CodeNarc has 346 rules, but the Sonar Groovy plugin (which utilizes CodeNarc) only uses 59 of those rules.
I need to add more rules in Sonar to the Groovy analysis. How can I do this?
Thanks
I think you are talking about the default quality profile of the Sonar Groovy Plugin which indeed activate only 59 rules by default (as you can see on nemo (public instance of SonarQube analyzing open source projects))
The other rules of CodeNarc would be available in the rules section. You can see them by filtering by language and rule repository : http://nemo.sonarqube.org/coding_rules#languages=grvy|repositories=grvy
To use them you need to activate those rules in a quality profile and set it for your project : see the documentation of quality profile for this.
Related
I am working on static Groovy scripts analysis. Only tool I've found is CodeNarc, but how can I edit rulesets, without editting CodeNarc.jar?
I am calling CodeNarc from command line:
java -classpath "binary-tools/CodeNarc/groovy-all-2.4.6-jenkins-1.jar:binary-tools/CodeNarc/CodeNarc-1.0.jar:binary-tools/CodeNarc/log4j-1.2.17.jar:binary-tools/CodeNarc/slf4j-api-1.7.2.jar:binary-tools/CodeNarc/slf4j-jdk14-1.7.2.jar" org.codenarc.CodeNarc -rulesetfiles="rulesets/basic.xml,rulesets/generic.xml,rulesets/logging.xml,rulesets/dry.xml,rulesets/serialization.xml"
I see that I can specify which rulesets form INSIDE CodeNarc I can use, I'd like to disable single rules from given ruleset. How to do it?
Depending on what you are using to manage the jar, there should be a configuration option available to set the rules. The location will vary depending on the configuration in gradle, etc. You can see more at http://codenarc.sourceforge.net/codenarc-configuring-rules.html I highly recommend configuring the ruleset to your preferences as some rules are better for certain types of groovy projects than others. If you add some info about your project type (grails, spring boot, etc) and your build system(gradle, maven, etc), I can provide more specific help.
Is it possible to get the list of groovy rules the way we can get java sonar rules via https://sonarcloud.io/api/rules/search?languages=java webservice
Groovy Plugin is not installed on SonarCloud. Just install SonarQube locally, install the Groovy Plugin and navigate to the Rules page of your local instance (and/or obtain rules via the WebAPI).
I am using SonarQube v5.1.2 with Groovy plugin 1.0.1. I have been trying to find a way to have the Afferent and Efferent coupling metrics displayed for our Groovy and Grails based project, but in vain.
From the official documentation of Groovy plugin for SonarQube the below is quoted:
It leverages CodeNarc to raise issues against coding rules, Gmetrics for cyclomatic complexity and Cobertura or JaCoCo for code coverage.
Source: Groovy SonarQube Plugin
But in the official website for GMetrics, its mentioned that Afferent and Efferent coupling can be computed:
GMetrics Afferent Coupling Metrics
and
GMetrics Efferent Coupling Metrics
However, I dont find it anywhere in SonarQube. Is there anyway by which it can be displayed in v5.1.2?
I found the below link in which it has been described how to display it in SonarQube 3.7, but its not available anymore in 5.1.2.
Afferent and Efferent coupling in SonarQube 3.7
Am I missing out on something in here?
The sonar groovy plugin (last released version is 1.2) only computes files-related metrics. Package measures are not handled. Consequently, Afferent Coupling and Efferent Coupling metrics are currently ignored, although we are indeed using GMetrics.
For the time being, you then unfortunately won't be able to display these metrics for your projects.
I created the following ticket in order to integrate these values: SONARGROOV-43
I'm getting started with sonarqube (Version 3.7.2) and have installed
the Security Rules [securityrules] plug-in (version 0.3.2).
After deploying the plugin it seemed to activate OK (see Evidence for Successful Plugin Activation, below). I re-analyzed my project and then went to the dashboard, but i could not see
the 'security defects' icon which (according to this document: http://docs.codehaus.org/display/SONAR/Security+Rules+Plugin) is supposed to appear.
I was planning on using that 'view' to drill into a view of only security related issues.
My question is:
is there any other way to do this filtering (besides the security defects widget?)
is there any reason why that widget would not show up.
I understand the securityrules plugin is deprecated for later versions of sonar, but i'm using an older version which should be compatible.
Evidence for Successful Plugin Activation
after restart the plugin appears in the list of 'Installed Plugins' In the Update Center.
In 'sonar.log' i see this statement:
2014.12.17 07:35:57 INFO o.s.s.p.PluginDeployer Deploy plugin Security Rules / 0.3.2
thanks in advance !
-chris
You can create a quality profile which contains only rules of the security plugin. Then you execute the analysis with that profile.
The answer turns out to be very simple. After activating the plug-in I needed to configure the dashboard for the project i am analyzing so the security widget is added. This page describes the mechanics: http://docs.sonarqube.org/display/SONAR/Customizing+Dashboards
I am writing an eclipse plugin which needs to support features from the Groovy eclipse plugin.
The Groovy website talks about Groovy eclipse plugins, and Groovy compiler support within eclipse and maven, but I did not find anything similar to what I need to do here.
If I look at the list of available plugin dependencies, I see a number of them:
How can I enable some discovery mechanism or otherwise, in order to install the Groovy plugin after the installation of my plugin completes?
Which plugin can I add as dependency to achieve this? Or should I have to individually add all of them?
If you want to add single plug-ins you can easily do that in the Manifest-Editor of your plug-in. If you need to add a dependency to a feature, you need to create a feature for your own plug-in and add the additional feature dependency in the feature-Editor.
To find out which groovy plug-ins are required to add the "groovy compiler support", I suppose you must rather look at the groovy features in your installation. Usually complex features like a compiler or the like are grouped within a feature.
Add on:
I think the discovery mechanism is already integrated in p2.
I suppose these plug-ins are part of a feature. Find this feature and add that to your product.
For stability I would recommend to add the specific plug-ins to your product/feature. That way you can be sure, people are using the exact version you proposed in your implmentation.