Sonar Qube Code coverage

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) : 9.9.0.65466
  • how is SonarQube deployed: zip, Docker, Helm : SonarQube is deployed as zip on the server
  • what are you trying to achieve : trying to improve code coverage process including additional libraries
  • what have you tried so far to achieve this : trying to find information or steps

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

We are using Sonarqube for an iOS Swift Project.

We have a multi repo setup and a few of our internal libraries are hosted each in their own separate git repo.

That library code is pulled into our project via cocoapods.

We want those code files to be scanned by sonarqube however we noticed that there is no git metadata when those files are pulled via a pod install.

We are seeing some inaccuracies for the New code coverage metric as changes to those library files are not being reflected in new code coverage metrics.

We have already attempted to disable the SCM sensor but we lost the blame information and the new code coverage metric did not work as expected we found other inaccuracies in new code detection.

Do you have any other proposal besides moving those Pods inside the main repo as DevPods so that we have git metadata for all the scanned code OR setting up sonar scanning for each repo separately?

Hey there.

If your internal libraries are being used by multiple projects, we would suggest you have separate SonarQube projects for each of those internal libraries, rather than scanning them as a part of your main project build. Library code (when used as a dependency) shouldn’t be treated as source code in SonarQube.