I have some continious Integration running with Jenkins and some quality analysis with Sonar and Checkstyle.
I want to display them in real time in my open space.
My problem is when Jenkins run a new job, it update the Sonar analysis, but the sonar dashboard does not move. and we have to refresh the page (F5) in order to display the new analysis.
How can I force the sonar web page to refresh after each job ?
(using sonar 5.2)
And how can I set the Jenkins build instable when the quality is below a gate ? (or when I have more than x mjor issues ?)
For Jenkins, no problem : we will use the monitor view plugin
Afaik you can't force SonarQube to reload the page after each job. You have to do this by yourself.
Prior to 5.2 you could use the BuildBreaker Plugin, to handle quality gate violations. Unfortunately I don't know a solution for this in 5.2+ :(
Related
apologies if this has been covered, there have been a couple similar questions on SE - but struggling to find an explicit solution:
Does anyone know how to access the reports from SonarQube? I want to put some logic in Jenkins that will only proceed to do more stuff if quality gates are passed. This is something I wish to automate, and not login to sonarqube manually.
I have seen references to a possible, Gerrit plugin solution or using a curl step to use the API but neither explained how to replicate that approach.
You've got to use the SonarQube Scanner for Jenkins.
Specifically, check the "Analyzing in a Jenkins pipeline" section: it allows you to run a SonarQube analysis, and wait for the Quality Gate to be available so that you can decide (in your pipeline script) what to do based on the status of the quality gate.
sonarqube reports can be extracted using webapi
for example : http://sonarserver:9010/api/issues/search?componentKeys=sonarProject&severities=BLOCKER,CRITICAL,MAJOR,MINOR,INFO&s=SEVERITY&asc=false&ps=100
convert the json output to csv and to xls using online tools
http://convertcsv.com/json-to-csv.htm
I am running a job through Jenkins with the SonarQube Execute Scanner Plugin.
These are all my Analysis Properties
sonar.projectKey=Project1
sonar.projectName=ProProject
sonar.projectVersion=Layer1
sonar.verbose=true
sonar.sources=src
sonar.qualitygate=SonarQube way
sonar.libraries=lib
sonar.tests=Tests
sonar.issuesReport.html.enable=true
sonar.issuesReport.console.enable=true
sonar.includePlugins=views,report,buildbreaker
sonar.analysis.mode=publish
sonar.issuesReport.console.enable=true
sonar.sourceEncoding=UTF-8
When I try to view SonarQube results for my sonar jobs, I see that the result of previous job is being overwritten with the new job.
I am loosing my previous job result
That's the default behavior of this plugin and of SonarQube. If you want to see changes over time in your project's code quality and issues (UI of SonarQube 5.6.2):
go to your SonarQube instance,
click on the name of the project you're interested it,
under the project name, there will be a menu: click on Dashboards -> TimeMachine.
You'll see graphs showing changes in the number of issues, lines of code, test coverage, and so on. In the top right, you should be able to choose a time frame you're interested in.
I've set up a multi-branch pipeline in Jenkins which performs a SonarQube analysis using the withSonarQubeEnv() step and the sonar:sonar Maven goal.
This works fine, and the analysis results do show up in SonarQube.
What I'm missing (compared to the traditional non-pipeline Jenkins integration) is a clickable link on the Jenkins build page which will open the analysis results in SonarQube.
There is a small SonarQube icon next to every build in the left panel, but this icon is not clickable.
Is there any configuration switch that will produce a clickable link, or is this simply a missing feature?
As far as I know Once the job is complete, the plugin will detect that a SonarQube analysis was made during the build and display a badge and a widget on the job page with a link to the SonarQube dashboard as well as quality gate status.
Please refer this and verify your configurations.
If this is happening to you, verify that the test is actually running if not, verify your configuration.
You are probably looking for the SonarQube link on the build job page (for example job/foo/1/). However the link is on the project pate (that is job/foo). There you will find one link on the menu to the left and a SonarQube Quality Gate widget in the bottom center.
Menu
Widget
We are using only FxCop and StyleCop rules in Jenkins and Sonar.
But we are getting more no. of Violations on Sonar Dashboard then in Jenkins.
Jenkins in using 318 rules (FxCop & Stylecop Combined) whereas Sonar is using only 130 rules (FxCop & Stylecop Combined).
But still we get more no. of Violations on Sonar Dashboard then on Jenkins.
Can anyone tell me why this is happening?
And Jenkins shows result of FxCop and StyleCop seperately, whereas Sonar merge result of FxCop and StyleCop and display them. Does any one know how can we seprate the result ?
There can be several explanations why you get more violations in Sonar:
the FxCop and StyleCop rules are not configured with the same parameters (threshold, ...) between Sonar and Jenkins. This is the first thing you should do actually.
maybe you also have Gendarme rules activated in your quality profile on Sonar? (this is the case if you're using the default "Sonar way" profile)
you may also have lots of other Sonar violations (which don't come from external tools like FxCop), ranging from detected duplications to design issues.
And to answer your last question, there's currently no way in Sonar UI to seperate violations based on the tool that generates them. The most important for Sonar users is to get the whole list of violations, whatever the tool that generates them is.
I am using sonar for the last few months and want to know that do sonar works in an incremental way or not i.e if i do soanr analysis for the first time on my project code it will definitely analyze all the code but if i do some enhancement on my core source code and update some files then after updation do sonar analysis again on the same code then will sonar analyze all the files OR only analyze files which i have updated?
I am using "Sonar way with Findbugs" as my default quality profile.
Is there any way to use sonar in an incremental way, to analyze only updated files?
Is this possible in sonar or not?
Kindly revert your help will be appreciated..
Thanks in advance..
Sonar does not currently handle incremental analyses.
If you want, you can watch and vote for the following ticket: http://jira.codehaus.org/browse/SONAR-2815
If your task if code quality metrics in a general way, then you can use these tools directly on Jenkins. See FindBugs Plugin , PMD plugin or Checkstyle Plugin. They independently give what you need in the form of "incremental code" reports. But if you have to use SONAR only, then Fabrice's answer is the correct one.
Here the post where the ticket that #fabrice-sonar-team comments was born:
does Sonar support Incremental code quality analysis
You can read Freddy Mallet's explanation about why this functionality is not trivial to be implemented. It requires lot of effort, so as Fabrice said, vote for the ticket! :)
Just adding on since this is the first google result for 'Sonar incremental preview analysis' in stack, and the answers are way too old.
Sonar has plugins available for IDEs such as Eclipse and NetBeans that can run incremental analysis on the changed files alone. This still needs a connection the SonarQube server though.
You may also run the analysis right from Jenkins by passing an additional sonar analysis property - sonar.analysis.mode=incrementalin your Sonar scan build step. This will report the code quality in a full report - will all code issues as well as a light report containing only new issues (since last full scan as recorded in server).
To take one step further use sonar.issuesReport.html.enable=true and publish the generated html reports to your Jenkins build page - Neat and Trim
Sonar documentation here