which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
what are you trying to achieve
what have you tried so far to achieve this
SonarQube 5.3 (CE),sonar-scanner-cli-4.2.0.1873-linux
I am new to SonarQube but our company is using 5.3 as above and we would like to perform analysis of plsql project. We would ideally like to do this via jenkins integration via plugin.
I know about the plsql lanaguage jar (https://docs.sonarqube.org/latest/analysis/languages/plsql/) and think this needs to be placed in a certain directory so it is visible/accessible as part of configuring Jenkins build steps. I have a few initial questions:
We are on old version(5.3) and need an upgrade path, can anyone advise? We might be able to spin up a separate SQ server and move some of these projects to it so we are using the most recent version.
I read that Community Edition does not support PL/SQL analysis and will instead need a developer/enterprise edition, can anyone confirm?
Is it possible with our current setup to install sonar-scanner and/or plsql jar file and trigger analysis via Jenkins with report being sent to SQ server? Would this remove the limitations above or will plsql scan just not run? I know about the sonarscanner for Jenkins plugin that allows us to centralize SQ server config in Jenkins.
Can i have sonar-scanner and SQ server on different machines?
I think I am just a bit confused if sonar-scanner on its own will detect plsql project and perform analysis on it based on plsql rules or if the plsql jar file needs to be added alongside sonar-scanner install.
I appreciate i have asked a lot but thanks in advance for any help.
You need to hit the intermediate LTSs, so assuming you want to go all the way to the current version:
5.3 → 5.6.7 → 6.7.7 → 7.9.2 (current LTS) → 8.1 (out this week)
I confirm.
PL/SQL has always been a licensed language. If you were able to find the version of the PL/SQL analyzer compatible with 5.3, you would need an specific license for that individual plugin, but the Sales department would not issue you one. Instead, they would/will tell you to upgrade to a current version of SQ and then to request a DE license.
Regarding Jenkins, it is absolutely possible to kick off the analysis from Jenkins, once you have a way for Jenkins to check out / obtain the code.
You can, and in fact you should.
The SonarQube 7.9.2 or 8.1 DE bundle you download will include the PL/SQL analyzer (jar). Then you’ll configure a job on Jenkins to obtain the PL/SQL code and fire off analysis. And that’s it.
Thank you for your swift response which has helped me. I have a couple of follow up questions to your points if I may.
Should I install sonar-scanner on the Jenkins machine and configure it to point to SQ server via server.host.url and via Jenkins–>Manage Plugins. I then add config for sonarqube scanner to Jenkins with authentication token.
For PL/SQL jar I can’t install it under the CE edition that I am using or any CE edition for that matter or DE without a license, is that correct?
If i have SQ 7.9.2 or 8.1 DE the download includes the PL/SQL analyzer (jar) If I setup a jenkins job to look at PL/SQL project do I need to do anything specific to ensure that the language for analysis is set to PL/SQL or is this detected automatically?
Uhm… just use the Jenkins UI to configure a SonarQube “server”. You’ll fill in both the URL and auth token there.
Yup.
This is a great question. For most languages detection is going to work automatically based on the language’s normal file extensions. For PL/SQL the defaults are sql, pks, pkb. If your files don’t have those extensions then you’ll need to edit settings (Administration → Languages → PL/SQL → File suffixes) to associate your extensions with the language.
