which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube = sonarqube-developer-8.4.1.35646
Scanner = sonar-scanner-4.4.0.2170-windows
what are you trying to achieve
I want to scan a C++ project
what have you tried so far to achieve this
I have SonarQube up and running
I got the command assigned as follows to execute the Sonar Scanner against my C++ project.
sonar-scanner.bat -D"sonar.projectKey=PCL2PDF" -D"sonar.sources=." -D"sonar.host.url=http://localhost:9000" -D"sonar.login=fa9676be1d0f6a66c647c5278dfb0bdbf2be8f9f" -X
Below is the error message from the long trail of logs generated when executing the Sonar Scanner.
06:06:27.063 INFO: ------------------------------------------------------------------------
06:06:27.064 INFO: EXECUTION FAILURE
06:06:27.064 INFO: ------------------------------------------------------------------------
06:06:27.065 INFO: Total time: 16.438s
06:06:27.111 INFO: Final Memory: 22M/80M
06:06:27.111 INFO: ------------------------------------------------------------------------
06:06:27.112 ERROR: Error during SonarScanner execution
org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
at org.sonar.java.JavaClasspath.init(JavaClasspath.java:64)
at org.sonar.java.AbstractJavaClasspath.getElements(AbstractJavaClasspath.java:280)
at org.sonar.java.SonarComponents.getJavaClasspath(SonarComponents.java:149)
at org.sonar.java.JavaSquid.(JavaSquid.java:81)
at org.sonar.plugins.java.JavaSquidSensor.execute(JavaSquidSensor.java:102)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:85)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:388)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:384)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:353)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:144)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Thank you a lot for your prompt response. I’ve tried to add the exclusion on the Project Setting page but it seems not working. I had to modify the sonar-project.properties which looks like this to make it work.
sonar.projectKey=PCL2PDF
sonar.projectName=PCL2PDF
sonar.projectVersion=1.0
sonar.sources=. sonar.exclusions=/*.java**
sonar.cfamily.build-wrapper-output=wrapper_output
sonar.sourceEncoding=UTF-8
Now I got this error from Sonar Scanner. Note that our project has not been Docker containerized yet.
if you are building your project inside a Docker container, build-wrapper is wrapping the build process inside the container and not wrapping the external Docker process
at com.sonar.cpp.plugin.CFamilySensor.execute(CFamilySensor.java:388)
I rebuilt the wrapper then was able to scan the C++ project successfully. I have another post that I really need your guidance. I’d like to export the scanning results to some kind of reports that I can try to verify with Vulnerator. How could it be done?
I’ve tried to read the documents provided by this link now. I wonder if you could provide a basic sample source code that illustrates the required steps to collect the reports from scanning results. It is really appreciated.
What is the URI? Does it require any type of authentication? I’ve spent time learning the pages provided in the Web API link but could not find them. By the way, is it possible that you could provide a sample pseudo-code to illustrate how to specify the scanning results in order to generate reports from them? It is really appreciated.
I am sorry for the misunderstanding. I could never have any intentions to ask you to do the job/testing the web APIs for me.
My job is to do software evaluation for my company and due to my lack of understanding of your applications, the questions may sound silly to you and I am sorry for that.
Here is the point again. I’ve tried my best to test the available web APIs that SonarQube offers but unfortunately, I couldn’t find any API that is to convert or export the C++ scanning results to any kind of reports.
Attached please see the report I’ve done so far. Please help advise since our Developer Edition license will be expiring soon.
Thanks,
Brian Nguyen
(Attachment Testing SonarQube web API with Curl.docx is missing)
I got the error message of “Authentication is required” returned when testing quite a number of API endpoints such as this one, api/favorites/remove?component=PCL2PDF
I did execute a POST request of api/authentication/login first. How do I obtain the authentication required?
I was able to access some API endpoints which require authentication.
With api/issues/search, I was able to collect a JSON file from a scanned C++ project. Could you help take a look at this? Is it the format of reports that SonarQube expects?
I think I am getting lost, my understanding is that you are trying to build a report with a format that suits you, I find the question “Is it the format of reports that SonarQube expects?” a bit strange. If you are getting out the information you are interested in the it is up to you to transform them in the format you like.
