In a recent sonar test, we found over 30k total violations in our projects. I was told to spend some time to look over all of the blocker/critical violations and fix them accordingly. I was told by my mentor that to run sonar on the projects again, I would have to first commit the changes I made. And because I am an intern they don't want to do that. Is there any another method besides committing the changes and run sonar?
I am using Intellij and the projects are mavenized, if that helps with anything.
How to setup the SonarQube in a local machine? We need Docker Desktop for Windows to setup the SonarQube local. Download and install Docker Desktop for Windows. Open the Powershell and check if the docker is installed or by running the below command.
Yep, set up a local Sonar server by following the instructions at http://docs.sonarqube.org/display/SONAR/Installing
Once you've done that you can view all your projects at localhost:9000 by doing mvn sonar:sonar. It's not necessary to install a build server, so long as your projects are maven-enabled you should be able to just do mvn sonar:sonar whilst a local sonar server is running.
You can also install the eclipse plugin (if you use eclipse) which will allow you to do realtime code analysis - so you can see when you've managed to solve a violation. Violations are highlighted directly in the code as well which helps considerably.
http://docs.sonarqube.org/display/SONAR/SonarQube+in+Eclipse
Running SonarQube server with docker may help.
docker pull sonarqube
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube
docker start sonarqube
Download and install SonarScanner from scanner here.
Create a file named sonar-project.properties
insider your project directory
with following contents.
sonar.projectKey=YourProjectKey
sonar.projectName=YourProjectName
sonar.projectVersion=1.0
sonar.sources=.
cd /to/project/path
sonar-scanner
open http://localhost:9000 in browser.
login with default username & password (admin, admin).
Sonar internally uses plugin like PMD, Checkstyle etc. You can install PMD or checkstyle plugin for eclipse and it will show all the potential violations. It will be useful for you to see how far you have fixed the problems before you checkin
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With