Hello Team, We are using SonarQube Developer Edition (Version-9.3.0.51899) on our Linux VM to analyze the C++ and java project.
when I try to analyze the C++ source code through sonar-scanner CLI its giving the error message of ‘build-wrapper-dump.json not found’.
We can’t build the source code on Linux VM because our source code can build only on AIX environment(due to dependency issue) and also we can’t use Sonar scanner on AIX server(Unsupported on AIX).
Can we bypass the build-wrapper and scan our C++ source code without executing the build-wrapper.
I can scan and get the sonar analysis report of our C++ source code with community version 7.9.2.30863 without using build wrapper.
Is it mandatory to use build wrapper to scan the C++ source code or use can we use lower version (7.XX) so that we can analyze our C++ project without using build wrapper.
It is required to build the project in order to analyze the source code. The analyzer must run in the same environment as the build environment, in order to allow the analyzer to access all the dependencies and run a precise analysis.
Thanks for your answer, but we are using AIX environment to build our C++ source code and according to sonar documentation, Sonar does not support on AIX.
We can compile the source code only on AIX server. I have tried to compile it on Linux but not succeed could you please suggest another way to scan the code without build it.
Please, i have the same need. i need to run sonarqube analysis on IBM AIX OS for C family code.
So from what I understand from your documentation, it would be still possible to run sonarqube analysis on C family files using a compilation database: C/C++/Objective-C
Please. Would you be able to confirm that upgrading to SonarQube Server 9.6 I would be able to scan that code rather on Linux or Windows using the build-wrapper you provide for those 2 OS using the database without compiling? (i am thinking on generating this database myself somehow)
Sorry for not being clear: if you upgrade, yes, you will be able to use the database without compiling but only for a supported compiler. i.e. xlc will not work.
Out of the box, neither will xlclang++ because of the unexpected prefix. But if you generate the compilation database yourself, using something like xl-clang++ should work. However, IBM-specific options will not be recognized.
If you hit any issues, please, do not hesitate to ask.
I forgot to mention: the compilation database removes the need for build-wrapper and compiling the project, but in any case, the CFamily analyzer is only supported on Linux, Windows, and macOS.
From your last message, I understand that I can prepare my AIX build compilation database and then run the SonarScanner on 1 of the supported OS.
That is correct. As discussed, you need to tweak the compilation database and point to a known compatible compiler, such as clang++ (sonar needs to probe the compiler). This should work ifxlclang++ does not diverge much from the upstream clang: it may give incomplete results (false negatives or false positives) if there are unknown flags that change the compiler behavior.
Another thing to remember is that the compilation database stores the paths where the sources are. These should be in sync between both machines. Otherwise, the scanner will fail to find the source files or dependencies.
Overall, I think it is doable, but it may take a few iterations to get it working. Unfortunately, I am not familiar with AIX, nor IBM’ s clang fork, so I can not help you with the specifics.
