Is it possible to integrate 3rd party code analysis into SonarQube?

(Maxwell Anselm) #1

I want to integrate SonarQube into our continuous integration pipeline. Our current pipeline already runs tools to generate reports for each code branch that include compiler warnings, static analyzer warnings, code coverage, test failures, etc.

The only missing pieces are that

  1. These reports aren’t integrated with our source code; we view them separately. I know that SonarQube can integrate with our git host (BitBucket) to show issues inline
  2. We can’t easily see the delta of issues, only the full list. I know that SonarQube can show you only newly introduced issues

The problem is the only documentation I can find for extending SonarQube functionality is at the source code level. I.e. adding a new language analyzer or extending an existing analyzer. But I don’t need SonarQube to scan anything since the analysis is already done! I just want to add the existing reports into SonarQube.

Is that possible? Is it documented somewhere?

(Colin Mueller) #2

SonarQube plays well with others!

Hope this helps!

Colin

1 Like
(Maxwell Anselm) #3

I converted my code coverage to SonarQube’s format and tried to run sonar-scanner

INFO: Sensor Generic Coverage Report
INFO: Parsing /Users/me/proj/myapp/coverage.xml
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 59.381s
INFO: Final Memory: 31M/2414M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
ERROR: Error during parsing of the generic coverage report '/Users/me/proj/myapp/coverage.xml'. Look at SonarQube documentation to know the expected XML format.
ERROR: Caused by: Line 2 of report refers to a file with an unknown language: /Users/me/proj/myapp/ActivationFramework/Aggregator.co

According to someone on stack overflow, I can’t import code coverage unless I have a code analyzer for the source code.

Is that the case? Because, again, all of the analysis is already done. I just want to import it into SonarQube. Or do I still need to set up a proper plugin so that all of my source files count as analyzed?