Analyzing only the changed files in sonarqube

sonarqube

(vicky) #1

Hi,

How can we analyze only the changed files in repo as currently whenever changes is pushed in repo it will analyze the whole project again. If there is any way which can help me achieving the same then refer the documentation else this can be considered as suggestion for new feature as this process consume lot of time unnecessarily.
Thanks in advance!


(Amaury Levé) #2

Hi @vicky,

You are posting a question inside of a Suggest new features category, that’s a bit surprising. To answer your question, we currently do not support incremental analysis.

Cheers,
Amaury


(Simon Schrottner) #3

hi,

well we are using somekind of hacky workarround, but this involves some magic handled by the build tool, and the passing of some information to that build tool. like pull request key or something.

What we are doing is triggering our feature build with an pull request number, and getting the changeset information via api from the pullrequest. We parse it, and add just the changes sources to the inclusion property of sonar. in this case, we just analyse the files we changed.

There are some downsides for some plugins though, eg. spotbugs/findbugs ignores the inclusion and will still analyse the whole source code.

we also found this way not ideal, because it requires configurations on 3 different systems. but in the end, it speed up our pull request code analysis, so for us it was worth the effort.

But that is just an suggestion how you could solve that issue, althought not ideal.

Cheers
simon


(Anonymous) #4

You can get the list of changed files from the github api and then plug it into sonar.inclusions .
Simple.

In context to jenkins,

  1. create a sonar.properties file (using shell)
  2. make a github api call and fetch the list of files changed with their api.
  3. insert the above fetched value inside the sonar.properties file (sonar.inclusions=) (open file in write mode)
  4. and pass this sonar file to the build configuration (maven, ant etc)

In this way , there would be new sonar inclusions for each PR in jenkins.