Use Sonarqube with sonar-cxx

Installation

Download SonarQube from https://www.sonarqube.org/downloads/
- If you are using Java 8, you need to download SonarQube 6.7.x LTS (look for Historical Downloads on the website)
- If you are using Java 11 - SonarQube 7.9.x LTS (look for Long term support area on the website)
Unpack the SonarQube ZIP file
Download the latest sonar-c-plugin.jar and sonar-cxx-plugin.jar from https://github.com/SonarOpenCommunity/sonar-cxx/releases
Insert both jar files into the SONARQUBE_HOME/extensions/plugins extensions directory (within the unpacked ZIP file)
Start SonarQube and Login
- On Windows 10, e.g. via SONARQUBE_HOME/bin/windows-x86-64/StartSonar.bat
- Go to http://127.0.0.1:9000 as soon as "SonarQube is up" is announced
- Default login is user admin, password admin
Navigate to Administration -> Marketplace and make sure the plugins "C (Community)" and "C++ (Community)" are installed

Configuration - General

Additional configuration can be done under Administration -> Configuration -> General Settings within the "C (Community)" and "C++ (Community)" areas

Configuration - Quality Profiles

You need to enable for which kinds of problems both plugins should scan. This needs to be done initially, as otherwise they will not detect anything by default.
Example for C (Community)
- Go to Quality Profiles, click on the downwards arrow next to the "Sonar way (Built-in)" profile within the "C (Community)" area. Click Copy. Give it a catchy name, like "Sonar way - C"
- A new quality profile pops up, you see the Rules (Bugs, Vulnerabilities, Code Smells) in the left table. You can click "Activate more". In the next table, you see the rules sorted by the same types. You can click all three types on the left side and mark them this way - if you want and then click on "Bulk Change" and "Activate In "Sonar way - C"" to activate all rules within our newly created Quality Profile. You have to acknowledge the change and SonarQube will report back as soon as the changes are done.
- You can now navigate back to Quality Profiles, click on the downwards arrow next to the "Sonar way - C" profile within the "C (Community)" area and click on "Set as Default".
- With this change, your newly created profile will now be used for the next scans.

Prepare first scan of C Code

Download SonarScanner from https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
Unpack the SonarScanner ZIP file, move the folder to an easy to reach destination, e.g. D:\
Within the source project folder you want to scan, create a file called "sonar-project.properties" with following content:

# must be unique in a given SonarQube instance
sonar.projectKey=TestApplication
# defaults to 'not provided'
#sonar.projectVersion=1.0
# Path is relative to the sonar-project.properties file. Defaults to .
sonar.sources=.
#----- Default SonarQube server
#sonar.host.url=http://localhost:9000
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
# project is c, please scan with c plugin (one needs to be enabled)
sonar.language=c
# project is c++, please scan with c++ plugin (one needs to be enabled)
#sonar.language=c++

First scan of C Code

Open up a shell within the project folder with the sonar-project.properties file
Within this shell, execute SonarScanner by starting its sonar-scanner exectubale, e.g. "D:\sonar-scanner-4.5.0.2216-windows\bin\sonar-scanner.bat"
The scanner will now work through the project and once its done, send the data to the SonarQube server, where it will be computed and shown as project

More infos

Upgrade SonarQube 6.7 to 7.9

That was surprisingly easy: Just swaped the "sonarqube:6.7-community" for the "sonarqube:7.9-community" image entry in my docker-compose.yml and restarted the Docker container. Upon boot, the container restarted due to an error:

ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

This could be resolved by executing sudo sysctl -w vm.max_map_count=262144 on my Ubuntu 18.04 LTS / Docker Host. After another restart of the container, it worked and I could start the update using a webbrowser under http://IP:9000/setup

(also add the option vm.max_map_count=262144 to the /etc/sysctl.conf)

SonarQube 6.7 Community with Postgres 9.6 in Docker on Ubuntu

This is a very quick install for SonarQube on Ubuntu 18.04 LTS. I presume you got the latest Docker CE 18.09 and docker-compose 1.24 installed.

# create folders for sonarqube files and postgres
sudo mkdir -p /var/sonarqube/{conf,data,logs,extensions}
sudo chown -R 999:999 /var/sonarqube
sudo mkdir -p /var/sonarqube/postgres
# make folder for all Docker files in home
mkdir ~/sonarqube
cd sonarqube
# create docker-compose.yml with following content
version: '3.1'
services:
  db:
    image: postgres:9.6-alpine
    restart: unless-stopped
    volumes:
      - /var/sonarqube/postgres:/var/lib/postgresql/data
    environment:
     - POSTGRES_USER=sonar
     - POSTGRES_PASSWORD=sonar

  sonarqube:
    image: sonarqube:6.7-community
    ports:
      - 9000:9000
      - 9092:9092
    restart: unless-stopped
    volumes:
      - /var/sonarqube/conf:/opt/sonarqube/conf
      - /var/sonarqube/data:/opt/sonarqube/data
      - /var/sonarqube/logs:/opt/sonarqube/logs
      - /var/sonarqube/extensions:/opt/sonarqube/extensions
    environment:
      - SONARQUBE_HOME=/opt/sonarqube
      - SONARQUBE_JDBC_USERNAME=sonar
      - SONARQUBE_JDBC_PASSWORD=sonar
      - SONARQUBE_JDBC_URL=jdbc:postgresql://db/sonar
# launch 
docker-compose up -d

You can then access your SonarQube instance on http://<ServerIP>:9000 with the credential admin/admin.

