I’m currently working on a firmware project and aiming to perform a comprehensive SonarQube analysis. I’ve completed several initial steps but could use some guidance to proceed further.
Could anyone provide a step-by-step breakdown or advice on how to configure the build, run the scanner, and interpret the results in SonarQube? I’m specifically dealing with .c files and aiming to ensure a comprehensive analysis of the firmware project.
Not much goes into effectively utilizing the build wrapper, except for… wrapping your build with it (no further build configuration is usually required).
build-wrapper-win-x86-64.exe --out-dir build_wrapper_output_directory **<your normal build command>**
The documentation on analyzing C/C++/Objective-C is fairly thorough and should walk you through the necessary steps, including what information to pass to the sonar-scanner.
Thank you for the prompt response. I’m encountering a roadblock in my project as I lack the CLI commands necessary to proceed with the build. I typically handle the build process using GUI tools. If I obtain the artifacts through the GUI build using the aforementioned tools, would I still be able to perform the analysis?
I’ve noticed in the documentation that it’s mentioned we should set the SonarQube mode like MSBuild. Does this mean that solely using GUI tools for the build might affect or hinder this analysis process?
You will need to trigger the build via the command line. You would typically need this for any build that is triggered in a CI environment. Do you have a CI pipeline for this project already?
Which part of the documentation are you referring to?