"sonar-report.json" - Is this file still available?

As mentioned in https://stackoverflow.com/questions/54142195/how-do-i-user-jenkins-warnings-ng-plugin-sonarqube-analysis I want to use the Jenkins Warnings NG Plugin, which provides a “SonarQube” Warnings Analyzer.

Sadly this Plugin depends on a “sonar-report.json” which seems to be a deprecated file, which was generated using “preview-mode” or on Clients using Sonar Lint.

Is there a way to create this file using SonarQube 7.4 on Jenkins without using SonarLint?

1 Like

Hi,

That file was an output of the long-since-removed Issues mode. You’re not going to be able to generate it from 7.4.

 
Ann

Different from what @ganncamp says, you can generate the sonar-report.json file in SonarQube 7.4. You need to pass these properties to sonar-scanner:

-Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json

The .json will be generated inside the .scannerwork directory.

Hi @ganncamp, Hi @Scott

Thanks for the response. As Scott mentioned it is possible to use the analysis.mode parameter, but Ann mentioned it is deprecated (since SonarQube 6.6 as I found out) so I think I will not use it in production.

Nevertheless I will create a Ticket on the Jenkins Warnings NG Plugin Page that they provide an alternative to that file.

1 Like

@Christoph_Forster, I’m agree with you - unfortunately, currently there is no way to present SonarQube report in Jenkins and modify build status based on Sonar analyse.
BTW, I’m not sure that it’s a call for Jenkins Warnings NG Plugin - IMHO, SonarQube should provide its report in some standard format.

Hi @Christoph_Forster,

It is possible to get a report of the analysis with full issue details (number of issues, types, lines of code, …), but I don’t know if it is in the format expected by Jenkins.

We also use Jenkins and we don’t use its Sonar plugin but rather have a custom script that performs the analysis and sets a Gerrit score.

  1. In order to get the report, take a look at the report-task.txt file generated by the scanner after it has finished. You first need to check that the server hea finished to process the analysis by downloading the URL of ceTaskUrl

The file looks like this:
{
“task”: {
…,
“status”: “PENDING”,

}
}

Keep downloading the ceTaskUrl file until the status shows SUCCESS (you can query this JSON file using the jq utility).

  1. Once the server finished processing the analysis, you can download your report by querying the server using the Web API. The right API is /api/issues. The URL you should download is something like this:

    $serverUrl/api/issues/search?componentKeys=$projectKey&branch=$DEV_BRANCH&resolved=false&facets=severities

This is I think the file you are looking for. It contains all issues with the comments that appear on Sonar. We only use it to set the score, but it is possible to extract the comments using jq and send the comments to Gerrit.

this works but how can access the report of a specifc run?

So, GETing
$serverUrl/api/issues/search?componentKeys=$projectKey&branch=$DEV_BRANCH&resolved=false&facets=severities

is fine, but how do I know this is the for the analysis that was performed - there is an analysisId, so can I get the issue based off the analsis id?

BTW, I am trying the get the Web API doc on SonarQube, but failing miserably. Can any point it to me?

Footer of your instance.

If you’re specifying a short-lived branch/pull request, does it really matter which particular run it is?

thanks, got the API :slight_smile:

Yeah, I am taking a look at the short-lived branching. Don’t have much experience (working on it).

But let me give you a context where I am coming from. Perhaps you can quickly guide me.

We have just updated to Java 11, and hence moved to SonarQube 7.7. We make use of Gerrit and our Jenkins jobs runs the build the sonar analysis of every commits of a change set. We use Gerrit-trigger and Sonar Gerrit plugin to accomplish this.

Since sonar-report.json is no longer generated, getting the issue from the SonarQube and putting it in the file (sonar-report.json) works as expected (turns out Sonar Gerrit plugin ignore unknown properties :slight_smile: ).

But the analysis need to be of that specific run on that commit. I assume short-lived branch approach will work - each commit is a short-lived branch? (sorry for the stupid question).

Any quick advice?

bumber. Short-live branch is developer edition and above. We can’t afford it atm.

If you don’t have developer edition, this means that sonar is scanning your review but put the results to the long lived branch master (someone can confirm ?). So just omit the “branch=” parameter and I think it do the job. But i’m not sure

thanks and yes that is the case.

For Gerrit reviews, this won’t work as commit analysis can overwrite each others before the report is fetched. The alternative is to make use of different projectKey for each commits and use the Web API to delete the project analysis after fetching the report

Yes, using Gerrit branch support is a must have.

The suggested workaround (different projectKey for every run) is working well. For the “issues search api” response to sonar-report.json conversion, I made a little jq script.

usage:
curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false \
| jq -f sonar-report-builder.jq > sonar-report.json

sonar-report-builder.jq.txt (843 Bytes)

4 Likes

I have now also tested to use SonarToGerrit with SonarQube 7.9.2.
I have managed to publish comment to Gerrit as before and it works.
The problem I have now is that the time to analyse our project have increased allot. Since publish will analyse all files in the project. I have managed to use “sonar.source” to filter out only the packages that is part of my review. but that does not work on a multi module project.

So for multi module project it seems that I need to publish each module as a separate project instead of one project. But that gives me other problems, the SonarToGerrit plugin will not manage to recognize the projects and therefor not able to publish any comments to sonar. So I guess I need to manually update the sonar-report.json and merge all reports from each module to look like one project.

Do anyone have a ideas or solution for how to solve the increase analyse time in best way?

hi, @Martin_Aldrin recently the sonarqube server i use is updated tp 7.9 leading to the missing of sonar-report.json due to the -Dsonar.analysis.mode=preview is deprecated. would you please guide me how to make it work again since i see that you managed to make it.
thank you a lot.

Hi, @Martin_Aldrin I would like to know how you did it as well. We recently updated our sonarqube server to 7.7 and we’re having trouble setting up SonarToGerrit.

Hi @eyijyan and @patrickbard
(and future visitors)

In the quest for an alternative of mode=preview I found this code useful (useful perhaps only in the case you are using Jenkins):

Best,
Gustavo.

2 Likes

Thanks!I will try to use this way to post Score to Gerrit .

1 Like