Hello every one,
I am new here and hope some one can help me with the following topic.
I am a student and have a project to test some open source applications from Github, such as OpenSSL, Appache, Nagios… with Sonarqube and embold and compare the result. In Embold I only need the link to the repository and the test can start immediately.
Is there also the same functionality for Sonarqube? Right now I am trying both the sonarcloud.io version and the one where I need to download the SonarQube and the approprate scanner to my machine and test. But in the cloud virsion I need to clone the reprositories mentioned above and push them in my reprositories or in the other alternative I need to clone the reprository to my maschine and test. In both cases it works. But I am wondering if there is a better methode to test those open source softwares from GitHub.
Hello 167179, welcome to the SonarSource Community!
Many popular open source projects are already analyzed on SonarCloud; chances are for many of these you don’t need to do anything. For example, the Apache foundation projects are there. Explore and search first before deciding if you need to do anything; open source projects are always publicly visible within SonarCloud.
Can some one help me in this regard?
The documentation says that C is not supported language. But as we can see in the above picture it was analyzed. But when I try it doesn’t. Can some one help me here?
C/C++ are a special case as they cannot be analyzed through static analysis alone. In order for Sonar to be able to understand the code, it has to be compiled with a wrapper that will generate a report. Only then the sonar scanner can read the C/C++ code with the help of the report.
The sonar GitHub action claims that it cannot analyze C/C++ project and that you have to use TravisCI. I think it is just a lack of instructions as there is no reason for this to not work on GitHub Actions.
We have a private C/C++ repo that compiles on Windows through GitHub actions. We do plan on making it to work, but we just got started into the investigation. Most likely we will have to download the wrapper, capture the output file, then pass it to the sonar scanner stage.
