Continuous Inspection

Overview

SonarQube Build Status Quality Gate Status

Continuous Inspection

SonarQube provides the capability to not only show health of an application but also to highlight issues newly introduced. With a Quality Gate in place, you can Clean As You Code and therefore improve code quality systematically.

Links

Have Question or Feedback?

For support questions ("How do I?", "I got this error, why?", ...), please first read the documentation and then head to the SonarSource Community. The answer to your question has likely already been answered! 🤓

Be aware that this forum is a community, so the standard pleasantries ("Hi", "Thanks", ...) are expected. And if you don't get an answer to your thread, you should sit on your hands for at least three days before bumping it. Operators are not standing by. 😄

Contributing

If you would like to see a new feature, please create a new Community thread: "Suggest new features".

Please be aware that we are not actively looking for feature contributions. The truth is that it's extremely difficult for someone outside SonarSource to comply with our roadmap and expectations. Therefore, we typically only accept minor cosmetic changes and typo fixes.

With that in mind, if you would like to submit a code contribution, please create a pull request for this repository. Please explain your motives to contribute this change: what problem you are trying to fix, what improvement you are trying to make.

Make sure that you follow our code style and all tests are passing (Travis build is executed for each pull request).

Willing to contribute to SonarSource products? We are looking for smart, passionate, and skilled people to help us build world-class code quality solutions. Have a look at our current job offers here!

Building

To build sources locally follow these instructions.

Build and Run Unit Tests

Execute from project base directory:

./gradlew build

The zip distribution file is generated in sonar-application/build/distributions/. Unzip it and start server by executing:

# on linux
bin/linux-x86-64/sonar.sh start 
# or on MacOS
bin/macosx-universal-64/sonar.sh start
# or on Windows
bin\windows-x86-64\StartSonar.bat 

Open in IDE

If the project has never been built, then build it as usual (see previous section) or use the quicker command:

./gradlew ide

Then open the root file build.gradle as a project in Intellij or Eclipse.

Gradle Hints

./gradlew command Description
dependencies list dependencies
dependencyCheckAnalyze list vulnerable dependencies
dependencyUpdates list the dependencies that could be updated
licenseFormat --rerun-tasks fix source headers by applying HEADER.txt
wrapper --gradle-version 5.2.1 upgrade wrapper

License

Copyright 2008-2021 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0

Comments
  • External issues with project scope

    External issues with project scope

    As with "normal" issues it should be possible to create external issues that belong to the project instead of a single file.

    There are cases where an issue can not be assigned to a location in a file. E.g. because it is not known where the issue occurred, e.g. when fuzzy testing the application.

    opened by tobiasstadler 12
  • Update environment.rb for Oracle optimizations

    Update environment.rb for Oracle optimizations

    Instead of using a SELECT to fetch sequence #, assign value directly from the sequence; it would lower cursor usage for people with tight DB restrictions and could improve performance by up to 50% based on this: http://oracle-base.com/articles/11g/plsql-new-features-and-enhancements-11gr1.php#sequences_in_plsql_expressions.

    However it would only be compatible with Oracle 11g and up, but Oracle 10g (even R2) was dropped from even extended support for almost 2 years. If support for Oracle 10g must be kept, perhaps a support for specific dialects like "Oracle9g", "Oracle10g", "Oracle11g" and "Oracle12c" would be necessary (a bit like Hibernate does although they stopped at 10g).

    opened by sberthiaume 12
  • add db migration from java

    add db migration from java

    This PR adds a component that wraps around the ActiveRecord based migration process and handles concurrency as well as asynchronous execution of it

    this will be called from the new WS to trigger DB migration (another PR)

    Sorry this PR is a little bit dense, but individual commit do not really make sense

    opened by sns-seb 12
  • Implemented writeTimeoutMs

    Implemented writeTimeoutMs

    In some cases when Sonar's Analysis Report is big enough, the upload process is failing with a Session timeout error. This happens on big multimodal projects when analysis reports more than 1Mb. Given that nowadays=, many IT people working from home and the connection bandwidth varies a lot, in many cases, the default 10-sec write timeout inherited from OkHttp is not enough.

    opened by seaman333 11
  • Do not warn if the file is excluded already

    Do not warn if the file is excluded already

    This change is only about excessive warnings in the console. We have thousands of these comments in our project because we have a certain folder that is shared between projects.

