Using sonarqube-scan pipe in Bitbucket for C++ projects

thisara · December 9, 2021, 3:29am

Hello All,

I’m decorating my Bitbucket repository pull requests with sonarqube. So far I have been successful in integrating it for Go & python projects. I have been struggling to do the same for C++ and would be grateful for any suggestions/ advise given.

Steps:

Created a Toy C++ project which I can analyze in my local machine using build-wrapper & sonar-scan.
Trying to do the same in bit bucket pipelines. Refer the yaml attached.
bitbucket-pipelines.yml.txt (1.4 KB)
I have a Sonarqube server with self signed certificate. So I have created a docker container installing my cert on top of sonarqube-scan. It is working sucesfully for Go & python & this should be the same for C++.
When running the pipeline on bitbucket for my toy project I’m getting below error.

01:25:18.208 WARN: Invalid probe found, skip analysis of files: [/opt/atlassian/pipelines/agent/build/test.cpp]
The compiler probe 'stdout' is expected to contain at least one '#define' directive:
01:25:18.209 INFO: PCH: unique=0 use=0 (forceInclude=0,throughHeader=0,firstInclude=0) out of 0 (forceInclude=0,throughHeader=0)
01:25:18.209 INFO: SE: 0 out of 0
01:25:18.209 INFO: Z3 refutation rate: 0 out of 0
01:25:18.209 INFO: Subprocess(es) done in 26ms
01:25:18.210 INFO: 0 compilation units analyzed
01:25:18.234 INFO: ------------------------------------------------------------------------
01:25:18.234 INFO: EXECUTION FAILURE
01:25:18.234 INFO: ------------------------------------------------------------------------
01:25:18.235 INFO: Total time: 1:21.277s
01:25:18.317 INFO: Final Memory: 26M/97M
01:25:18.318 INFO: ------------------------------------------------------------------------
01:25:18.318 ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: The "build-wrapper-dump.json" file was found but 0 C/C++/Objective-C files were analyzed. Please make sure that:
  * you are using the latest version of the build-wrapper and the CFamily analyzer
  * you are correctly invoking the scanner with correct configuration
  * your compiler is supported
  * you are wrapping your build correctly
  * you are wrapping a full/clean build
  * you are providing the path to the correct build-wrapper output directory
  * you are building and analyzing the same source checkout, absolute paths must be identical in build and analysis steps

full log:
pipelineLog-25.txt (60.2 KB)

As per my understanding I’m runing the build-wrapper & sonar-scanner in the same directory. I’ve been reading other posts but could not find a solution. Any help is highly appreciated.

Thanks,
Thisara

mpaladin · December 9, 2021, 8:26am

Hi @thisara ,

as stated in the documentation the sonar-scanner docker image is not supported for C++:

The Build Wrapper collects information about the build including absolute file paths (source files, standard headers, libraries, etc…). Later on, SonarScanner uses this information and needs to access those paths. Whereas this is straightforward while running these 2 steps on the same host, it is worth some consideration when using any sort of containerization. A consequence of this is that C / C++ / Objective-C analysis is NOT supported by SonarScanner CLI Docker image.

The analysis should be done in the same environment as the build, the analyzer needs to access all files used during build.

thisara · December 10, 2021, 5:22am

Hi Massimo,

Does that mean I can’t analyze the code using Bitbucket pipelines for C++ projects?

mpaladin · December 10, 2021, 10:13am

Hi @thisara ,

You can use bitbucket pipelines, you just have to use the normal sonar-scanner: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/.

thisara · December 11, 2021, 5:25am

Thanks for your reply. I think my confusion was due to the example provided by the sonarqube server when setting up a CI. According to you, can I say that below guide is incorrect as it asks to build the source using containerized sonarscanner?

mpaladin · December 13, 2021, 9:24am

Hi @thisara ,

indeed, that is not correct, I am going to report it back to the SonarQube team, thank you for sharing it!

The master pipeline has been updated mentioning to use the normal sonar-scanner for C/C++/Objective-C:

NOTE: For projects using Maven, Gradle, .NET, C/C++ please execute a respective scanner directly instead of using this pipe:

For Maven see Scanner for Maven.

For Gradle see Scanner for Gradle.

For a .NET solution see Scanner for .NET.

For C/C++ code see analyzing C/C++ code.

system · December 20, 2021, 9:25am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.