If you couldn’t make the scheduled time, you can still watch the webinar on YouTube:
As usual, here are the questions participants asked:
gcc-linaro-6.5.0 compiler supported by SonarQube?
Compilers based wholly on GCC, including Linaro GCC are supported. You can see the full list of supported compilers at https://www.sonarqube.org/cpp/.
Is it possible to use the build-wrapper with compiler caches like ccache or buildcache?
build-wrapper works with ccache.
Are Conan-packages supported? Can I simply wrap
We haven’t tested this, but theoretically it should work. If you find that it doesn’t, please start a new thread here in the community.
How can I select the coding standard (C++XX)?
It is automatically detected from the build command data build-wrapper gathers.
Which unit test code coverage tools do you support?
The documentation includes the full list of coverage tools across all languages.
Is there a sample project to refer to for build setup for analysis?
Yes! Here you go : https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner-build-wrapper-linux
Should I use SonarScanner for MSBuild or SonarScanner CLI for static analysis for VisualStudio?
If your project is a mix of C++ and C#, you should use SonarScanner for MSBuild. It’s the only scanner that properly handles C# code. Otherwise, you should default to SonarScanner CLI. In both cases you must also use the build-wrapper to gather your C++ configuration data.
What if you don’t support my specific compiler or its syntax? What about integrating the build-wrapper for easier Azure DevOps analysis?
We periodically expand our compiler/build support. Please create a new ‘New features’ thread with your specific request so others can vote for it. We use these threads to help us prioritize new features.
What are the options if you’re using a homegrown build and source control system, not Git or another standard SCM?
The use of an SCM is a programming best practice but not strictly required for analysis. We use SCM data to identify which lines and issues are “new”, and to correctly assign issues. Without SCM data, we identify new lines and issues on a best-effort basis.
Is pull request analysis supported only for C++ or for other languages as well?
Analysis is always fully multi-language. Pull request analysis is supported equally for all languages across the supported ALMs: GitHub, GitLab, Azure DevOps, and BitBucket Server.
Do you support AUTOSAR?
AUTOSAR was developed because MISRA C++ had not progressed since 2008. Now that the MISRA standard is being updated, AUTOSAR & MISRA have announced that they’ve merged.
As a consequence, we have no plan to address AUTOSAR. We’ll be focusing instead on the next version of the MISRA standard.
Do you support all MISRA rules?
Currently we don’t cover all of them, but we are continuously improving our MISRA coverage
Can I write my own rules and have them run by SonarQube?
Sorry, we don’t support custom rules for C++.
Are there limitations in the free C++ SonarLint plugin for VStudio?
Security Hotspots are not raised in SonarLint. Additionally, a few rules that require a view on the full project to make sense (for instance detecting unused functions) are also excluded, because SonarLint works on a file-by-file basis. All other issues raised by SonarQube will be raised in SonarLint as well, without restriction.
My IDE doesn’t seem to be supported. When will you add it?
It’s in our plans to support C++ in VSCode. If there’s another IDE you’d like to see us support, please create a new ‘New features’ thread with your specific request so others can vote for it. We use these threads to help us prioritize new features.
SonarCloud is free for open-source C++ projects, right?
What edition do I use to analyze C++ code on-prem?
C++ analysis is fully supported in SonarQube Developer Edition.
How big a server do I need for a typical installation?
This really depends on your volume of code and analyses, but we do provide some recommendations for server requirements here and here in the documentation.
Additionally, you’ll want to make sure your CI agent is robust enough to deliver analysis results in a timely manner. Additionally, you may want to make sure you have the resources to configure multi-threaded analysis.
Could you expand on how the licensing by lines of code works?
Our commercial editions are priced per instance per year and based on your lines of code (LOC). LOCs are computed by summing up the main/program LOCs of each project analyzed. The LOCs used for a project are the LOCs found during the most recent analysis of this project. If you start using the branch analysis feature, then the counted LOCs of a project will be the ones of the biggest branch of that project.
As an example, if you have a 100-LOC project, and you analyze it once a day for 100 days, for licensing purposes that’s a total of 100 LOC.
For more detail on the pricing tiers for Developer Edition, please see: https://www.sonarqube.org/trial-request/developer-edition/
I’m ready to get started! Now what?
Request a free, 14-day trial license for Developer Edition.
Still have questions?
If you have general questions about product features, open a new thread here the community. We’ll be glad to see you!
For questions about commercial editions, including pricing or trial licenses, try one of these:
For other commercial questions, contact us here.