    Even when I exclude the unnecessary files with Sonar, this continues to Log them.

    opened by tasomaniac 11
  • add module concept

    add module concept

    this PR introduces the concept of module as a group of components this will allow reducing length of the ComponentLevel classes and in the near future implement lazy start of components and/or description of implicit component dependencies this PR also includes a few module to demo usage and as a proof-of-concept

    opened by sns-seb 9
  • SONAR-6376 better Java WS to list installed plugins

    SONAR-6376 better Java WS to list installed plugins

    This PR :

    • changes the WS response to use a root object so that the response can be easily extended in the future (best practice)
    • adds more properties to the WS response for each plugin
    opened by sns-seb 9
  • SONAR-6366 new ws for db migration

    SONAR-6366 new ws for db migration

    this PR adds the new WS server/migrate

    IT tests coming up as soon as I know how they are supposed to be written

    this PR is based on branch feature/add_db_migration_from_java reviewed with PR #197

    opened by sns-seb 9
  • Enable parallel execution of web tests

    Enable parallel execution of web tests

    On my machine this change decreases time of execution of web tests on 68%, which is 43% for build of web module and 8% overall as shown below.

    $ uname -p -m -o
    x86_64 Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz GNU/Linux
    

    Before:

    $ time mvn clean install -pl server/sonar-web
    [INFO] Casper Task 'casper:test' took ~67805ms to run
    real    1m46.001s
    user    1m7.538s
    sys     0m2.216s
    
    $ time mvn clean install
    real    8m23.034s
    user    9m17.843s
    sys     0m20.167s
    

    After:

    $ time mvn clean install -pl server/sonar-web
    [INFO] Casper Task 'casper:test' took ~21746ms to run
    real    1m0.827s
    user    1m15.891s
    sys     0m3.304s
    
    $ time mvn clean install
    real    7m40.100s
    user    9m52.647s
    sys     0m22.536s
    

    I'm not a JavaScript expert, but seems that there is no problem of isolation of tests. At least I did not observed spontaneous failures among 20 sequential runs.

    Default value of "concurrency" level (5) seems good enough - on my machine higher values do not provide further decrease of time.

    opened by Godin 9
  • Fix SAML check feature using Tomcat Proxy configuration (https://tomc…

    Fix SAML check feature using Tomcat Proxy configuration (https://tomc…

    Hi,

    To me, correction of ticket SONAR-13328 seems buggy. It only checks HTTP header X-Forwarded-Proto but behind a reverse proxy hostname is frequently changed too and header X-Forwarded-Host could be sent.

    If Sonarqube is installed behind a reverse-proxy, I think it's better to customize Tomcat than hack incoming HTTP request (https://tomcat.apache.org/tomcat-9.0-doc/proxy-howto.html).

    So in this PR I add 3 new properties to configure RP :

    • sonar.web.proxyName : reverse proxy hostname
    • sonar.web.proxyPort : reverse proxy port
    • sonar.web.scheme : reverse proxy incoming scheme

    When this properties are filled, Tomcat will return information about the original HTTP(S) request when getRequestURL() is called (by SamlResponse for example).

    opened by Ripolin 8
  • SONAR-6724 : support analyzing root pom in multi-modules projects

    SONAR-6724 : support analyzing root pom in multi-modules projects

    This PR allows processing of files in aggregator modules. When analyzing a multi-modules maven project, this allows the root pom to be indexed and analyzed. It should also be beneficial to other project types (Gradle was mentioned in SONAR-6724). This only applies to files, not folders : SONARPLUGINS-2295 introduced a warning for existing folders referenced in property sonar.sources of aggregator modules : it will still be displayed, and these folders will still be ignored.

    planned 
    opened by lbndev 8
Releases(9.8.0.63668)
Owner
SonarSource
Continuous Code Quality and Code Security
SonarSource
Free continuous integration platform for GitHub projects.

✋ Do not open new issues here! ✋ Travis CI Travis CI is a hosted continuous integration and deployment system. You can now test and deploy open source

Travis CI 8.3k Jan 3, 2023
PHPCI is a free and open source continuous integration tool specifically designed for PHP.

PHPCI PHPCI is a free and open source (BSD License) continuous integration tool specifically designed for PHP. We've built it with simplicity in mind,

Dan Cryer 2.4k Dec 26, 2022
PHP Censor is an open source self-hosted continuous integration server for PHP projects.

PHP Censor is an open source, self-hosted, continuous integration server for PHP projects (PHPCI fork). Official twitter @php_censor. PHP Censor versi

PHP Censor 660 Dec 28, 2022
Your Continuous Testing Server

Sismo: Your Continuous Testing Server Sismo is a Continuous Testing Server written in PHP. Unlike more "advanced" Continuous Integration Servers (like

null 662 Dec 27, 2022
PHPCI is a free and open source continuous integration tool specifically designed for PHP.

PHPCI PHPCI is a free and open source (BSD License) continuous integration tool specifically designed for PHP. We've built it with simplicity in mind,

Dan Cryer 2.4k Apr 21, 2021
Mark Rogoyski 2.2k Dec 29, 2022
MageCI - [ABADONED] Magento Continuous Integration Tools

Magento Continuous Integration Tools A set of tools to help set up a proper environment for testing magento Installation Installation is very easy tho

EcomDev B.V. 77 Dec 13, 2021