Principles of operation?

SonarQube Server / Community Build
1

Do you have any kind of “Theory of operation” or “Principles of operation” paper that explains what goes on during an analysis (for the various possible arrangements, e.g., using Maven running under Jenkins with the sonar-maven plugin and a remote SQ server)? (Preferably with block diagrams…)

I’ve been trying to wrap my head around this process, and most of the docs explain one small piece of the puzzle, which is hard to put into context without knowing the big picture.

For instance, I can see from the Jenkins log files that early in the build, Maven fetches the quality profiles from the SQ server, and at the end, it sends a large file to the SQ server for post-processing. Is there any interaction with the server in between these two points?

Also, does whatever does the scanning (whether sonar-scanner or one of the plugins) ever talk to the sonar database directly, or does all interaction with that database come exclusively from the SQ server?

(My particular setup is: machine M1 runs Jenkins, which uses Maven to build and sonar-maven-plugin to analyze; machine M2 runs the SQ server, and machine M3 hosts the sonar database that M2 uses.)

2

Hi Mister Pi!

We don’t cover this level of detail within our standard documentation. Here’s a picture which we usually show during administrative training:

image
image1175×581 62 KB

As you can see, the scanner only communicates with the SonarQube server itself via HTTP(s), never the database directly. Interactions are all via web API calls. Up front, the scanner will check its cache of language analyzers and pull any it needs as well as sync quality profile(s) as you already observed. There’s not usually additional communication until the end when the analysis report is sent over. The database interaction involving analysis is all done by the Compute Engine process within SonarQube.

If you have an Enterprise SonarQube subscription, you can speak with your account representative about whether training make sense for you & your users. This is a sample of the level of detail we dive into in such training sessions.