How to include misra in sonarqube? (willing to purchase if needed)

SonarQube
1

Must-share information (formatted with Markdown):

  • which versions are you using ( 7.5.0.20543) community edition.

  • what are you trying to achieve
    I would like to know how to show results of misra faults over a sonar qube c project.

  • what have you tried so far to achieve this
    What currently happening:

Created rule text of the misra standard for using with cppcheck misra addon.
C code analysed using cppcheck and using a misra.py addon supported by cppcheck officially.

Included a misra_test.c file and manually running the misra.py from a shell generates and it finds 209 violations.
What is correct.

sonar qube log:

C:\Jenkins\workspace\aoms.x.branches.multi>exit 0 
[branch_buzzer_unittesting_new] $ sonar-scanner-3.3.0.1492-windows\bin\sonar-scanner.bat -X -Dsonar.host.url= ******** -Dsonar.cxx.pclint.reportPath=logs/CustomMisra.xml -Dsonar.sources=source -Dsonar.c.other.reportPath=CustomMisra.xml -Dsonar.login= -Dsonar.host.url= -Dsonar.cxx.other.rules=/logs/CppCheckMisra.xml "-Dsonar.exclusions=Releases/**, debug/**, PIC_Demo/**, disassembly/**, logs/**, unity.*, build/**, *.xml" -Dsonar.working.directory=/sonarWD -Dsonar.cxx.coverage.reportPath=/codecoverage.xml -Dsonar.c.includeDirectories=-Dsonar.cxx.xunit.reportPath=codecoverage.xml  -Dsonar.cxx.other.reportPath=/logs/CustomMisra.xml -Dsonar.c.xunit.reportPath=build/artifacts/test/report.xml -Dsonar.cxx.includeDirectories= -Dsonar.sourceEncoding=UTF-8 -Dsonar.projectKey=build -Dsonar.c.cppcheck.reportPath=logs/CppCheck.xml, /logs/CppCheckMisra.xml" 
14:47:44.299 INFO: Scanner configuration file: sonar-scanner-3.3.0.1492-windows\bin\..\conf\sonar-scanner.properties
14:47:44.299 INFO: Project root configuration file: NONE
14:47:44.315 INFO: SonarQube Scanner 3.3.0.1492
14:47:44.315 INFO: Java 1.8.0_121 Oracle Corporation (64-bit)
14:47:44.315 INFO: Windows NT (unknown) 10.0 amd64
14:47:44.471 DEBUG: keyStore is : 
14:47:44.471 DEBUG: keyStore type is : jks
14:47:44.471 DEBUG: keyStore provider is : 
14:47:44.471 DEBUG: init keystore
14:47:44.471 DEBUG: init keymanager of type SunX509
14:47:44.612 DEBUG: Create: C:\Windows\system32\config\systemprofile\.sonar\cache
14:47:44.612 INFO: User cache: C:\Windows\system32\config\systemprofile\.sonar\cache
14:47:44.612 DEBUG: Create: C:\Windows\system32\config\systemprofile\.sonar\cache\_tmp
14:47:44.612 DEBUG: Extract sonar-scanner-api-batch in temp...
14:47:44.627 DEBUG: Get bootstrap index...
14:47:44.627 DEBUG: Download: http://batch/index
14:47:44.690 DEBUG: Get bootstrap completed
14:47:44.690 DEBUG: Create isolated classloader...
14:47:44.705 DEBUG: Start temp cleaning...
14:47:44.705 DEBUG: Temp cleaning done
14:47:44.705 DEBUG: Execution getVersion
14:47:44.705 INFO: SonarQube server 7.5.0
14:47:44.705 INFO: Default locale: "en_US", source code encoding: "UTF-8"
14:47:44.705 DEBUG: Work directory: branch_buzzer_unittesting_new\sonarWD
14:47:44.721 DEBUG: Execution execute
14:47:44.893 INFO: Publish mode
14:47:45.049 INFO: Load global settings
14:47:45.362 DEBUG: GET 200 api/settings/values.protobuf | time=313ms
14:47:45.409 INFO: Load global settings (done) | time=360ms
14:47:45.440 INFO: Server id: 
14:47:45.455 INFO: User cache: C:\Windows\system32\config\systemprofile\.sonar\cache
