Support for Perforce with recent versions of SonarQube?

Hello,

Can recent versions (ideally latest version) of SonarQube be used with Perforce?

I am interested in using SonarQube for my product. Most of the source is in github enterprise, but some subsystems are in Perforce.

I found this thread Support & Status of Perforce Plugin and I looked in GitHub - perforce/sonar-scm-perforce: SonarQube Perforce plugin where latest update was for SonarQube 7.9, merged in November 2019.

Thanks, /Dave.

Hi Dave,

The perforce plugin is no longer maintained by SonarSource. It would need to be updated by the community to become compatible with the latest versions of SonarQube.
Note that you can still use SonarQube, but you’ll be missing some of the features related to SCM.

Thanks Duarte.

Can you provide any info on how I can use SonarQube for projects that are stored in Perforce?

I expect that I cannot use SonarQube to analyze the code in Perforce.
And I don’t know whether/how I can see test coverage in SonarQube.

Not having support for Perforce doesn’t mean you can’t analyze code stored in Perforce.
You can checkout the code with Perforce and analyze it using a scanner as usual.
The only difference is that the scanner won’t load certain things from the scm (Perforce in that case), like blame information (author and change dates), and certain features that depend on it, like issue auto assignment, won’t work.

Great, thanks Duarte. It sounds like a lot of the functionality is still available for the code in Perforce.

I guess we can

  • see the scan results (bugs, vulnerabilities, code smells and tests coverage) in SonarQube UI
  • pause Jenkins build pipeline to get the scan results (Quality Gate status)
  • configure SonarQube to send notifications

Dave.

Appreciate any info on whether / what support it would have for branches in Perforce (using Developer Edition).

I expect it cannot identify new issues / smells that are only in a PR/feature branch, but maybe it can separate branch results from other branches / master - based on tag provided from branch build to the scanner - so that I can compare the coverage level / bugs against master?

1 Like

Hi Dave,

Just FYI, the Perforce folks took over the Perforce plugin.

Not to discourage asking questions here, but if you’re not getting the functionality you need out of it… it seems like they ought to support you.

 
:slightly_smiling_face:
Ann

1 Like

Dave,

You can still use PR and feature branches in SonarQube without a SCM detected.
For PRs, SonarQube will detect changed code based on the code that is in SonarQube (won’t be accurate if the target branch is not up to date).
For branches, unless you use the “Reference branch” New Code Setting, each branch as a separate issue lifecycle and the information loaded from the SCM won’t affect the issues that you see.

I suggest you give it a try and see what you get.

Great, thanks Duarte. The info is to help me make the case to use SonarQube. Looks like I have enough now for the next step and we can experiment with SonarQube / Perforce later, when we have our installation.

/ Dave.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.