I recently wanted to test our organization’s code using sonarqube which is hosted in an EC2. I have updated the /opt/ properties file for the API token and also the current code directory sonar-project.properties file for telling which file to perform analysis on (main.c).
But whenever I execute sonarscanner it is failing because it cant find Build-wrapper. I though this is a pre-included package in the sonar-scanner installation. I reinstalled but still I can’t find it under my sonar-scanner/bin folder. And there is no way I can download it from the website because it is asking me to download using my which doesn’t work.
Did anyone face the same issue? Can someone please help?
-System my Sonarqube is hosted on is a Linux and on port 9000
-System I am trying to perform static analysis is also a Linux Ubuntu and an EC2.
Do you know which version & edition of SonarQube you are using? Build Wrapper is only available starting from the Developer Edition of SonarQube and Yes, it is not included as part of the sonar-scanner package.
You’ll have to download it using your SonarQube instance’s URL,
In your case - <Your SonarQube URL>/static/cpp/build-wrapper-linux-x86.zip
What am I missing here? I have included all the property files with the right server names and API tokens. It is doing the analysis but it is being broken because the build wrapper is not available since I am trying to compile a C language script.
You’ll have to download the package from your SonarQube instance.
So you’ll have to run wget https://yoursonarqubeURL/static/cpp/build-wrapper-linux-x86.zip
This should download the package, later you can unzip and you should be able to run the BuildWrapper.
Thanks for clarifying this. But if I install the build wrapper in my Sonarqube instance how can I perform static analysis on my code?
In other words, my setup is like this → My Sonarqube is configured and hosted on port 9000 on an EC2 in an AWS account-A.
I am trying to perform static analysis on a Test-EC2 server which is in AWS account-B. On this Test EC2, I configured the sonar-scanner /conf/properties files to have the right host URL and API token. On this server, I am cloning my code and trying to compile using the G++ compiler. Everything works when I run the sonar-scanner command (sonar-project properties files to tell which .c or c++ file to scan for) and this process is failing because I don’t have a build wrapper installed on my test EC2 instance.
Am I missing something here? Should I go for a different approach? As per the documentation, I thought it is always best practice to install sonar scanner in EC2/ docker containers in a different server other than the Sonarqube instance, and this way the code can be continuously scanned without disturbing the actual Sonar instance.
Let’s consider you have your SonarQube instance here MainEC2 and triggering the scan from here TestEC2.
You’ll have to download the BuildWrapper in your TestEC2(Where you plan to run your scan from).
Once you have the package, you’ll have to run the BuildWrapper before running the scan.
Your command would look something like this, build-wrapper-linux-x86-64 --out-dir build_wrapper_output_directory make clean all
You’ll find details in the docs on what all build tools are supported.
This will generate a json file(Bare with me if I’m wrong, I don’t exactly remember the file format ) in the output directory you specified in the above cmd.
Once you have the file, you can run your sonar scan cmd, with an additional parameter that points to the build wrapper output directory. sonar.cfamily.build-wrapper-output=build_wrapper_output_directory
I just confirmed the build-wrapper installation on my TestEC2. The thing that I missed was to include wget build-wrapper… download. After including the wget which is missing in the documentation I was able to download the package and test my code.
Thanks for your help and clear explanation. The only issue I am facing currently is that
build-wrapper-linux-x86-64 --out-dir build_wrapper_output_directory make clean all. I am not able to run this command and every time I am rm -rf’ ing the build-wrapper output directory manually and running the build-wrapper g++ my program test.c command. This way when I execute the sonar-scanner cmd it will execute having the new/ latest bare JSON files for the analysis.
) in the output directory you specified in the above cmd.