Chapter 9.  Integration with SonarQube

For Java projects the findings of Sonargraph can be stored and visualized in SonarQube using the Sonargraph Integration plugin.

The plugin is compatible with SonarQube versions 6.7.3 and higher.

The plugin is available here:

  1. The SonarQube Marketplace accessible from within the SonarQube server's web interface.

  2. GitHub https://github.com/sonargraph/sonar-sonargraph-integration/releases.

  3. hello2morrow's web site https://www.hello2morrow.com/products/downloads.

9.1. Overall Process of Integration

We assume you have already a SonarQube server running and see the project of interest in the server's web interface. To add Sonargraph's analysis results you need to:

  1. Install the Sonargraph Integration plugin in your SonarQube server.

  2. Use the built-in Sonargraph quality profile or add individual Sonargraph Integration rules to the profile you want to use. Assign your project to this profile.

  3. Define and analyze the project with Sonargraph, either using the Explorer or Architect version. You need the system definition. Alternatively the system definition could be obtained dynamically with our support for dynamic system creation.

  4. Create an XML report with Sonargraph Build of that project using either Maven, Gradle, Ant or the Shell support prior to the SonarQube analysis with one of the scanners. Make sure the that the XML report is in the right spot so the Sonargraph Integration plugin can find it .

9.2. SonarQube Configuration

Localizing the Sonargraph XML Report

The default location of the xml report file is 'target/sonargraph/sonargraph-sonarqube-report.xml' relative to every module.

In a multi-module system the xml report file must be stored in every module and the top-level project.

Sonargraph calculates metrics and provides issues on module and system level. The system level is equivalent to SonarQube's Project in a multi module system. In a single-module system the module/project will contain both classes of information.

NOTE

Using Maven or Gradle with the prepareForSonarQube flag will copy the produced xml report automatically into all modules.

NOTE

If you want to avoid having a copy of the xml report file in all modules you can alternatively use one absolute location.

Sonargraph Script Metrics and Issues

Issues created from an automated script are activated (or deactivated) with the single rule 'Sonargraph Integration: Script Issue'.

Metrics created from an automated script are now stored in a properties file and are automatically considered after a restart of the SonarQube server. The properties file is stored at '.sonargraphintegration/metrics.properties'.

NOTE

When introducing script metrics for the first time a warning message is created in the console of the SonarQube server when a restart is required because of a modified metrics.properties file.

Related topics:

9.3. SonarQube Maven Configuration

If you use the SonarQube Maven plugin, you must set the following parameter in the configuration of the SonargraphBuild Maven plugin in your project's pom.xml:

<configuration>
    <prepareForSonarQube>true</prepareForSonarQube>
    ...            
</configuration>

The SonargraphBuild Maven plugin will automatically create an XML report (if not already configured) and will copy the report to ${target}/sonargraph/sonargraph-sonarqube-report.xml for the root project and all modules (excluding those with packaging "pom").

The example project contains an example pom.xml and also a batch file that demonstrates how the check can be called from the command-line.

Related topics:

NOTE

An example command-line using only one xml report location (added line-breaks for readability):

mvn clean package 
   sonargraph:create-report -Dsonargraph.reportFormat=xml 
    -Dsonargraph.reportDirectory=D:/temp/report -Dsonargraph.reportFileName=MyReport 
   sonar:sonar -Dsonar.sonargraph.integration:report.path=D:/temp/report/MyReport.xml

9.4. SonarQube Gradle Configuration

If you use the SonarQube Gradle plugin, you must set the following parameter in the configuration of the SonargraphBuild tasks in your project's build.gradle:

sonargraphReport
{
    activationCode = "36E2-0F3E-643F-B4F2"
    prepareForSonarQube = "true"
}

The SonargraphBuild Gradle plugin will automatically create an XML report (if not already configured) and will copy the report to ${target}/sonargraph/sonargraph-sonarqube-report.xml for the root project and all modules.

Related topics:

9.5. SonarQube Ant Runner Configuration

If you use the SonarQube Ant Runner the Sonargraph XML report must have been created and this report must be configured for the Sonargraph SonarQube plugin using the following parameter:

<property name="sonar.sonargraph.integration:report.path" value="${path.target.report}" />

Related topics: