Import cppcheck_report.xml to SonarQube Community

jaizpuruzin · March 27, 2023, 1:30pm

I am trying to import the xml I have generated from cppcheck to my sonarqube community to make the results more visible.

Can someone tell me how to do it?

I have tried to install some plugins but none of them worked for me.

I would be grateful if you could tell me the steps to follow so that I can read those .xml.

Thank you very much and best regards,
Joanes

ganncamp · March 28, 2023, 4:07pm

Hi,

Welcome to the community!

C++ support starts in Developer Edition($).

HTH,
Ann

jaizpuruzin · March 29, 2023, 3:01pm

Hello,

But Community version can not visualize .xml o .html reports? I only want to visualize my reports in sonarqube. Only visualize the report.

Thank you and best regards.

ganncamp · March 29, 2023, 4:42pm

Hi,

You need language support before reports related to the language can be imported during analysis and the results shown in SonarQube.

Ann

jaizpuruzin · March 30, 2023, 7:44am

Hello,

So with cppcheck I am generating a .xml, then I try launching “sonnar-scanner” command to my sonar-project.properties which is:

sonar.cxx.cppcheck.enable=true
sonar.cxx.cppcheck.path=C:/Program Files/Cppcheck/cppcheck.exe
sonar.cxx.cppcheck.customAddonRules=C:/Program Files/Cppcheck/addons/misra.py
sonar.cxx.cppcheck.exeAdditionalOptions=–suppress=missingIncludeSystem

sonar.projectBaseDir=C:/Users/jaizpuruzin/Downloads/Bank-Management/DSAproject
sonar.xml.reportPaths=C:/Users/jaizpuruzin/Downloads/Bank-Management/DSAproject/cppcheck_report.xml
sonar.cxx.cppcheck.reportPath=C:/Users/jaizpuruzin/Downloads/Bank-Management/DSAproject/cppcheck_report.xml
sonar.sources=C:/Users/jaizpuruzin/Downloads/Bank-Management/DSAproject
sonar.sourceEncoding=UTF-8

#SonarQube Configuration
sonar.projectKey=PLUSPLUS_JOANES
sonar.projectName=PLUSPLUS_JOANES
sonar.projectVersion=1.0
sonar.login=sqa_e292a465add52e3103a1581826c6a31678c76975

But I am not able to visualize my results in SonarQube interface.
What should I change taking into account I am using SonarQube - Community?

Thanks for your answers and best regards,
Joanes

ganncamp · March 30, 2023, 11:38am

Hi Joanes,

The Cxx plugin isn’t supported in this community. You’ll need to ask its maintainers.

Ann

jaizpuruzin · March 30, 2023, 12:03pm

Hello,

So is there any way for SonarQube to be able to display the results of the cppcheck report .xml or .html in the Community version?

How would I have to configure the .properties file to display these results?

Thanks again for your answers and best regards,
Joanes

ganncamp · March 30, 2023, 12:17pm

Hi Joanes,

First, I need to say that Developer Edition($) licenses start at $150/year.

And also, SonarCloud is free for open source projects.

And in any SonarQube edition (and in SonarCloud), you can import a Generic Issues report on files with an unknown language. So your options are:

upgrade
convert your report to the generic format
switch to SonarCloud.

HTH,
Ann

jaizpuruzin · March 30, 2023, 12:50pm

Hello,

We are actually considering purchasing Developer Edition but for now we want to see what Community Edition is capable of. So referring to my last comment:

So, is there any way that SonarQube can display the results of the cppcheck .xml or .html report in the Community version?

How would I have to configure the .properties file to display these results or what would I be missing to configure?

Thanks and best regards,
Joanes

ganncamp · March 30, 2023, 2:12pm

Hi Joanes,

I did not ignore your question:

HTH,
Ann

jaizpuruzin · April 5, 2023, 7:17am

Hello again,

So I have an empty repository where I only have a report.txt containing the example shown in:

I haven’t even created a “sonar-project.properties”, I just want SonarQube to be able to show the results of “report.txt” in its interface.

I am launching this command:
sonar-scanner -Dsonar.projectKey=EMPTY_PRO -Dsonar.host.url=http://localhost:9000 -Dsonar.login=2f7e5202b2f94dcdc2cf4df3a8d7572e611d2c95 **-Dsonar.externalIssuesReportPaths=report.txt**

Although in the SonarQube interface, the project I created “EMPTY_PRO” is executed, it does not show the results of the report.txt.

What is the way to be able to import reports to SonarQube?
If I have to launch some command or I have to configure a sonar.properties (I just want to show in the interface some results), I would appreciate if you could give me more details.

Thank you very much and best regards,
Joanes

ganncamp · April 7, 2023, 4:28pm

Hi,

Where do expect the issues to be reported if you have no files in your project? The generic report sample in the docs, reports issues on files. No file, no issues.

I suggest you analyze an actual project and craft a generic issues report that reports issues on lines in its files.

HTH,
Ann

jaizpuruzin · April 13, 2023, 8:34am

Hello Ann,

I think we are not understanding each other or maybe it is me who is not trying well. What I want is:

1. Using cppcheck I create the report (.xml) of a .cpp file with MISRA rules.
2. I created a project where my sonar-project.properties and my .cpp file (Descriptions.cpp) are located.
3. I have modified my .xml to “Generic issue import format” and now I have GenericFormat.xml which contains:

{ “issues”: [
{
“engineId”: “test”,
“ruleId”: “misra-c2012-15.6”,
“severity”: “BLOCKER”,
“type”: “CODE_SMELL”,
“primaryLocation”: {
“message”: “misra violation (use --rule-texts= to get proper output)”,
“filePath”: “Descriptions.cpp”,
“textRange”: {
“startLine”: 38
“startColumn”: 9
}
},
“effortMinutes”: 0
}
]}

4. Now I should be able to import that xml into the SonarQube - Community version interface?

Thank you and best regards,
Joanes

jaizpuruzin · April 13, 2023, 1:20pm

Hello Ann,

Now I am able to import my issues of cppcheck to SonarQube. So I can consider this topic closed.

Thank you for your attention and best regards!!
Joanes

ganncamp · April 13, 2023, 1:22pm

Hi Joanes,

Please share your analysis properties and command.

Ann

jaizpuruzin · April 13, 2023, 1:39pm

Hello Ann,

So the file which I am importing is this one:
{ “issues”: [
{
“engineId”: “test”,
“ruleId”: “misra-c2012-15.6”,
“severity”: “BLOCKER”,
“type”: “CODE_SMELL”,
“primaryLocation”: {
“message”: “misra violation (use --rule-texts= to get proper output)”,
“filePath”: “Descriptions.cpp”,
“textRange”: {
“startLine”: 38,
“startColumn”: 9
}
},
“effortMinutes”: 0
}
]}

I launch this command:
sonar-scanner -X -Dsonar.projectKey=EMPTY_PRO -Dsonar.host.url=http://localhost:9000 -Dsonar.login=2f7e5202b2f94dcdc2cf4df3a8d7572e611d2c95 -Dsonar.sources=Descriptions.cpp -Dsonar.externalIssuesReportPaths=GenericIssueFormat.json

And I am able to see my issue on SonarQube interface:

ganncamp · April 13, 2023, 2:04pm

Hi,

So you’re able to see the issue and your problem is solved?

Ann

jaizpuruzin · April 13, 2023, 2:08pm

Hi Ann,

Yes now I am able to import files to SonarQube, I think my problem is solved.

I don´t know if you have any other suggestion to improve my environment, what I try to do is to show the free options of SonarQube to my colleagues in order to be able to pay for the Development version in my company.

Thank you and best regards,
Joanes