which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube version 10.5.1, Scanner version 6.1.0.4477, build-wrapper-win-x86
how is SonarQube deployed: zip, Docker, Helm
zip
what are you trying to achieve
The goal is to scan C and C++ code from source files. Java source code has been successfully scanned.
Therefore, we have the following questions:
How to configure devices to run Sonar Scanner remotely?
Will the configuration files (i.e. “conf\sonar.properties” under SonarQube directory) need to be edited to perform scans remotely?
What fields need to be updated in the SonarQube web interface to perform scans remotely?
Can SonarQube web interface be accessed remotely?
Before every scan, does a project need to be created through the SonarQube web interface?
Lines of code are counted for each SonarQube project. Once a SonarQube project is deleted, are those lines of code removed from the count afterward?
what have you tried so far to achieve this
The current configuration includes:
• SonarQube (Developer Edition) and Microsoft SQL Server have been installed on a Windows Server
• Build wrapper has been downloaded, unzipped, and added as %PATH% environment variable
• Sonar Scanner has been downloaded, unzipped, and added as %PATH% environment variable
The scans have been performed locally on the Windows Server, but it would be helpful to configure the setup to perform scans on devices remotely. This should solve the issue since it seems the device requires compiling the C/C++ code before running Sonar Scanner.
For the following screen capture, the configuration step of the SonarQube analysis is displayed. The command cannot be executed without the clean build command:
I’m not quite sure I understand what you mean by “remotely”—if I had to guess, you mean analyzing your code on a machine other than the machine your SonarQube server is installed on. Is that correct?
Yes, that is correct. Since it seems the C and C++ code requires to be compiled before executing the scan, and there is no compiler on the Windows Server.
Have you exposed the port this machine is running SonarQube on to your local network? That means you can access it not just at localhost:9000 but also in the browser of another machine.
There are many CI Integrations that handle lots of this for you. What CI tool are you using in your organization?
I would also like to mention that in SonarQube v10.6 you can analyze C/C++ without a build using AutoConfig mode. That said, you should still get your SonarQube server setup so you can run scans on other machines.
If the user with Execute Analysis permissions also has Create Projects permission, than yes. However, we suggest pre-provisioning the project in the UI.
To clarify, (sonar.host.url=https://mysonarqubeserver.company.com) must be edited in the “conf\sonar-scanner.properties” file to point to the SonarQube server.
Captured from the SonarQube web interface, would the following field need to be updated before pointing to the SonarQube server?
In addition, are there any edits needed for the file “conf\sonar.properties” under the SonarQube directory? Such as (sonar.web.host=) or (sonar.web.context=) ? Currently they are commented out.
The scanner has been installed on the machine where the build is happening.
When accessing SonarQube in the browser of another machine, should localhost:9000 be used? Or would this be (https://mysonarqubeserver.company.com) as stated from your example?
Since sonar.host.url is used to point the Sonar Scanner on another machine to the SonarQube server, where can the URL be updated if we would like to change it? Trying to understand how to access in the browser of another machine, but currently seeing “localhost refused to connect” when inputting localhost:9000.
SonarQube is a web application (like any other website you visit) and must be available on the network to other machines that want to communicate with it. In an internal (corporate) network, that typically means asking your Server Admins to open up certain ports so that it is accessible by other machines. Maybe the server gets a special hostname (sonar.corp.com) or maybe you just access it via IP address (at least during evaluation)
When you use localhost:9000 on a machine other than the one your SonarQube server is hosted on… well of course it will fail, because localhost always refers to the local machine.