Sonar Rust plugin v 0.0.4 is out.
It allows importing Clippy Lints as well as some cargo tarpaulin coverage reports
See : GitHub - elegoff/sonar-rust: SonarQube plugin to analyze Rust files
Feedback is welcomed
Sonar Rust plugin v 0.0.4 is out.
It allows importing Clippy Lints as well as some cargo tarpaulin coverage reports
See : GitHub - elegoff/sonar-rust: SonarQube plugin to analyze Rust files
Feedback is welcomed
Upvoted this. My company is moving over to Rust and would see the support for this language as a must for Sonarqube. There are large parts of the IT industry adopting Rust (AWS, Microsoft) to name but a few. I would think this is a priority for Sonarsource. We are moving away from more traditional languages such as C# & Java to more functionally orientated language, for a large number of reasons.
Just to let you know, Iāve also published a tool to help publishing reports to sonarcloud.io from a Rust project by doing the transformation on the client side.
See the thread.
An upvote from me. Rust is our primary language and Rust support would be very helpful!
Another upvote and see the need for Rust support from these articles.
Are you using SonarQube or SonarCloud ? If using SonarQube , and until the Rust language is officially supported, Iād be happy to get feedback on the community plugin I am maintaining at GitHub - elegoff/sonar-rust: SonarQube plugin to analyze Rust files
( If you are facing issue , or need more features ,please use the Github issue rather than this forum)
Currently SonarQube is used to validate applications on a DoD cloud solution which I want to host a Rust based application on and Iām going to have to reimplement because they canāt scan it. They also use Fortify, which also doesnāt support Rust.
We are using SonarCloud, hope Rust on SonarCloud as well!!!
Sonarqube Team. What is the status of rsut support?
Hi!
Is there any news on this? For me, it would be enough to import an unsupported language test coverage report.
Nothing has been decided yet but if we decide to support a new language in 2023, Rust is definitely a good candidate (along with Dart/Flutter BTW).
Would SonarCloud be utilising this plugin? GitHub - elegoff/sonar-rust: SonarQube plugin to analyze Rust files
If so, is there anything that the community can be doing to make that plugin more likely to be integrated by SonarCloud?
Only SonarSource-made analyzers run on SonarCloud. We want to be in full control of what is running on SonarCloud side. There is no chance to see this SonarQube Rust Plugin being integrated into SonarCloud.
If you want to help to see Rust being supported by SonarCloud here is what we need:
SonarCloud can fork GitHub - elegoff/sonar-rust: SonarQube plugin to analyze Rust files to be in 100% control of what is running on SonarCloud.
There are no ā3rd partyā linters for Rust language. Clippy and rustfmt are part of the Rust language project, and so far nobody has bothered or managed to create alternatives. Very likely because rustfmt is reasonably configurable, and clippy is extensible, so there is little motivation to create alternatives. Another reason is those tools have good roadmaps and community processes for future changes, so Rust developers would rather contribute to those project, instead of trying to fork or create their own tool from scratch.
The one exception to the above, there are some formatters/ linters for āCargo.tomlā files. e.g. GitHub - tbrand/cargo-tomlfmt: Formatting Cargo.toml and GitHub - FuelLabs/cargo-toml-lint: A linter for Cargo.toml files
Again, it is part of the Rust compiler.
There are two mechanism described at Instrumentation-based Code Coverage - The rustc book . The āsource-based code coverage implementationā is the better implementation.
GitHub - mozilla/grcov: Rust tool to collect and aggregate code coverage data for multiple source files is a commonly used wrapper to collate the coverage data.
GitHub - actions-rs/grcov: š GitHub Action for code coverage reporting with grcov is the github action which is commonly used.
c.f. previous comment on this thread about clippy, and its JSON output.
There is also a tool to convert clippy to SARIF at:
Just to mention, Iāve made a tool to convert a few of Rust tooling output into Sonar generic input with the project cargo-sonar
.
Basically, you run rust tooling somewhere, then convert the output with cargo-sonar
, then feed it to sonar-scanner
.
Iāve been working with it for a few months on some projects already, and itās already useful enough (mainly the clippy
parser). Itās not perfect though, as there are at least 2 main problems with it:
cargo-sonar
is likely incoherent with any other Sonar approved toolcargo-sonar
works relatively well on an up-to-date version of all tools, but maybe not so much on older versions