14:47:45.721 INFO: Load/download plugins
14:47:45.721 INFO: Load plugins index
14:47:45.737 DEBUG: GET 200 http:///api/plugins/installed | time=16ms
14:47:45.783 INFO: Load plugins index (done) | time=62ms
14:47:45.815 INFO: Load/download plugins (done) | time=94ms
14:47:45.877 DEBUG: Plugins:
14:47:45.877 DEBUG:   * C++ (Community) 1.2.2.1653 (cxx)
14:47:45.877 DEBUG:   * SonarPython 1.10.0.2131 (python)
14:47:45.877 DEBUG:   * C (Community) 1.2.2.1653 (c)
14:47:45.877 DEBUG:   * JaCoCo 1.0.1.143 (jacoco)
14:47:45.877 DEBUG:   * SonarGo 1.1.0.1612 (go)
14:47:45.877 DEBUG:   * SonarKotlin 1.4.0.155 (kotlin)
14:47:45.877 DEBUG:   * Svn 1.9.0.1295 (scmsvn)
14:47:45.877 DEBUG:   * SonarJS 5.0.0.6962 (javascript)
14:47:45.877 DEBUG:   * SonarRuby 1.4.0.155 (ruby)
14:47:45.877 DEBUG:   * SonarScala 1.4.0.155 (sonarscala)
14:47:45.877 DEBUG:   * SonarC# 7.9.1.7622 (csharp)
14:47:45.877 DEBUG:   * SonarJava 5.9.2.16552 (java)
14:47:45.877 DEBUG:   * LDAP 2.2.0.608 (ldap)
14:47:45.877 DEBUG:   * Git 1.6.0.1349 (scmgit)
14:47:45.877 DEBUG:   * SonarFlex 2.4.0.1222 (flex)
14:47:45.877 DEBUG:   * SonarXML 1.5.1.1452 (xml)
14:47:45.877 DEBUG:   * SoftVis3D Sonar plugin 1.0.1 (softvis3d)
14:47:45.877 DEBUG:   * SonarPHP 2.15.0.4060 (php)
14:47:45.877 DEBUG:   * SonarTS 1.8.0.3332 (typescript)
14:47:45.877 DEBUG:   * SonarVB 7.9.1.7622 (vbnet)
14:47:45.893 INFO: Loaded core extensions: 
14:47:46.377 INFO: Process project properties
14:47:46.393 DEBUG: Process project properties (done) | time=16ms
14:47:46.393 INFO: Load project branches
14:47:46.596 INFO: Load project branches (done) | time=203ms
14:47:46.612 INFO: Load project pull requests
14:47:46.612 INFO: Load project pull requests (done) | time=0ms
14:47:46.612 INFO: Load branch configuration
14:47:46.612 INFO: Load branch configuration (done) | time=0ms
14:47:46.612 INFO: Load project repositories
14:47:46.846 INFO: Load project repositories (done) | time=234ms
14:47:46.908 INFO: Execute project builders
14:47:46.908 INFO: Execute project builders (done) | time=0ms
14:47:47.033 DEBUG: Available languages:
14:47:47.033 DEBUG:   * C++ (Community) => "c++"
14:47:47.033 DEBUG:   * Python => "py"
14:47:47.033 DEBUG:   * C (Community) => "c"
14:47:47.033 DEBUG:   * Go => "go"
14:47:47.033 DEBUG:   * Kotlin => "kotlin"
14:47:47.033 DEBUG:   * JavaScript => "js"
14:47:47.033 DEBUG:   * Ruby => "ruby"
14:47:47.033 DEBUG:   * Scala => "scala"
14:47:47.033 DEBUG:   * C# => "cs"
14:47:47.033 DEBUG:   * Java => "java"
14:47:47.033 DEBUG:   * Flex => "flex"
14:47:47.033 DEBUG:   * XML => "xml"
14:47:47.033 DEBUG:   * PHP => "php"
14:47:47.033 DEBUG:   * TypeScript => "ts"
14:47:47.033 DEBUG:   * Visual Basic .NET => "vbnet"
14:47:47.033 INFO: Load quality profiles
14:47:48.489 DEBUG: GET 200 api/qualityprofiles/search.protobuf?projectKey=aoms.multi.build | time=1456ms
14:47:48.504 INFO: Load quality profiles (done) | time=1471ms
14:47:48.520 INFO: Load active rules
14:47:52.870 INFO: Load active rules (done) | time=4350ms
14:47:52.886 INFO: Load metrics repository
14:47:52.901 DEBUG: GET 200 /api/metrics/search?f=name,description,direction,qualitative,custom&ps=500&p=1 | time=15ms
14:47:52.917 INFO: Load metrics repository (done) | time=31ms
14:47:52.932 DEBUG: SCM Step is disabled by configuration
14:47:52.932 INFO: Project key: aoms.multi.build
