Hello everyone,
I’m developing a simple plugin for SonarQube v. 7.9.1.
I’d like to get all the issues in a project and compute a new metric based on that.
I’ve a problem knowing where to handle this computation:
- I’ve implemented a MeasureComputer and gathered all the issues manually (inside the compute method) keeping a counter that sums all the issues for every component analyzed. This doesn’t seem a good solution although it works for now.
- I’ve thought of implementing a PostJob object, but I think it could be too late to add a new measure because the Job is already finished. From the documentation: PostJobs are executed at the very end of scanner analysis. A PostJob can’t do any modification since everything is already computed (issues, measures,…).
At the moment I’ve done it in a very hacky way, please tell me there’s a better way than this:
public class MyComputer implements MeasureComputer {
private int totalVuln = 0;
@Override
public MeasureComputerDefinition define(MeasureComputerDefinitionContext def) {
return def.newDefinitionBuilder()
.setOutputMetrics(MY_MEASURE.key())
.build();
}
@Override
public void compute(MeasureComputerContext context) {
if (context.getComponent().getType() == Component.Type.FILE) {
for (Issue issue : context.getIssues()) {
if (issue.type().equals(RuleType.VULNERABILITY)) {
totalVuln++;
}
}
// The Project component is the last component of every scan to be analyzed
} else if (context.getComponent().getType() == Component.Type.PROJECT) {
int newMetric = 3 * totalVuln; // just an example of a metric that depends on the total number of vulnerabilities
context.addMeasure(MY_MEASURE.key(), newMetric);
totalVuln = 0;
}
}
}
Thanks to everyone that will answer.