Sonar-scala - a new plugin for Scala


(Michael Wizner) #1

Hello SonarSource Team :wave:,

First of all, I wanted to say hi to everybody as this is my first post on this forum.

I know that the topic of Scala keeps coming back periodically and there have been some unofficial plugins available in the past, but they either don’t work any more or have a quite limited set of features, so we decided to step up and bring SonarQube once again to the Scala community.

The sonar-scala plugin was originally a collection of multiple community plugins put together by Sagacify, however, it was abandoned about a year ago. I forked the project at the beginning of the year and together with other amazing community members, we have been able to refactor a huge part of the codebase and bring some nice features to the plugin.

Currently, the plugin supports Scala 2.11/2.12 and is intended for SonarQube 6.7 LTS, but the goal is to support the current SonarQube LTS release along with the latest version. We also provide support for scoverage (code coverage metrics), Scalastyle and Scapegoat quality rules, which are currently the most popular tools for static code analysis in Scala. We also provide an sbt plugin sbt-sonar, which is a wrapper around sonar-scanner and allows you to execute analysis from within the sbt build tool.

So far, we’ve been publishing the releases to Bintray and we also have Docker images available for each release (mwz/sonar-scala-docker), but we’ve been noticing an increased demand from the community to include this plugin in the Marketplace. I’m aware that since the plugin itself is written in Scala, it is impossible to get it analysed on SonarCloud, however, we have a public instance of SonarQube (https://sonar.sonar-scala.com/dashboard?id=sonar-scala) where this plugin gets continuously analysed using its latest release and I was wondering if that could be considered as a valid exemption to the requirement to analyse the plugin on SonarCloud?

Kind regards,
Michael


(Alexandre Gigleux) #2

Hi Michael,

SonarSource is also getting some requests about the support of Scala. As you may know, we have the plan in 2018 to cover 5 new languages. Go, Kotlin are now supported. Ruby is the next one AND in September, we are going to work on the Scala topic.
SonarScala (open source) will be the officially supported analyzer to scan your Scala code coming with 40+ rules. It will allow importing coverage data from scoverage and by default support some external linters such as Scalastyle or Scapegoat (thanks for the pointer).

Regards
Alex


(Michael Wizner) #3

Hi @Alexandre_Gigleux,

Thanks for your reply. It’s an excellent news that Scala is getting an official support, I can’t wait to see it added to Sonar Cloud too.

In the meantime, would it be possible to add sonar-scala (https://github.com/mwz/sonar-scala) to the list of other community plugins (https://docs.sonarqube.org/display/PLUG/Other+Plugins)?

Thanks,
Michael


(Jeff Mathers) #4

This is great news about official plugin being developed. Any update? Will it be written to work with SQ 7.x?

jeff


(Nicolas Bontoux) #5

Hey Jeff,

Well I could simply say that SonarSource top engineers are on it ! Which is certainly true, and to share more insights into the plans: don’t expect Scala support in SonarQube 7.4 (rest assured, we’ve got other good stuff coming in there), and as @Alexandre_Gigleux hinted we certainly plan to get this done for the following SonarQube versions.

As of whether this will be retro-compatible with past SonarQube versions, it’s too soon to say.


(Jeff Mathers) #6

Great! We’re on 7.1.x and waiting to upgrade until more plugins are supported on that version. Will 7.1.x be supported do you think?


(Nicolas Bontoux) #7

Like I said it really is too soon to say. With language-focused functional deliveries on SonarQube side, and the always deeper bug/vulnerability detection techniques being implemented in our analyzers, it is a possibility that new language/rules are tied to new improvements in SonarQube itself.


(Michael Wizner) #8

Hi @ganncamp, I’ve noticed that you were the last to update the list of other community plugins on your Confluence, would you be able to add sonar-scala to that list?

Thanks,
Michael


(G Ann Campbell) #9

Hi Michael,

Thanks for the poke. TBH, once Alex chimed in on this thread, I stopped paying attention to it.

I am the one who typically adds listings to the Other Plugins page. However, given that we’re about to release SonarScala “soon”, I hope you can see why I’m a bit reluctant to add “sonar-scala” to our docs, so I’ve listed it as “a Scala analyzer”.

 
Ann


(Magdalena Houška) #10

Hi Ann,

I see Sonar Scala page is updated with the ‘Available on SonarCloud’ (https://docs.sonarqube.org/display/PLUG/SonarScala) , which is inconsistent with other plugin pages, where you have a direct link to download the plugin.
How can I download the plugin?

Regards,
Magdalena


(Nicolas Bontoux) #11

Hi @Magdalena_Houska,

Analysis of Scala code is currently only available on SonarCloud, hence the note you noticed in the documentation. SonarQube availability is planned for later this year, in SonarQube 7.5.


(Jochen Haag) #12

Hi @NicoB,

Do you already know, if SonarScala will be made available for SonarQube 6.7.x LTS as well? Since it is based on the same framework as SonarKotlin and SonarRuby my hope is that the answer is yes. :slight_smile: