"sonar-report.json" - Is this file still available?

sonarlint
scanner
sonarqube

(Christoph Forster) #1

As mentioned in https://stackoverflow.com/questions/54142195/how-do-i-user-jenkins-warnings-ng-plugin-sonarqube-analysis I want to use the Jenkins Warnings NG Plugin, which provides a “SonarQube” Warnings Analyzer.

Sadly this Plugin depends on a “sonar-report.json” which seems to be a deprecated file, which was generated using “preview-mode” or on Clients using Sonar Lint.

Is there a way to create this file using SonarQube 7.4 on Jenkins without using SonarLint?


(G Ann Campbell) #2

Hi,

That file was an output of the long-since-removed Issues mode. You’re not going to be able to generate it from 7.4.

 
Ann


(Scott) #3

Different from what @ganncamp says, you can generate the sonar-report.json file in SonarQube 7.4. You need to pass these properties to sonar-scanner:

-Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json

The .json will be generated inside the .scannerwork directory.


(Christoph Forster) #4

Hi @ganncamp, Hi @Scott

Thanks for the response. As Scott mentioned it is possible to use the analysis.mode parameter, but Ann mentioned it is deprecated (since SonarQube 6.6 as I found out) so I think I will not use it in production.

Nevertheless I will create a Ticket on the Jenkins Warnings NG Plugin Page that they provide an alternative to that file.


(Vitaly Karasik) #5

@Christoph_Forster, I’m agree with you - unfortunately, currently there is no way to present SonarQube report in Jenkins and modify build status based on Sonar analyse.
BTW, I’m not sure that it’s a call for Jenkins Warnings NG Plugin - IMHO, SonarQube should provide its report in some standard format.


(dexter) #6

Hi @Christoph_Forster,

It is possible to get a report of the analysis with full issue details (number of issues, types, lines of code, …), but I don’t know if it is in the format expected by Jenkins.

We also use Jenkins and we don’t use its Sonar plugin but rather have a custom script that performs the analysis and sets a Gerrit score.

  1. In order to get the report, take a look at the report-task.txt file generated by the scanner after it has finished. You first need to check that the server hea finished to process the analysis by downloading the URL of ceTaskUrl

The file looks like this:
{
“task”: {
…,
“status”: “PENDING”,

}
}

Keep downloading the ceTaskUrl file until the status shows SUCCESS (you can query this JSON file using the jq utility).

  1. Once the server finished processing the analysis, you can download your report by querying the server using the Web API. The right API is /api/issues. The URL you should download is something like this:

    $serverUrl/api/issues/search?componentKeys=$projectKey&branch=$DEV_BRANCH&resolved=false&facets=severities

This is I think the file you are looking for. It contains all issues with the comments that appear on Sonar. We only use it to set the score, but it is possible to extract the comments using jq and send the comments to Gerrit.