14:47:52.932 INFO: Project base dir: branch_buzzer_unittesting_new
14:47:52.932 DEBUG: Start recursive analysis of project modules
14:47:52.932 INFO: -------------  Scan aoms.multi.build
14:47:53.104 INFO: Base dir: branch_buzzer_unittesting_new
14:47:53.104 INFO: Working dir: branch_buzzer_unittesting_new\sonarWD
14:47:53.104 INFO: Source paths: source
14:47:53.104 INFO: Source encoding: UTF-8, default locale: en_US
14:47:53.198 DEBUG: Declared extensions of language C++ (Community) were converted to sonar.lang.patterns.c++ : **/*.cxx,**/*.cpp,**/*.cc,**/*.hxx,**/*.hpp,**/*.hh
14:47:53.198 DEBUG: Declared extensions of language Python were converted to sonar.lang.patterns.py : **/*.py
14:47:53.198 DEBUG: Declared extensions of language C (Community) were converted to sonar.lang.patterns.c : **/*.c,**/*.h
14:47:53.198 DEBUG: Declared extensions of language Go were converted to sonar.lang.patterns.go : **/*.go
14:47:53.198 DEBUG: Declared extensions of language Kotlin were converted to sonar.lang.patterns.kotlin : **/*.kt
14:47:53.198 DEBUG: Declared extensions of language JavaScript were converted to sonar.lang.patterns.js : **/*.js,**/*.jsx,**/*.vue
14:47:53.198 DEBUG: Declared extensions of language Ruby were converted to sonar.lang.patterns.ruby : **/*.rb
14:47:53.198 DEBUG: Declared extensions of language Scala were converted to sonar.lang.patterns.scala : **/*.scala
14:47:53.198 DEBUG: Declared extensions of language C# were converted to sonar.lang.patterns.cs : **/*.cs
14:47:53.198 DEBUG: Declared extensions of language Java were converted to sonar.lang.patterns.java : **/*.java,**/*.jav
14:47:53.198 DEBUG: Declared extensions of language Flex were converted to sonar.lang.patterns.flex : **/*.as
14:47:53.198 DEBUG: Declared extensions of language XML were converted to sonar.lang.patterns.xml : **/*.xml,**/*.xsd,**/*.xsl
14:47:53.198 DEBUG: Declared extensions of language PHP were converted to sonar.lang.patterns.php : **/*.php,**/*.php3,**/*.php4,**/*.php5,**/*.phtml,**/*.inc
14:47:53.198 DEBUG: Declared extensions of language TypeScript were converted to sonar.lang.patterns.ts : **/*.ts,**/*.tsx
14:47:53.198 DEBUG: Declared extensions of language Visual Basic .NET were converted to sonar.lang.patterns.vbnet : **/*.vb
14:47:53.198 INFO: Index files
14:47:53.198 INFO: Excluded sources: 
14:47:53.198 INFO:   Releases/**
14:47:53.198 INFO:   debug/**
14:47:53.198 INFO:   PIC_Demo/**
14:47:53.198 INFO:   disassembly/**
14:47:53.198 INFO:   logs/**
14:47:53.198 INFO:   unity.*
14:47:53.198 INFO:   build/**
14:47:53.198 INFO:   *.xml
14:48:10.370 DEBUG: Saved '71' coverage measures for file 'branch_buzzer_unittesting_new/source/VishayEmulator.c'
14:48:10.370 INFO: Sensor C (Community) CoverageSensor [c] (done) | time=125ms
14:48:10.370 INFO: Sensor JaCoCo XML Report Importer [jacoco]
14:48:10.385 DEBUG: No reports found
14:48:10.385 INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=15ms
14:48:10.385 INFO: Sensor SonarJavaXmlFileSensor [java]
14:48:10.385 INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=0ms
14:48:10.385 INFO: Sensor C++ (Community) XunitSensor [cxx]
14:48:10.385 DEBUG: Root module imports test metrics: Module Key = '[key=aoms.multi.build]'
14:48:10.385 DEBUG: Normalized report includes to 'branch_buzzer_unittesting_new\codecoverage.xml]'
