First of all, I wanted to say hi to everybody as this is my first post on this forum.
I know that the topic of Scala keeps coming back periodically and there have been some unofficial plugins available in the past, but they either don’t work any more or have a quite limited set of features, so we decided to step up and bring SonarQube once again to the Scala community.
The sonar-scala plugin was originally a collection of multiple community plugins put together by Sagacify, however, it was abandoned about a year ago. I forked the project at the beginning of the year and together with other amazing community members, we have been able to refactor a huge part of the codebase and bring some nice features to the plugin.
Currently, the plugin supports Scala 2.11/2.12 and is intended for SonarQube 6.7 LTS, but the goal is to support the current SonarQube LTS release along with the latest version. We also provide support for scoverage (code coverage metrics), Scalastyle and Scapegoat quality rules, which are currently the most popular tools for static code analysis in Scala. We also provide an sbt plugin sbt-sonar, which is a wrapper around sonar-scanner and allows you to execute analysis from within the sbt build tool.
So far, we’ve been publishing the releases to Bintray and we also have Docker images available for each release (mwz/sonar-scala-docker), but we’ve been noticing an increased demand from the community to include this plugin in the Marketplace. I’m aware that since the plugin itself is written in Scala, it is impossible to get it analysed on SonarCloud, however, we have a public instance of SonarQube (https://sonar.sonar-scala.com/dashboard?id=sonar-scala) where this plugin gets continuously analysed using its latest release and I was wondering if that could be considered as a valid exemption to the requirement to analyse the plugin on SonarCloud?
SonarSource is also getting some requests about the support of Scala. As you may know, we have the plan in 2018 to cover 5 new languages. Go, Kotlin are now supported. Ruby is the next one AND in September, we are going to work on the Scala topic.
SonarScala (open source) will be the officially supported analyzer to scan your Scala code coming with 40+ rules. It will allow importing coverage data from scoverage and by default support some external linters such as Scalastyle or Scapegoat (thanks for the pointer).
Well I could simply say that SonarSource top engineers are on it ! Which is certainly true, and to share more insights into the plans: don’t expect Scala support in SonarQube 7.4 (rest assured, we’ve got other good stuff coming in there), and as @Alexandre_Gigleux hinted we certainly plan to get this done for the following SonarQube versions.
As of whether this will be retro-compatible with past SonarQube versions, it’s too soon to say.
Like I said it really is too soon to say. With language-focused functional deliveries on SonarQube side, and the always deeper bug/vulnerability detection techniques being implemented in our analyzers, it is a possibility that new language/rules are tied to new improvements in SonarQube itself.
Thanks for the poke. TBH, once Alex chimed in on this thread, I stopped paying attention to it.
I am the one who typically adds listings to the Other Plugins page. However, given that we’re about to release SonarScala “soon”, I hope you can see why I’m a bit reluctant to add “sonar-scala” to our docs, so I’ve listed it as “a Scala analyzer”.
I see Sonar Scala page is updated with the ‘Available on SonarCloud’ (https://docs.sonarqube.org/display/PLUG/SonarScala) , which is inconsistent with other plugin pages, where you have a direct link to download the plugin.
How can I download the plugin?
Do you have any working examples of how you’ve gotten the code coverage numbers to work for Sonarqube 7.4 running off your Docker image from Github? I’m producing an aggregated report of a multi-module project using org.scoverage:scalac-scoverage-runtime_2.11:1.4.0-M5 and, in the generated HTML report, I can see code coverage numbers, but I can’t see these in Sonarqube. I’m using:
I am see all sorts of issues reported correctly in Sonarqube, but there are no code coverage numbers at all and I see that the instance you’re running has proper code coverage numbers. Is this for a multi-module project, or a single-module one? Could you please share some more details?