[Beta] Automatic Analysis of your repositories with SonarCloud

sonarcloud
announcement

(Fabrice Bellingard) #1

Hi SonarCloud users!

Today, we are thrilled to announce that we deployed a Beta feature which many of you are waiting for: SonarCloud can autonomously scan your code, by simply reading it from your repository! We call that AutoScan, and we think you’ll love it! :tada:

As you will see, activating this Beta feature is very simple. Note that it comes with a limited scope and some caveats for now. We will be removing those limitations along the way - but we did not want to wait any longer to let you benefit from it. :slight_smile:

Prerequisites

The first version of this Beta feature works only for GitHub repositories.
The automatic analysis can be activated only on projects which were set up through the SonarCloud web interface (when you select repositories to analyze).

What to expect

Once activated, SonarCloud will automatically analyze:

  • the default branch of the repository
  • the pull requests (PR) on that default branch

And it will take care of doing it whenever you push on your repository.

The following languages are currently supported:

  • ABAP
  • Apex
  • CSS
  • Flex
  • Go
  • HTML
  • JS
  • Kotlin
  • PHP
  • PL/SQL
  • Python
  • Ruby
  • Scala
  • Swift
  • TypeScript
  • TSQL
  • XML

How to activate the feature?

To enable the automatic analysis, you simply need to add a .sonarcloud.properties file in your repository.

If you’re starting from scratch:

  1. Do the setup for your project (from the + > Analyze new project top right menu)
    • Remeber that your project must absolutely be created by selecting a GitHub repository - otherwise it won’t work.
  2. Once the setup is done on SonarCloud, you end up on the project home page which shows a tutorial. Ignore it and simply add a .sonarcloud.properties file in the base directory of your default branch (or on a PR which targets this default branch).
  3. After a while, the analysis results will be visible in SonarCloud (and your PR will be annotated with comments if you pushed the file on a PR)

Here are the supported optional settings for the .sonarcloud.properties file:

# Path to sources
#sonar.sources=.
#sonar.exclusions=
#sonar.inclusions=

# Path to tests
#sonar.tests=
#sonar.test.exclusions=
#sonar.test.inclusions=

# Source encoding
#sonar.sourceEncoding=UTF-8

# Exclusions for copy-paste detection
#sonar.cpd.exclusions=

Note that you can just push an empty .sonarcloud.properties file, this will work fine. In this case, every file in the repository will be considered as a source file.

Current limitations/caveats

Yes, this is a Beta feature, developed in an iterative approach :slight_smile: So for now:

  • There is no visual feedback (yet) in the UI when SonarCloud runs an analysis.
  • A consequence of the previous point is that if - for any reason, SonarCloud fails to successfully run the analysis, nothing will be displayed. In that case, just come on the forum and ask a question, we’ll monitor that closely.
  • Pull requests from forks are not analyzed (only PRs from the same repository)
  • Code coverage information is not supported
  • Import of external rule engine reports is not supported

Noteworthy

  • This Beta feature works for any project - public or private.
  • It can be activated with no extra cost.
  • Sources are cloned only during the analysis, and only when the .sonarcloud.properties file exists (i.e. when the feature is activated). The cloned repository is fully deleted at the end of the analysis, and SonarCloud does not keep a copy of it.
  • Non supported languages (Java, C#, VB.NET, C/C++, ObjectiveC) will not be analyzed at all.

How to give feedback?

Create a new thread on the forum, under “Get Help > SonarCloud”, with the “autoscan” tag.

We’d love to hear your feedback about this new upcoming feature, may it be about bugs, improvements, or anything you want to share with us!


Will SonarCloud be able to be available without relying on separate CIs, such as appveyor
(Fabrice Bellingard) #2