14:48:10.385 DEBUG: Scanner uses normalized report path(s): 'branch_buzzer_unittesting_new\codecoverage.xml'
14:48:10.401 INFO: Parser will parse '1' report file(s)
14:48:10.401 INFO: Processing report 'codecoverage.xml'
14:48:10.401 DEBUG: Transformation skipped: no xslt given
14:48:10.416 INFO: Parsing 'xUnit' format
14:48:10.416 DEBUG: The reports contain no testcases
14:48:10.416 INFO: Sensor C++ (Community) XunitSensor [cxx] (done) | time=31ms
14:48:10.416 INFO: Sensor C (Community) XunitSensor [c]
14:48:10.416 DEBUG: Root module imports test metrics: Module Key = '[key=aoms.multi.build]'
14:48:10.416 DEBUG: Normalized report includes to 'build\artifacts\test\report.xml]'
14:48:10.416 DEBUG: Scanner uses normalized report path(s): 'build\artifacts\test\report.xml'
14:48:10.416 INFO: Parser will parse '1' report file(s)
14:48:10.416 INFO: Processing report 'build\artifacts\test\report.xml'
14:48:10.416 DEBUG: Transformation skipped: no xslt given
14:48:10.416 INFO: Parsing 'xUnit' format
14:48:10.416 INFO: Sensor C (Community) XunitSensor [c] (done) | time=0ms
14:48:10.416 INFO: Sensor Zero Coverage Sensor
14:48:10.463 INFO: Sensor Zero Coverage Sensor (done) | time=47ms
14:48:10.463 INFO: SCM Publisher is disabled
14:48:10.495 INFO: 41 files had no CPD blocks
14:48:10.495 INFO: Calculating CPD for 18 files
14:48:10.557 INFO: CPD calculation finished
14:48:11.619 INFO: Analysis report generated in 1031ms, dir size=1 MB
14:48:11.823 INFO: Analysis reports compressed in 204ms, zip size=333 KB
14:48:11.823 INFO: Analysis report generated in sonarWD\scanner-report
14:48:11.823 DEBUG: Upload report
14:48:12.135 DEBUG: POST 200 branch_buzzer_unittesting_new&characteristic=branchType%3DLONG | time=312ms
14:48:12.135 INFO: Analysis report uploaded in 312ms
14:48:12.135 INFO: ANALYSIS SUCCESSFUL, you can browse aoms.multi.build
14:48:12.135 INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
14:48:12.135 INFO: More about the report processing at api/ce/task?id=AWntitL64uAFxhEWN59k
14:48:12.151 DEBUG: Report metadata written to sonarWD\report-task.txt
14:48:12.151 DEBUG: Post-jobs : Final report -> Final report
14:48:12.151 INFO: Executing post-job 'Final report'
14:48:12.151 INFO: Executing post-job 'Final report'
14:48:12.151 WARN: Preprocessor: 7 include directive error(s). This is only relevant if parser creates syntax errors. The preprocessor searches for include files in the with 'sonar.cxx.includeDirectories' defined directories and order.
14:48:12.151 WARN: Source code parser: 17 syntax error(s) detected. Syntax errors could cause invalid software metric values. Root cause are typically missing includes, missing macros or compiler specific extensions.
14:48:12.166 INFO: Task total time: 26.273 s
14:48:12.244 INFO: ------------------------------------------------------------------------
14:48:12.244 INFO: EXECUTION SUCCESS
14:48:12.244 INFO: ------------------------------------------------------------------------
14:48:12.244 INFO: Total time: 27.976s
14:48:12.369 INFO: Final Memory: 30M/959M
14:48:12.369 INFO: ------------------------------------------------------------------------
WARN: Found multiple 'report-task.txt' in the workspace. Taking the first one.
sonarWD\report-task.txt
sonarWD\report-task.txt
sonarWD\report-task.txt
Archiving artifacts
[Cobertura] Publishing Cobertura coverage report...

