Add plugin to SonarQube marketplace

sonarqube

(Günter Wirth) #1

Hi,

we have an own plug-in we like to add to the SonarQube marketplace to facilitate updates for the users.

We had a look to https://docs.sonarqube.org/display/DEV/Deploying+to+the+Marketplace seems most of the points are fulfilled.

You find the code here:

Wiki:

Issue Tracker:

Download:

SonarCloud:
https://sonarcloud.io/dashboard?id=org.sonarsource.sonarqube-plugins.cxx%3Acxx

Could you have a look to it please?

Regards,
Günter


(G Ann Campbell) #2

Hi Guenter,

You seem to have overlooked a key point in the document you cite. I’ll quote it for you:

  1. Your plugin does not compete with existing or soon-to-be-released SonarSource products (sorry, but we gotta pay the bills somehow)

Additionally, there’s this:

  1. … reasonable functionality and quality

We’ve had a report here in the community of broken branch analysis that seems to have boiled down to Cxx being the problem.

Beyond that, I don’t believe you’re the maintainer of this plugin (my apologies if you’ve joined the team) and such a request needs to come from maintainers.

In short, we won’t be adding this plugin to the marketplace.

 
Ann


(Günter Wirth) #3

Hi Ann,

I don’t believe you’re the maintainer of this plugin

I’m one of the maintainers.

in the community of broken branch analysis

Could be fixed.

Your plugin does not compete …

Think the cxx community plugin and the SonarCFamily plugin are driving two totally different use cases.

  • SonarCFamily plug-in: Providing all out of the box. The main point people are willing to pay money is the built-in static code analysis.
  • cxx community plug-in: People have already a running tool chain and they like to add the reports from their existing tool chains to SonarQube to visualize them.
  • Bigger companies you are earning money with are buying anyway a commercial edition because of the other missing features in the community edition. The only reason they like to use the cxx community plugin in addition is the easy support of additional tool reports.

So the cxx community plugin is more an enabler than a competitor.

Regards,
Günter


(ivangalkin) #5

Hi Ann,

as one of the sonar-cxx contributors I would like to add a couple of words to the statement of Günter.

There are a variety of commercial SonarQube plugins, which might compete with SonarCFamily: PVS-Studio, Coverity etc. They provide their own static code analysis and they cost money.

On the other hand, there are standard developer tools: cppcheck, clang, valgrind etc. They are not competitors of SonarSource, they belong to the well-established and irreplaceable tool-kit of every C/C++ developer. These tools are free, open-source and (if well integrated) can make SonarQube even more popular among C/C++ developers.

Our plugin allows such integration in a very high-quality way. The issue you’ve quoted is a) not reported at sonar-cxx b) not confirmed to be a sonar-cxx issue c) doesn’t say much about the quality at all. You might take a look at the number of GitHub stars or number of downloads. You’ll see, that sonar-cxx is widely accepted and highly trusted plugin.

Regards,