sonarqube

问题 I'm trying to analyze .NET C# project using SonarQube C# plugin. From C# Plugin 3.0, FxCop is automatically executed even thogh "sonar.fxcop.mode=skip" in sonar-project.properties, so I installed FxCop to following directory. C:\Program Files (x86)\Microsoft FxCop 1.35 When I ran SonarQube Runner from Jenkins's sonar plugin, then I got following error. ERROR: Error during Sonar runner execution ERROR: Unable to execute Sonar ERROR: Caused by: The property "sonar.cs.fxcop.assembly" must be set

问题 We are currently in the process of evaluating the use of SonarQube/SonarLint for our .NET applications. We are pretty happy with what we've seen so far (and, btw, kudos for bringing SonarQube this far - I've used it a couple of years ago for my PhD project, and it has improved greatly since then!). However, one thing was a bit surprising: When I connected my SonarLint instance to our SonarQube server (which worked just fine) and started syncing the bound project, SonarLint started to download

问题 I need some help in setting up code quality plugin for maven project. I have a multi module project. While I have configured pmd , checkstyle , findbugs and cobertura in my build process, and I can generate xml reports for each plugin, I am facing some challenges configuring the sonar plugin in my project. I am not sure how to approach this problem: Should I reuse the reports generated by these plugins while executing sonar? if so what should my sonar plugin configuration be? If I run sonar

问题 I am using Prepare, Run and Publish analysis tasks in VSTS to run the SonarQube analysis and publish the results to build summary. First two steps execute successfully but the 'Publish Analysis' task fails because it is not able to fetch the task for analysis ID. I get the following error message: Could not fetch task for ID 'AWE9-wu8-fbfJflhFQ3-' VSTS Publish Analysis Task Log: 2018-01-28T18:15:28.1037139Z ##[debug][SQ] Waiting for task 'AWE9-wu8-fbfJflhFQ3-' to complete. 2018-01-28T18:15:28

问题 How can we identify the most common types of issues in a project in our current code base. We have recently upgraded from Sonar 4.5 to 5.1 In 4.5 we used to view the issues list in a specific project, and the issues were grouped by issue type. For instance in one project the rule "Use a logger to log this exception" might be the most common critical rule with 45 violations. We could then use that information to drive improvement efforts. In 5.1 we are now presented with a long list of issues

问题 Hi I wrote own plugin for sonar 5.1.2 based on some checks from java-web-plugin 3.5 (dependency in pom for java-checks 3.5) and when I try to run analysis on project i get error: Caused by: java.lang.ClassCastException: org.sonar.java.resolve.SemanticModel cannot be cast to org.sonar.java.resolve.SemanticModel at org.sonar.java.checks.SubscriptionBaseVisitor.scanFile(SubscriptionBaseVisitor.java:32) at org.sonar.java.model.VisitorsBridge.visitFile(VisitorsBridge.java:123) at org.sonar.java

问题 I'm experiencing a strange problem when running "gradlew sonarqube" with proxy. I have sonarqube server installed (using 2 minutes quick installation guide) on a remote server with IP: x.12.11.18. When running the "gradlew sonarqube" on my local Mac, I got the error below. ./gradlew sonarqube :app:sonarqube SonarQube server [http://x.12.11.18:9000] can not be reached :app:sonarqube FAILED FAILURE: Build failed with an exception. However, if I comment out systemProp.http.proxyPort settings in

问题 From searching online and looking at sonarqube docs the only thing that I can find is: SonarQube.Scanner.MSBuild.exe /k:KeyOfProject /n:NameOfProject msbuild.exe C:\projectpath\soultion.sln SonarQube.Scanner.MSBuild.exe end The problem is there's no switches that i've found to set things like: analysis mode (preview, publish, increment/issues to set if sqube reports the project to server) how to make sonarqube comment on issues and code in Gitlab The ONLY thing i can think of is by passing

问题 I've got an instance of sonarqube 5.5 running. I wanted to use the sonar-ldap-plugin 1.5.1 in order to delegate the authentication and authorization to the Active Directory service of my company. The configuration for the LDAP plugin is the following (modulo some obfuscation): sonar.authenticator.createUsers=false sonar.security.savePassword=false sonar.security.realm=LDAP ldap.url=ldap://host.my.domain ldap.user.baseDn=OU=Users,OU=Organic Units,DC=my,DC=domain ldap.user.request=(&

问题 All of my SonarQube code analysis Java projects are failing on this rule. Each source file should start with a header stating file ownership and the license which must be used to distribute the application. This rule must be fed with the header text that is expected at the beginning of every file. There is one parameter: headerFormat Expected copyright and license header (plain text) But there are no examples of how this should be configured. By default headerFormat is empty and I cannot find