sonarqube-scan

问题 Sonar Lint 2.0, It's connected to my own Sonar Qube server with no issues reported by the plugin. The issue is that it is not in sync with my server rules. Found those mentioned in the doc for Java but they also seemed not to be all. I wonder if these java rule list are used only when it's not connected to any server only. Does it have a restriction of what rules to use or synchronize when using a remote server? What exactly we can do to make it synch if it is possible. Plateform: Java

问题 I've been doing some research on it. What I found is a list of quite nice samples but for other languages here. I also looked at sonar-dotnet. But it doesn't look similar to the other implementations. Finally, and to be honest probably my last chance, I took a quick look at FxCop Custom Rules and I'm not sure what would be the right way. What I'm trying to do is just a basic c# rule that can be reviewed like this predefined by sonar. I mean, with Noncompliant Code and Compliant Solution . 回答1

问题 I want to execute a "SonarQube Scanner" Step within my Jenkins 2.x Pipeline. When I try to create a sample groovy within the pipeline-syntax I only get a groovy script of the following format: step <object of type hudson.plugins.sonar.SonarRunnerBuilder> Does anyone know what is the correct Step Syntax? E.g. Publish JUnit Report looks like step([$class: 'JUnitResultArchiver', testResults: '']) I use the following Versions: Jenkins 2.11 SonarQube Scanner 2.6.1 SonarQube Plugin 2.4.1 回答1: I

问题 What is the correct way to configure an Android project with submodules for use with the sonarqube gradle plugin? Google has not been my friend, but I may have missed something basic. (I search for sonarqube issues related to the android build directories and submodules. No useful results.) At a very high level, I am working with an Android project with the following structure. git_repository |----- android_project |--- app |--- SDK |- api The git_repository contains the README.md and other

问题 Just stood up a brand new SonarQube 6.7.1 server and configured it to authenticate users via the LDAP plugin ( 2.2 build 608 ). So far so good. However, when users trying to run a command line scan using maven with a token: mvn sonar:sonar -Dsonar.login=438fd33be6d6e5c9146c674717fea4675f0eb ...they get the following error: Not authorized. Please check the properties sonar.login and sonar.password. The Sonar logs are showing: 2018.01.19 18:20:14 DEBUG web[AWELLmgpg7dbJTF2AALW][o.s.p.l

问题 I am creating this as a follow-up question to this original one: How sonarqube works To repeat for ease of reading this is the original question: I have a question that, how analysis happen in sonarqube. when I do mvn sonar:sonar -Dsonar.host.url=http://sonar.com what will happen in background. what I felt is like Maven will use some plugins and communicate with sonarqube server Load all the rules that it have in sonarqube server in location we run mvn sonar:sonar Analyze source code using

问题 I'm using gitlab-ci pipeline, it will run a new docker container with following commands: mvn --batch-mode verify sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.gitlab.project_id=$CI_PROJECT_ID -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA -Dsonar.gitlab.only_issue_from_commit_file=true -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME -Dsonar.host.url=xxx -Dsonar.test.inclusions="/src/test/java/**/*.java" -Dsonar.login=xxx It becomes quite slow for my project, almost run for 20mins. I found it will

问题 I want to scan existing .cs files with sonarqube. I understood that I need to use SonarQube Scanner for MSBuild, and this one requires to create a project to analyze. So I created a project on Visual studio from existing files and declared it as Class Library. But while executing SonarQube Scanner for MSBuild, I've got this error: WARNING: The project has an invalid GUID "00000000-0000-0000-0000- 000000000000". The project will not be analyzed by SonarQube. Project file: C:\Users\sas1

问题 After upgrading to SonarQube 6.7 LTS, many of our projects started failing during " complete SonarQube analysis " task with below error: [error]java.lang.IllegalArgumentException: No FxCop analysis has been performed on this project, whereas it contains cs files: Verify that you are using the latest version of the SonarQube Scanner for MSBuild, and if you do, please report a bug. In the short term, you can disable all FxCop rules from your quality profile to get rid of this error. These

问题 We are using Sonar Qube 6.7.3 and sonar-java-plugin 5.3 We have made below changes to our sonar configuration recently Enabled new rules Changed configuration to include byte code(changed from 'clean sonar:sonar' to 'clean package sonar:sonar') We are using sonar svn plugin and provide valid credentials to it. I understand providing byte code to sonar will help it identify more issues but, I expect Sonar to flag new issues based on svn code commit date and last analysis date, but it is not .