[Cobertura] Publishing Cobertura coverage results...

[Cobertura] Cobertura coverage report found.

Publishing Coverage report....
No reports were found
Recording test results
Skipping issues blame since Git is the only supported SCM up to now.
[CPPCheck] Searching for all files in 'logs\CppCheck.xml'
[CPPCheck] Attaching ResultAction with ID 'cppcheck' to run 'aoms.x.branches.multi #294'.
[CPPCheck] Using reference build 'aoms.x.branches.multi #293' to compute new, fixed, and outstanding issues
[CPPCheck] Issues delta (vs. reference build): outstanding: 0, new: 0, fixed: 0
[CPPCheck] No quality gates have been set - skipping
[CPPCheck] Health report is disabled - skipping
[CPPCheck] Created analysis result for 0 issues (found 0 new issues, fixed 0 issues)
Finished: SUCCESS

In sonarqube in the c community rules there is a tag for misra with 144 rules.
But none of them are listed.
I activated them in the quality profile but still it wont show up

any help is very appreciated

more info:

 C:\Jenkins\programs\CppCheck\addons\misra.py --rule-texts=C:\Jenkins\GlobalIncludes\misra.txt -t"{severity},{file},{message},{id},{line}" source\Buzzer.c.dump
Could not delete "\Logs\CppCheckMisra.xml", file might contain double information
source/Buzzer.c, 52, misra-c2012-5.3, Warning, An identifier declared in an inner scope shall not hide an identifier declared in an outer scope [misra-c2012-5.3]

link to which xml is created.

I get the correct xml and validated it and it finds misra faults like above, the 5.3 but sonar qube doesnt do anything with the other report xml?

2

Hi,

None of the plugins you cite are supported by SonarSource, and the cxx plugin in particular is not supported in this community. You should direct questions about it to its community (GitHub issues?).

 
Thanks for understanding,
Ann

3

Good afternoon Ann,

Question redefined:
How to include misra in sonarqube?
Otherwise automotive development is not suitable for sonarqube. Am I right?

8

Hello,

SonarCFamily analyzer made by SonarSource is coming with rules “inspired” by MISRA meaning they are not fully compliant to the MISRA book, at least there is no strong requirement to be.

Recently, we took the decision to change our policy related to MISRA. Instead of taking only what we like, we want to provide rules fully compliant with the MISRA’s specification.

We decided to start with MISRA C++ 2008. I have no timeline to communicate but as always, the sooner the better. And I do confirm we do that because we heard the voice of automotive customers requested this support.

Out of curiosity, which MISRA standard are you interested with? MISRA C2004, C2012 or C++2008?

Alex

1 Like
9

Hey Alexandre,

Misra C2012 would be the prefered one.
Yes u right, because of the new laws and current laws misra is needed in the automotive sector.
For selling automotive products the software must be compliant atleast following the misra standard.
Otherwise it cannot have a quality mark and then its like not legal.

10

@Alexandre_Gigleux , I now use the trial and I see u really added the misra rules thats awesome thank you.

11

Hello @ralphvbair,

I would like to better understand the automotive market and the constraints you have related to MISRA. For me it’s not clear at all what is requested to suppliers working on that domain.

Would you be able to share here some links that explain “new laws and current laws MISRA is needed in the automotive sector”?

Thanks
Alex

12

Is there any update on this? Does SonarQube support MISRA standard?

13

Hello,

We did an effort in 2019 to better cover the MISRA standards, especially MISRA C++ 2008 and there are today 50 rules for C++ for this specific version of the standard: https://rules.sonarsource.com/cpp/tag/misra-c++2008. You can check my latest post about the topic published in October 2019 here.

But we offer more than these 50 rules with the support of C++ Core Guidelines and in total it’s 440+ rules you can use to make sure your C++ code is maintainable and reliable.

You can get access to these checks on SonarCloud.io and with SonarQube Developer Edition.

Regards
Alex