SonarQube Best open source static analyzer.
(IMHO :-) ).
1.
How to create custom plugins for Sonar
https://devwebcl.blogspot.com/2018/10/custom-sonarqube-plugins-63.html
2.
default port: 9000
http://127.0.0.1:9000/
http://localhost:9000/
3.
Maven command line:
mvn sonar:sonar -Dsonar.host.url=http://127.0.0.1:9000 -Dsonar.login=d676f79d8ba83cdcf69f38f8471f0284ee242e09
4.
Quality Gates
Quality Gates are the best way to ensure that standards are met and regulated across all the projects in your organization. Quality Gates can be defined as a set of threshold measures set on your project like Code Coverage, Technical Debt Measure, Number of Blocker/Critical issues, Security Rating, etc.
5.
Quality Profiles
A quality profile in Sonar consists of: A set of activated coding rules among +600 available (PMD, Checkstyle and FindBugs): an activation level (mandatory or optional) and parametrization for each rule.
6.
wsdl jar
to be tested jar wsdl client proxies :
<plugin>
<groupId>org.jvnet.jax-ws-commons</groupId>
<artifactId>jaxws-maven-plugin</artifactId>
<version>2.3</version>
<executions>
<execution>
<goals>
<goal>wsimport</goal>
</goals>
<configuration>
<wsdlDirectory>${basedir}/src/main/resources/wsdl/</wsdlDirectory>
<wsdlLocation>wsdl/endpoint_sample_wsdl.wsdl</wsdlLocation>
<sourceDestDir>${basedir}/src/main/java</sourceDestDir>
7. sonnar-scanner cli
sonar-scanner -Dsonar.projectKey=my-best-project
8. sonar-project.properties
to active a project and be used by sonar cli.
Create an user and generate token, then add to properties file:
# must be unique in a given SonarQube instance
sonar.projectKey=my:project
sonar.login=f86a58b7f520bfc6bbdb5bf03a0671ce64860f0c
sonar.java.binaries=target
#to avoid java parsing
sonar.exclusions=**/*.java
9. important not default rules
- https://rules.sonarsource.com/java/RSPEC-3749
Members of Spring components should be injected
- https://rules.sonarsource.com/java/RSPEC-4288
Spring components should use constructor injection