we have c & c++ project scanned by CPPdepend which deliver dependency graph and metrics, also we add custom rule to CPPD for C family, at the same time, we scan the same source code with latest sonar-scanner and get well nice presented values on Sonarcloud
i know there is an integration between cppdepends & sonarqube, is there an kind of direct integration or workaround with sonarcloud too?
can we integrate/transfer the CPPDepend quality rules to sonarcloud the same way as sonarqube?
Welcome to the community.
Unlike SonarQube, SonarCloud is a service that does not offer the same level of customization as SonarQube.
For example, there is no plugin for SonarCloud.
The CppDepend plugin you mention is a commercial offer from CppDepend and comes as a SonarQube plugin. It cannot work with SonarCloud; no plan exists to change that.
At the moment, there is no alternative.
We are recording traction for importing SARIF reports to SonarCloud. You can upvote the feature here.
If such a feature were to appear, you could import CppDepend quality rules findings if you can convert them into SARIF reports.
Finally, can I ask which CppDepend quality rules that bring value to you that cannot be found on SonarCloud?
Thanks a lot for your support and care, it is very clear.
Honestly, Sonarcloud fits our needs and it is well integrated with our CICD and SCM smoothly.
But our R&D team created custom rule in cppdepend which is not an option in sonarcloud
Also, we are looking for rule to check the typo, spelling and copy/paste error, can we do it with sonarcloud for C++ projects
Great to hear that SonarCloud fits your needs.
We do not support custom rules for the CFamily analysis and have strong reasons not to. Still, we are recording interest in it here.
We see much more users with advanced customizing needs on SonarQube, where they can use custom or 3rd party plugins.
You get copy/paste detection out-of-the-box in SonarCloud. For example, in that project, in the
Duplications section. You should also have it. By default, copy/paste detection runs on every analysis. If it does not fit your needs, can you tell me more about what it does not cover?
About spelling and typos. Can you be more specific, please? You are expected to analyze a code that compiles. It makes that everything in your code has a meaning. Many typos would prevent it from compiling. What specific pattern are you trying to detect? They might be of interest to many users.