Sonar-scala - a new plugin for Scala

Hello SonarSource Team :wave:,

First of all, I wanted to say hi to everybody as this is my first post on this forum.

I know that the topic of Scala keeps coming back periodically and there have been some unofficial plugins available in the past, but they either donā€™t work any more or have a quite limited set of features, so we decided to step up and bring SonarQube once again to the Scala community.

The sonar-scala plugin was originally a collection of multiple community plugins put together by Sagacify, however, it was abandoned about a year ago. I forked the project at the beginning of the year and together with other amazing community members, we have been able to refactor a huge part of the codebase and bring some nice features to the plugin.

Currently, the plugin supports Scala 2.11/2.12 and is intended for SonarQube 6.7 LTS, but the goal is to support the current SonarQube LTS release along with the latest version. We also provide support for scoverage (code coverage metrics), Scalastyle and Scapegoat quality rules, which are currently the most popular tools for static code analysis in Scala. We also provide an sbt plugin sbt-sonar, which is a wrapper around sonar-scanner and allows you to execute analysis from within the sbt build tool.

So far, weā€™ve been publishing the releases to Bintray and we also have Docker images available for each release (mwz/sonar-scala-docker), but weā€™ve been noticing an increased demand from the community to include this plugin in the Marketplace. Iā€™m aware that since the plugin itself is written in Scala, it is impossible to get it analysed on SonarCloud, however, we have a public instance of SonarQube (https://sonar.sonar-scala.com/dashboard?id=sonar-scala) where this plugin gets continuously analysed using its latest release and I was wondering if that could be considered as a valid exemption to the requirement to analyse the plugin on SonarCloud?

Kind regards,
Michael

4 Likes

Hi Michael,

SonarSource is also getting some requests about the support of Scala. As you may know, we have the plan in 2018 to cover 5 new languages. Go, Kotlin are now supported. Ruby is the next one AND in September, we are going to work on the Scala topic.
SonarScala (open source) will be the officially supported analyzer to scan your Scala code coming with 40+ rules. It will allow importing coverage data from scoverage and by default support some external linters such as Scalastyle or Scapegoat (thanks for the pointer).

Regards
Alex

1 Like

Hi @Alexandre_Gigleux,

Thanks for your reply. Itā€™s an excellent news that Scala is getting an official support, I canā€™t wait to see it added to Sonar Cloud too.

In the meantime, would it be possible to add sonar-scala (https://github.com/mwz/sonar-scala) to the list of other community plugins (https://docs.sonarqube.org/display/PLUG/Other+Plugins)?

Thanks,
Michael

This is great news about official plugin being developed. Any update? Will it be written to work with SQ 7.x?

jeff

Hey Jeff,

Well I could simply say that SonarSource top engineers are on it ! Which is certainly true, and to share more insights into the plans: donā€™t expect Scala support in SonarQube 7.4 (rest assured, weā€™ve got other good stuff coming in there), and as @Alexandre_Gigleux hinted we certainly plan to get this done for the following SonarQube versions.

As of whether this will be retro-compatible with past SonarQube versions, itā€™s too soon to say.

Great! Weā€™re on 7.1.x and waiting to upgrade until more plugins are supported on that version. Will 7.1.x be supported do you think?

Like I said it really is too soon to say. With language-focused functional deliveries on SonarQube side, and the always deeper bug/vulnerability detection techniques being implemented in our analyzers, it is a possibility that new language/rules are tied to new improvements in SonarQube itself.

Hi @ganncamp, Iā€™ve noticed that you were the last to update the list of other community plugins on your Confluence, would you be able to add sonar-scala to that list?

Thanks,
Michael

Hi Michael,

Thanks for the poke. TBH, once Alex chimed in on this thread, I stopped paying attention to it.

I am the one who typically adds listings to the Other Plugins page. However, given that weā€™re about to release SonarScala ā€œsoonā€, I hope you can see why Iā€™m a bit reluctant to add ā€œsonar-scalaā€ to our docs, so Iā€™ve listed it as ā€œa Scala analyzerā€.

Ā 
Ann

Hi Ann,

I see Sonar Scala page is updated with the ā€˜Available on SonarCloudā€™ (https://docs.sonarqube.org/display/PLUG/SonarScala) , which is inconsistent with other plugin pages, where you have a direct link to download the plugin.
How can I download the plugin?

Regards,
Magdalena

Hi @Magdalena_Houska,

Analysis of Scala code is currently only available on SonarCloud, hence the note you noticed in the documentation. SonarQube availability is planned for later this year, in SonarQube 7.5.

Hi @NicoB,

Do you already know, if SonarScala will be made available for SonarQube 6.7.x LTS as well? Since it is based on the same framework as SonarKotlin and SonarRuby my hope is that the answer is yes. :slight_smile:

@mwz,

Do you have any working examples of how youā€™ve gotten the code coverage numbers to work for Sonarqube 7.4 running off your Docker image from Github? Iā€™m producing an aggregated report of a multi-module project using org.scoverage:scalac-scoverage-runtime_2.11:1.4.0-M5 and, in the generated HTML report, I can see code coverage numbers, but I canā€™t see these in Sonarqube. Iā€™m using:

sonar-scanner -Dsonar.projectName=multi-module \
              -Dsonar.projectKey=multi-module \
              -Dsonar.projectVersion=1.0-SNAPSHOT \
              -Dsonar.sources=src/main/scala \
              -Dsonar.modules=a,b \
              -Dsonar.sourceEncoding=UTF-8 \
              -Dsonar.scala.version=2.11 \
              -Dsonar.scala.scoverage.reportPath=build/scoverage-aggregate/scoverage.xml \
              -Dsonar.host.url=http://localhost:80/

I am see all sorts of issues reported correctly in Sonarqube, but there are no code coverage numbers at all and I see that the instance youā€™re running has proper code coverage numbers. Is this for a multi-module project, or a single-module one? Could you please share some more details?

I have the simple ā€œHello, World!ā€ application, that Iā€™m using for this: here: https://github.com/carlspring/gradle-scoverage-multi-module.

Many thanks in advance!
Kind regards,

Martin

2 Likes

A post was split to a new topic: How to analyze Scala