Testing open Source repositories from GitHub

167179 · November 23, 2020, 7:10pm

Hello every one,
I am new here and hope some one can help me with the following topic.
I am a student and have a project to test some open source applications from Github, such as OpenSSL, Appache, Nagios… with Sonarqube and embold and compare the result. In Embold I only need the link to the repository and the test can start immediately.

Is there also the same functionality for Sonarqube? Right now I am trying both the sonarcloud.io version and the one where I need to download the SonarQube and the approprate scanner to my machine and test. But in the cloud virsion I need to clone the reprositories mentioned above and push them in my reprositories or in the other alternative I need to clone the reprository to my maschine and test. In both cases it works. But I am wondering if there is a better methode to test those open source softwares from GitHub.

Thankyou very much

Jeff_Zapotoczny · November 23, 2020, 7:10pm

Hello 167179, welcome to the SonarSource Community!

Many popular open source projects are already analyzed on SonarCloud; chances are for many of these you don’t need to do anything. For example, the Apache foundation projects are there. Explore and search first before deciding if you need to do anything; open source projects are always publicly visible within SonarCloud.

167179 · November 26, 2020, 4:25pm

Thank you for your respond! Indeed I found some of them like OpenSSL. For example -->

when I try to test the same programm this happens

Can some one help me in this regard?
The documentation says that C is not supported language. But as we can see in the above picture it was analyzed. But when I try it doesn’t. Can some one help me here?

sodul · November 26, 2020, 4:59pm

C/C++ are a special case as they cannot be analyzed through static analysis alone. In order for Sonar to be able to understand the code, it has to be compiled with a wrapper that will generate a report. Only then the sonar scanner can read the C/C++ code with the help of the report.

The sonar GitHub action claims that it cannot analyze C/C++ project and that you have to use TravisCI. I think it is just a lack of instructions as there is no reason for this to not work on GitHub Actions.

We have a private C/C++ repo that compiles on Windows through GitHub actions. We do plan on making it to work, but we just got started into the investigation. Most likely we will have to download the wrapper, capture the output file, then pass it to the sonar scanner stage.

Jeff_Zapotoczny · November 30, 2020, 7:32pm

Yes, exactly as Stephane said, you’ll need to use the build-wrapper to analyze such a project; you can find the documentation specifically for C-family project analysis here.

sodul · January 5, 2021, 1:24am

We were able to make this work so we have posted instructions on how to run C/C++ analysis for Windows GitHub Actions: