Chapter 9.  Integrating with SonarQube

For Java projects the findings of Sonargraph can be stored and visualized in SonarQube using the Sonargraph Integration plugin.

The plugin is compatible with SonarQube versions 7.9 and higher.

The plugin is available here:

  1. The SonarQube Marketplace accessible from within the SonarQube server's web interface.

  2. GitHub https://github.com/sonargraph/sonar-sonargraph-integration/releases.

  3. hello2morrow's web site https://www.hello2morrow.com/products/downloads.

9.1. Overall Process of Integration

We assume you have already a SonarQube server running and see the project of interest in the server's web interface. To add Sonargraph's analysis results you need to:

  1. Install the Sonargraph Integration plugin in your SonarQube server.

  2. Use the built-in Sonargraph quality profile or add individual Sonargraph Integration rules to the profile you want to use. Assign your project to this profile.

  3. Define and analyze the project with Sonargraph, either using the Explorer or Architect version. You need the system definition (xyz.sonargraph folder). Alternatively the system definition could be obtained dynamically with our support for dynamic system creation.

  4. Create an XML report with Sonargraph Build of that project using either Maven, Gradle, Ant or the Shell support prior to the SonarQube analysis with one of the scanners. Make sure the that the XML report is created in the right spot by setting the parameter 'prepareForSonarQube' to 'true' so the Sonargraph Integration plugin can find it.

    NOTE

    If the XML report cannot be found by the Sonargraph plugin, specify the location via the commandline:

    sonar:sonar -Dsonar.sonargraph.integration:report.path=D:/temp/report/MyReport.xml

9.2. SonarQube Configuration

Specifying the Sonargraph XML Report

The default location of the xml report file is '${target}/sonargraph/sonargraph-sonarqube-report.xml' relative to the root module.

Sonargraph calculates metrics and provides issues on module and system level. The system level is equivalent to SonarQube's Project in a multi module system. In a single-module system the module/project will contain both classes of information.

NOTE

Using Maven or Gradle with the prepareForSonarQube flag, the produced xml report will be automatically copied to the default location.

NOTE

As of SonarQube version 7.6 the support for modules is removed from the user interface. Sonargraph issues and metrics created for modules are no longer visible and are no longer processed by the Sonargraph SonarQube plugin from version 4.0 onwards.

Sonargraph Script Metrics and Issues

Metric definitions created from an automated script need to be known by both the SonarQube server and the SonarQube scanner (running locally during the build). The custom metric definitions are detected during the scan and are stored in a properties file. The properties file is located at '<user-home>/.sonargraphintegration/SonargraphMetrics.properties' and must be copied to the SonarQube server's directory '<user-home>/.sonargraphintegration'.

NOTE

When introducing script metrics for the first time a warning message is written to the console at the end of a SonarQube analysis about the changed custom metrics properties file. Copy the properties file to the SonarQube server's directory '<user-home>/.sonargraphintegration' and restart the server. The new metrics will be available after the next SonarQube analysis.

NOTE

Due to the static nature of SonarQube metrics, support for custom Sonargraph metrics in SonarQube requires that the Sonargraph custom metric properties files must be kept in sync on the SonarQube scanner and server sides! If you are working with dynamic build agents, some setup work is needed to copy the properties files to the correct location '<user-home>/.sonargraphintegration' on the build agent.

Similar to metrics, issues created from automated scripts are detected by the SonarQube scanner and the issue types are stored in a properties file. This properties file is located at '<user-home>/.sonargraphintegration/SonargraphRules.properties and must be copied to the SonarQube server's directory '<user-home>/.sonargraphintegration'. After a server restart these rules must be activated in the SonarQube quality profile and then the issues are persisted during the next SonarQube analysis.

NOTE

Sonargraph issues about workspace setup, architecture consistency, etc. are not present in SonarQube, because there is no matching counterpart that SonarQube issues can be attached to. Those kind of issues are reported as warning messages at the end of the Sonargraph SonarQube analysis.

NOTE

Custom rules and metrics configuration are stored in two properties files that are used for all Sonargraph systems. Metrics and issue types with the same names are expected to have the same meaning. If you know that you have different metrics / rules for different systems, make sure that you integrate the properties files and not simply overwrite them on the server.

Related topics:

9.3. SonarQube Maven Configuration

If you use the SonarQube Maven plugin, you must set the following parameter in the configuration of the Sonargraph-Build Maven plugin in your project's pom.xml:

<configuration>
    <prepareForSonarQube>true</prepareForSonarQube>
    ...            
</configuration>

The Sonargraph-Build Maven plugin will automatically create an XML report (if not already configured) and will copy the report to ${target}/sonargraph/sonargraph-sonarqube-report.xml for the root project.

The example project contains an example pom.xml and also a batch file that demonstrates how the check can be called from the command-line.

Related topics:

NOTE

An example command-line using a different XML report location (added line-breaks for readability):

mvn clean package 
   sonargraph:create-report -Dsonargraph.reportFormat=xml 
    -Dsonargraph.reportDirectory=D:/temp/report -Dsonargraph.reportFileName=MyReport 
   sonar:sonar -Dsonar.sonargraph.integration:report.path=D:/temp/report/MyReport.xml

9.4. SonarQube Gradle Configuration

If you use the SonarQube Gradle plugin, you must set the following parameter in the configuration of the Sonargraph-Build tasks in your project's build.gradle:

sonargraphReport
{
    activationCode = "36E2-0F3E-643F-B4F2"
    prepareForSonarQube = "true"
}

The Sonargraph-Build Gradle plugin will automatically create an XML report (if not already configured) and will copy the report to ${target}/sonargraph/sonargraph-sonarqube-report.xml for the root project.

Related topics:

9.5. SonarQube Scanner / Ant Runner Configuration

If you use the SonarQube Scanner or Ant Runner, the Sonargraph XML report must have been created and this report must be configured for the Sonargraph SonarQube plugin using the following property (example for Ant Runner):

<property name="sonar.sonargraph.integration:report.path" value="${path.target.report}" />

Related topics: