Our large organization has given me (the dev team lead) extremely limited access to our organizations sonarcloud.io website via our orgs SSO. We have “paid plan (legacy)”. I don’t have any admin rights.
Our team has several maven/spring boot java applications and bit bucket repos. Our organisation has only put one of our repos into the UI, and when I open it it says “this project has not been analyzed yet” and “you do not have permission to execute analysis for this project”. Most of our other repos are not in the UI. We hope we can still test them locally on dev machines via maven.
The documentation says to use the web UI to take you through the steps to setup CLI based analysis, but we have no access rights to do this (as per above permissions message).
This page:
Seems to have instructions on using maven, but there are two issues:
-
it requires 4 separate keys. Where do we get these? The instructions mention myaccount->security which you can generate a named token. We would guess this is either the 3rd or 4th required token mentioned in the docs below:
your project key
your organistion key
your personal access token.
myAuthenticationToken -
it appears the only way to run the tests is via maven command line (below) which includes at least three keys. We want this to be part of the maven test goal, and not require keys etc. so our developers can run it easily on their PCs. If they have to run a separate goal with parameters which have to be looked up each time they will never bother unfortunately.
$ mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-Dsonar.token=
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.organization=
-Dsonar.projectKey=
-
can we test any of our local java projects or only those for which the bitbucket repo appears in the sonarcloud.io website?
-
What is the purpose of having a repo in the website? E.g. does running the tests locally or on a build server send the results up to the website?
-
we only want to run the bug finding type tests, not the coding standards type tests (as the latter requires too much time to setup to avoid false positives etc). is this possible, and how might we go about this?
-
is there a hello world type document we can look at to get up and running?
-
if our total code base is less than 50k, and we dont need AI stuff, are we better off with the free version, given we have very limited rights to the paid version, and our individual developers are unlikely to be given access? We understand that sonarqube can hookinto bitbucket PRs, but this is unlikely to be allowed by our organisation.
-
is there any support for intellij and eclipse?