Hi
I am Trying to analyse PR by sonarqube for python project with Jenkins tried giving necessary parameters key,base,branch and also other way of creating coverage.xml and feeding into sonar.python.reportPath here I am able to see xml report in sonarqube dashboard but coverage % is not showing up says can’t read IR files for python even other parameters vulnerabilities,issues,giving 0.
Will be great if someone can assist here.
Thank You
Hi,
Welcome to the community!
Please provide your analysis log.
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
This guide will help you find them.
Ann
Hi @ganncamp Thank you for the reply so as per the guide for python I have to look for Cobertura Sensor related logs so below is related logs i am getting
but i am passing related coverage xml file previously generated by coverage.py tool with parameter sonar.python.reportPaths=xmlcov.xml.
Even in sonarqube UI I am able to view xmlcov.xml file along with number of lines in the code but other outputs related to security like vulnerability,code smells,etc and coverage is not showing up.
Adding some additional info below:
I am generating python coverage xml file from coverage.py tool this generation of .xml file is done in separate Jenkins job and xml file is pushed into s3 bucket and in sonarqube jenkins pipeline i am retrieving those xml file in current working directory and passing as parameter as told above.Gave absolute path and relative paths as well but still no luck.
Thank You
Hi,
Please provide the full text of your entire analysis report.
Ann
Hi,
Your screenshot, with 0s for almost everything, makes me suspect problems with the underlying analysis. That’s why I want to see the entire analysis log - starting from the analysis command itself.
In the meantime, I do see these interesting lines in what you provided:
You might wanna look at that.
Since we’re dealing with a PR, I need to ask if the PR actually changes any code files. Because PR analysis only reports on what was changed in the PR. If you didn’t change any code, then code can’t be reported on. And if there’s no code included in the PR analysis, it’s natural that coverage won’t be reported.
Ann
Hi,
Yes, I can see that. Are the files that were changed Python files? Or are they configuration and/or other ancillary file types?
Ann
Hi,
Yes all files are .py python files in PR.
Thank You
Hi,
Okay, so going back to the full log, we do have the line saying that no Python files were found in the project. Why? It’s in the analysis command:
2023-08-31 19:47:36.477 GMT+05:30 | + /home/path-scanner -Dset=SONAR_SCANNER_OPTS=XXXXX -Dsonar.login=**** -Dsonar.password=**** -Dsonar.host.url=sonarqube_url -Dsonar.projectBaseDir=/home/my_workspace -Dsonar.projectName=repo_name -Dsonar.source=. -Dsonar.inclusions=xmlcov.xml -Dsonar.language=python -Dsonar.projectKey=org:repo -Dsonar.python.reportPaths=/home/my_workspace/xmlcov.xml -Dsonar.pullrequest.key=XXX -Dsonar.pullrequest.base=master -Dsonar.pullrequest.branch=branch_name -Dsonar.pullrequest.provider=github -Dsonar.scm.disabled=true
You’ve got a lot of parameters & there are several I want to address
-Dsonar.projectBaseDir=/home/my_workspace - You shouldn’t need to do this. Just let analysis set the base directory to project root. Setting this explicitly is almost never needed
-Dsonar.language=python - This does nothing. It was dropped several years ago.
-Dsonar.scm.disabled=true - You really don’t want to do this. Analysis relies on SCM data to understand - among other things - which lines/files are actually included in the PR.
Now let’s go back to the log lines I picked out earlier:
Only 1 file was included in analysis. 55,752 files were ignored.
With access to the analysis command, we can see why that is:
-Dsonar.inclusions=xmlcov.xml
Per the docs, an inclusion sets
which files to retain, while filtering out all others, from those defined by
sonar.sources
So with your inclusion, you told analysis to ignore everything but xmlcov.xml, which isn’t a Python file. And without source files, there’s no coverage.
HTH,
Ann
Hi,
That’s a new question. It deserves a new thread.
Ann
Thanks Ann
I am able to get codecoverage as well as security aspects info in my sonarqube report.
1 Like