SAP ABAP - Sonar Scan Using SonarLint - Eclipse

SonarQube for IDE Eclipse
1

Hi ,

We want to use the SonarLint Eclipse plug to perform SAP ABAP code analysis for SAP onPremise system. As mentioned in the document , we installed the pluging in Eclipse. Post that we have created a binding for connected mode to work. Unfortunately “rules configuration” doesn’t show ABAP rules and eveytime Synchronization error is received.

In SonarQube, we have a project created. There is no link or use of Github in the whole process.
Please provide some guidance / documentation which we could refer for resolution.

Downloaded plugin list in 415ms
[SYNC] Synchronizing analyzer configuration for project 'ABAPPOCProject2'
Downloaded settings in 322ms
[SYNC] Active rules for 'abap' are up-to-date
[SYNC] Active rules for 'apex' are up-to-date
[SYNC] Active rules for 'cobol' are up-to-date
[SYNC] Active rules for 'css' are up-to-date
[SYNC] Active rules for 'java' are up-to-date
[SYNC] Active rules for 'jcl' are up-to-date
[SYNC] Active rules for 'js' are up-to-date
[SYNC] Active rules for 'jsp' are up-to-date
[SYNC] Active rules for 'kotlin' are up-to-date
[SYNC] Active rules for 'php' are up-to-date
[SYNC] Active rules for 'pli' are up-to-date
[SYNC] Active rules for 'plsql' are up-to-date
[SYNC] Active rules for 'py' are up-to-date
[SYNC] Active rules for 'rpg' are up-to-date
[SYNC] Active rules for 'ruby' are up-to-date
[SYNC] Active rules for 'scala' are up-to-date
[SYNC] Active rules for 'secrets' are up-to-date
[SYNC] Active rules for 'ts' are up-to-date
[SYNC] Active rules for 'tsql' are up-to-date
[SYNC] Active rules for 'web' are up-to-date
[SYNC] Active rules for 'xml' are up-to-date
Error while fetching new code definition

java.lang.IllegalStateException: Insufficient privileges
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.handleError(ServerApiHelper.java:145)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.get(ServerApiHelper.java:74)
	at org.sonarsource.sonarlint.core.serverapi.newcode.NewCodeApi.getNewCodeDefinition(NewCodeApi.java:59)
	at org.sonarsource.sonarlint.core.serverconnection.LocalStorageSynchronizer.synchronizeAnalyzerConfig(LocalStorageSynchronizer.java:86)
	at org.sonarsource.sonarlint.core.serverconnection.ServerConnection.sync(ServerConnection.java:61)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededSync$16(SynchronizationService.java:319)
	at java.base/java.util.HashMap.forEach(HashMap.java:1421)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.synchronizeConnectionAndProjectsIfNeededSync(SynchronizationService.java:316)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$12(SynchronizationService.java:292)
	at java.base/java.util.Optional.ifPresent(Optional.java:178)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$13(SynchronizationService.java:292)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)

Synchronizing project branches for project 'ABAPPOCProject2'
[SYNC] Synchronizing issues for project 'ABAPPOCProject2' on branch 'main'
Error running task 'Synchronizing projects...'
2

Hi,

Welcome to the community!

You seem to have overlooked the topic template, with prompts you for the information we need in order to be able to help you. Could you please tell us:

Please provide

  • Operating system:
  • SonarLint plugin version:
  • Programming language you’re coding in:
  • Is connected mode used:
    • Connected to SonarCloud or SonarQube (and which version):

 
Thx,
Ann

3
  • Operating system: SAP Application is on Linux
  • SonarLint plugin version: 10.5
  • Programming language you’re coding in: ABAP
  • Is connected mode used:
    • Connected to SonarCloud or SonarQube (and which version): SonarQube - 10.6
1 Like
5

Hi,

Thanks for those details. I’ve flagged this for the experts.

 
Ann

6

Hi Ann,

Thanks for prompt response. I am new to Sonar application. It would be helpful if you can provide some documentation as well for this setup.

Thanks,
Sonal

8

Hi @Sonal_Saurabh,

thanks for reaching out. This issue might happen based on different situations, let’s start by ruling out the first one:

When you set up the Connected Mode, did you let SonarLint generate the token or provide your own one?
In the latter case there are different kinds of tokens on SonarQube. When navigating to My Account → Security the form allows for generating User Tokens and Project Analysis Tokens. SonarLint will only work with User Tokens!

If you accidentally used the other form of token, changing it is as easy as opening the SonarLint Bindings View, right-clicking on the connection, choosing Edit Connection…, and following the wizard.

If this is not the case, then please come back and provide me with the full logs except the IDE-specific traces.

Best,
Tobias

9

Hi Tobias,

Thanks for response. The connection is established now ( we used the User Token which was not used previously ) and Sonar Lint “On the fly” assessment is working. We still have have an issue, the “on the fly” assessment is not working immediately i.e. we do changes in the ABAP code , save it and activate it still the assessment doesn’t get refreshed immediately. We are not sure how and when the assessment is getting triggered.

Query →

  1. How can we check what issues have been resolved by the developer post Sonar Lint “on the fly” assessment ?
  2. When a developer does "Mark as " activity on an issue identified by Sonar Lint assessment , is there a possibility to put an approval process ?
  3. Can a Sonar Lint assessment send notification when a developer does any closer of assessment generate on a code ?

It would be very helpful if you can provide some guideline.
Wishing you a very happy weekend !!!

Thanks,
Sonal Saurabh

1 Like
10

Hi @Sonal_Saurabh,

thanks for coming back with this information! Nice to hear that the Connected Mode now works :smile:

I assume you use the official ABAP Development Tools (ADT) developed by SAP in your Eclipse IDE?
If so, then I have only semi-good news for you, starting with your first inquiry (for the others, see below, please).

By default, SonarLint will run on a file save event in Eclipse, but due to how SAP implemented their plug-in, including the ABAP editor itself, it doesn’t make use of it. Therefore no SonarLint analysis is triggered. We have a TICKET for this, but honestly speaking this is a very low priority and will probably not be done in the next year or so for two reasons:

  • how SAP implemented it is an exception to the norm, as such implementing it on our side into SonarLint would be a vendor-specific one which is highly sub-optimal
  • we don’t have access to any SAP system nor their development tools to reproduce, or test, or do any development against

Therefore, currently, the only option is to manually analyze the file by right-clicking it and, from the context menu, choosing SonarLint → Analyze. And even for that, I’m not sure if this is possible from the views in the ABAP perspective. This applies to the ABAP projects, packages, classes, and other objects inside a project if I’m not mistaken, but you might check again if the SonarLint section in the context menu option is available there.

There has been a brief discussion with SAP about it some time ago, as you’re not the first to report this, but with no outcome in the form of commitment to anything.
Seeing this to be limiting SonarLint very much in the context of ABAP development, I would suggest you (maybe not you directly but someone in your organization) to reach out to SAP to make them aware, once again, about this and that it could be possibly improved.

Now, to your other questions regarding the “Mark issue as” activity: Can you please elaborate on what you mean? From what I understand, you’re asking to enhance this process, and if that is the case, I’d like to give you some insight: This process is just a “port” inside the IDE of what is done on SonarQube and SonarCloud (not relevant in your case) and therefore I’d like to ask you to ask that question on the SonarQube part of the community forum. If this is not the case, then please come back and elaborate on that to clarify.

Best,
Tobias

1 Like