07 November 2018

Sonarqube cheat sheet

SonarQube Best open source static analyzer.
(IMHO :-) ).

1.
How to create custom plugins for Sonar

https://devwebcl.blogspot.com/2018/10/custom-sonarqube-plugins-63.html

2.
default port: 9000
http://127.0.0.1:9000/

http://localhost:9000/

3.
Maven command line:

mvn sonar:sonar -Dsonar.host.url=http://127.0.0.1:9000 -Dsonar.login=d676f79d8ba83cdcf69f38f8471f0284ee242e09

4.
Quality Gates

Quality Gates are the best way to ensure that standards are met and regulated across all the projects in your organization. Quality Gates can be defined as a set of threshold measures set on your project like Code Coverage, Technical Debt Measure, Number of Blocker/Critical issues, Security Rating, etc.

5.
Quality Profiles

A quality profile in Sonar consists of: A set of activated coding rules among +600 available (PMD, Checkstyle and FindBugs): an activation level (mandatory or optional) and parametrization for each rule.

6.
wsdl jar
to be tested jar wsdl client proxies :

           
                      <plugin>
                <groupId>org.jvnet.jax-ws-commons</groupId>
                <artifactId>jaxws-maven-plugin</artifactId>
                <version>2.3</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>wsimport</goal>
                        </goals>
                        <configuration>
                            <wsdlDirectory>${basedir}/src/main/resources/wsdl/</wsdlDirectory>
                            <wsdlLocation>wsdl/endpoint_sample_wsdl.wsdl</wsdlLocation>

                            <sourceDestDir>${basedir}/src/main/java</sourceDestDir>

7. sonnar-scanner cli

sonar-scanner -Dsonar.projectKey=my-best-project


8. sonar-project.properties
to active a project and be used by sonar cli.
Create an user and generate token, then add to properties file:

# must be unique in a given SonarQube instance
sonar.projectKey=my:project
sonar.login=f86a58b7f520bfc6bbdb5bf03a0671ce64860f0c
sonar.java.binaries=target
 

#to avoid java parsing
sonar.exclusions=**/*.java


9. important not default rules

- https://rules.sonarsource.com/java/RSPEC-3749
  Members of Spring components should be injected

- https://rules.sonarsource.com/java/RSPEC-4288
  Spring components should use constructor injection

 

No comments :

My Blog List

Blog Archive

Disclaimer

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.