Customize SonarQube rules of sonar-web-frontend plugin in sonar dashboard - jenkins

I configured sonarQube analyze for my Angular 2 project as this example
sonar-web-frontend-helloworld
And I added sonar plugin to Jenkins and run gulp task as Jenkins command. It was perfectly worked and now I can view my project in sonar dashboard.
But problem is it uses rules from project not from the sonar server. I have added web-front-end plugin in sonar server. I want to use those set of rules while running code analyzer for my project. And also, using current methods to disable some rules I have to disable them from rules file in the project. How can I improve that sonar job for disable rules using sonar dashboard with log in as an admin.

SonarQube analysis will always use the rules from the relevant Quality Profile on the server. If you need to adjust the set of rules applied, then you must edit the profile, most likely the default profile.

Related

How to Integrate SonarQube with QuickBuild?

We are currently using GitLab and QuickBuild for our Android Projects.
I have to integrate Sonarqube to have a pre check before every build.
I'm not able to get much information for quickbuild as most of the documentation is for Jenkins.
I can see that we can create steps in quickbuild and I would have to add one more step for sonar check and execute the sonar command.
But still I'm not very sure what is the best practice?
Where should I run the Sonar Server?
Where to add the sonar configuration files?
Any good documentation available?
Should I run the Sonar check on GitLab or QuickBuild? (Our build server is QuickBuild so it looks the better option)
Ideally you should run sonar server on separate machine or you can use the same server on which quickbuild is running (depending upon java versions)
You can place sonar configuration file either in project directory or you can store it at any central location.
No official documentation for sonar and quickbuild integration.
Run sonar check on Buildserver.
We chose to do the SonarQube check inside the Maven build (that runs on Quickbuild). A Maven plugin is available. If you use Gradle, this might do as well.

run sonarQube via jenkins Task 'my-task' does not exist. Please use 'list' task to see all available tasks

I've got a server in work which has sonarQube, Gitlab and jenkins running side by side with Maven also on the box. I have also a project on this box i wish to test with sonarqube (located on this same box in /home/{user}/live/{sitename}/htdocs). I created a job in sonarqube, the only options i had where to call it something and I've no idea how this links to the actual project or where it is expecting to find the project to scan. in jenkins I added build step for sonarqube, again no option on where to find the code. i ran it anyway and to no surprise it failed asking me to use list to see all available, not being funny but where do i do this?
So I have 2 questions really:
where is sonarQube looking for this code, i presume symbolic links are good in this location to the actual code right?
where do i find and use this list command? is this in jenkins or sonarqube?
sonarqube jankins and gitlab are all accessible on our intranet with different default ports (8080, 8008 and 9000) i have the sonarqube scanner plugin on jenkins and it is using maven? Does anyone know of any good tutorials to setup this kind of scenario?
thanks
Craig
Configure your current Job and set below.
Under Build->Execute SonarQube Scanner
Task to run : leave it blank
Path to project properties: Specify your sonar project properties file
path
Before doing above changes make sure that below configurations are set
Jenkins->Manage Jenkins->Sonar Servers
Name:Sonarqube
Server URL: http://localhost:9000/sonarqube
Server authentication token: Generate in SonarQube in specify here
Jenkins->Manage Jenkins->Global Tool Configuration->SonarQube Scanner
SonarQube Scanner installations:
Name: SonarScanner
Install automatically: Tick checkbox
Install from Maven Center: Choose compatible SonarScanner version
I was able to get this working in the end but after upgrading sonarqube we decided to use the new pipelines feature, this took a while to configure but we are now able to do code analysis on our builds, see this link for details

Sonarqube analysis per commit(only the changes) before publishing the results to sonarqube dashboard.

Is there anyway in sonarqube where we can run analysis on the files which have been changed by commit and get the code smells before publishing the code smells to sonar dashboard. Currently we have integrated the sonarqube analysis with Jenkins as a Job to run on a daily basis.
I saw a nice answer in sonarQube site:
You can get the list of changed files from the github api and then
plug it into sonar.inclusions . Simple.
In context to jenkins,
create a sonar.properties file (using shell)
make a github api
call and fetch the list of files changed with their api.
insert
the above fetched value inside the sonar.properties file
(sonar.inclusions=) (open file in write mode)
and pass this sonar
file to the build configuration (maven, ant etc)
In this way , there would be new sonar inclusions for each PR in
jenkins.

Jenkins: SonarQube analysis could not be completed because the analysis configuration file could not be found

We just installed a Jenkins and a SonarQube server.
I already created the SonarQube project, and now I'm configuring the SonarQube part on jenkins.
I've a weird behavior:
Sometimes, jenkins(or the sonarqube runner, I don't know) is creating a whole bunch of configuration files for sonarqube in the .sonarqube folder of my workspace. In this case, it seems to work, the results are published. But sometimes(without any changes in between), thoses files are missing, and then the build fails with the following message:
11:39:55.091 SonarQube analysis could not be completed because the analysis configuration file could not be found:
D:\Jenkins\workspace\MyProjectName\.sonarqube\conf\SonarQubeAnalysisConfig.xml.
My sonarQube and jenkins are both being executed on a Windows server 2012 computer(the same in fact). I've an authentication token filled in the sonarqube configuration, and I've the "Enable injection of SonarQube server configuration as build environment variables" checked.
I'm not sure to fully understand the process:
Should I create myself this project, or is it something that Jenkins should create automatically? If I should create it manually, how and where?
If this is something that should be created automatically, why is it not working?
Although Jenkin's context is specific (and the question is old), the answer is more general (and still valid). You can find it on this topic: SonarQube analysis could not be completed because the analysis configuration file could not be found.
TLDR; Look at the beginning of the SonarQube session, then you find the REAL problem. The last message is only a kind of not-so-useful summary.

Alternatives for QC

In my project we are using QC to execute our test cases(QTP), moving forward we would be eliminating QC (for cost reasons).
As far as I explored MSBuild & Jenkins, they would be suitable.
But MSBuild will trigger the execution when a new build pushed to the repository. Also it will automatically test on the latest build.
Is there any other CI tool available to execute test cases through QTP?
I will be executing automation once in a release. Also we install our application by manual since it requires lots of configuration.
Take a look at HP Application Automation Tools.
This plugin basically replaces the need for QC, and is developed by HP.
Create a Jenkins job using this plugin on the same Jenkins installation used to build your code, then you can configure your job to run your tests as soon the code is available (e.g. on a nightly basis).
See here for a helpful guide on how to implement a simple Jenkins job using this plugin.
They also host the code on Github, which is very useful if you need to change the behavior of the plugin to suit your needs.

Resources