Why does SonarQube need to compile the code?

I have read that sonarqube needs some compilation artefacts to make a complete analysis, what kind of analysis does it perform in addition to test coverage of course?
Is it recommended to use the same compiler used for production or are the analyses it performs independent?

My project is cross-platform and uses the c-lang compiler in particular I develop on windows with clang-cl which does not seem to be supported by sonarqube, while CI uses cl for windows, linux and mac.

What configuration do you suggest I use?

Thank you

Hello @paolo.ghini and welcome to our community.

Compiling the code is not a strict requirement for C and C++ analysis and we do not need any sort of artifact. Let me explain.

In order to properly analyze your code, we need to know what are the predefined macros and what are the include files to use.
There are 2 alternatives to configure your C and C++ analysis to provide this information.

  • You can use the build-wrapper around your clean build command. It will intercept all the calls to your compiler and get the required information from each command line. This indeed requires a clean build. Though, you can still use object caching with ccache to speed up the clean build.
  • You can use a compilation database which is a file where the command lines to the compilers are specified. This can be generated by multiple 3rd party tools like CMake. It does not require building the project but the compilation database should be kept in sync with the way the project is built.

You can find detailed explanations in the C and C++ help in SonarQube. It also points to examples of both configuration mechanisms.

A post was split to a new topic: C or C++ analysis for 3 operating systems

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.