once your Jenkins job properly fetch source code, you can run a SonarQube analysis using a SonarQube Scanner step.
You should now have your source code properly analyzed and browsable in SonarQube.
On top of that you can install and configure the SonarQube Perforce plugin that will collect blame of all analyzed files and then allow to automatically assign issues to the last committer (but that's not mandatory).

Do I need sonar and sonar runner for Jenkins?

I want to set up Sonar with Jenkins. But I'm not sure if the Sonar site describes two different ways to do this or if there are two necessary steps:
As far as I understood it, it's two different ways. If this is the case, what is the difference and what are the advantages and disadvantages (between the Sonar itself and Sonar runner)?
If you want to analyse a project with SonarQube and Jenkins, here's what you need:
A SonarQube server up and running
A Jenkins server up and running with the SonarQube Scanner for Jenkins installed and configure to point to your SonarQube server
A job configured to run a SonarQube analysis on your project:
Using the default and standard SonarQube Scanner (suitable for most projects)
Using the SonarQube Scanner for MSBuild (for .NET solutions)
Using a post build action for Maven-based projects
Everything is described more in details on the SonarQube Scanner for Jenkins documentation page.

Resources