Migrate SonarQube from MySQL to PostgreSQL

For checking the quality of my private programming code, I have been using the free edition of SonarQube for multiple years. It is actually a cool project with a massive flaw: They did allow to use MySQL as Database - but not MariaDB. This struggle kept me a bit at bay, as I parted with MySQL years ago - with this one exception.

Some days ago I then stumbled upon the anouncement of SonarQube that did not fix this long-standing issue, but will be parting completly from MySQL. So the only choice would be to migrate to Oracle, MS SQL or PostgreSQL.

They even provided a tool called mysql-migrator for this purpose. However, this did not work. It always kept on complaining that it could not detect the schema version, etc.

Long story short: If you want (or in my case must...) switch from MySQL to PostgreSQL, use pgloader, which is available as Ubuntu package - all infos here.

I just installed a fresh PostgreSQL 9.6 in Docker, bundeled it with the postgres 9.6 alpine, fired it up and then migrated it with the following command:

pgloader mysql://<mysqluser>:<mysqlpassword>@<mysqlserverip>:3306/sonar pgsql://<psqluser>:<psqlpassword>@1<psqlserverip>/sonar

Due to all things Docker, one had to play a bit around with the correct IPs, Ports and permissions to get the tool working, but once that was said and done, everything worked fine:

                    table name       read   imported     errors      total time
------------------------------  ---------  ---------  ---------  --------------
               fetch meta data        180        180          0          0.357s
                Create Schemas          0          0          0          0.001s
              Create SQL Types          0          0          0          0.004s
                 Create tables        106        106          0          2.842s
                Set Table OIDs         53         53          0          0.015s
------------------------------  ---------  ---------  ---------  --------------
            sonar.active_rules       1993       1993          0          0.116s
  sonar.active_rule_parameters        268        268          0          0.107s
             sonar.ce_activity          1          1          0          0.074s
      sonar.ce_scanner_context          0          0          0          0.040s
           sonar.ce_task_input          0          0          0          0.025s
     sonar.analysis_properties          0          0          0          0.157s
      sonar.duplications_index          0          0          0          0.020s
                  sonar.events        349        349          0          0.173s
                  sonar.groups          2          2          0          0.330s
             sonar.group_roles         12         12          0          0.433s
                sonar.ce_queue          0          0          0          0.033s
                  sonar.issues       7508       7508          0          1.546s
 sonar.ce_task_characteristics          0          0          0          0.029s
       sonar.default_qprofiles          9          9          0          0.162s
                sonar.es_queue          0          0          0          0.143s
            sonar.file_sources        500        500          0          1.733s
        sonar.loaded_templates         13         13          0          1.498s
                 sonar.metrics        246        246          0          1.564s
           sonar.organizations          1          1          0          1.744s
           sonar.org_qprofiles         26         26          0          1.722s
   sonar.perm_templates_groups          4          4          0          1.724s
            sonar.groups_users          3          3          0          1.283s
sonar.perm_tpl_characteristics          0          0          0          1.673s
                sonar.projects        542        542          0          1.850s
     sonar.internal_properties          2          2          0          1.384s
           sonar.issue_changes        501        501          0          1.522s
         sonar.manual_measures          0          0          0          1.306s
           sonar.notifications          0          0          0          1.297s
    sonar.organization_members          2          2          0          1.504s
           sonar.project_links          0          0          0          1.532s
    sonar.permission_templates          1          1          0          1.453s
       sonar.project_qprofiles          0          0          0          1.483s
    sonar.perm_templates_users          0          0          0          1.417s
        sonar.qprofile_changes       2001       2001          0          1.616s
                 sonar.plugins         13         13          0          1.366s
     sonar.qprofile_edit_users          0          0          0          1.545s
        sonar.project_branches          3          3          0          1.356s
 sonar.quality_gate_conditions          4          4          0          1.353s
          sonar.rules_metadata       1763       1763          0          1.311s
        sonar.project_measures      35940      35940          0          1.792s
          sonar.rules_profiles         26         26          0          1.503s
       sonar.schema_migrations        495        495          0          1.369s
                   sonar.users          3          3          0          1.497s
             sonar.user_tokens          5          5          0          1.489s
              sonar.properties          8          8          0          0.941s
    sonar.qprofile_edit_groups          0          0          0          0.924s
           sonar.quality_gates          1          1          0          0.834s
                   sonar.rules       1866       1866          0          1.069s
        sonar.rules_parameters        278        278          0          1.021s
       sonar.rule_repositories         21         21          0          0.999s
               sonar.snapshots        280        280          0          1.047s
              sonar.user_roles          0          0          0          0.960s
      sonar.webhook_deliveries          0          0          0          0.942s
------------------------------  ---------  ---------  ---------  --------------
       COPY Threads Completion          4          4          0          3.049s
                Create Indexes        127        127          0         22.308s
        Index Build Completion        127        127          0          1.460s
               Reset Sequences         33         33          0          0.051s
                  Primary Keys         51         51          0          0.051s
           Create Foreign Keys          0          0          0          0.000s
               Create Triggers          0          0          0          0.001s
              Install Comments          0          0          0          0.000s
------------------------------  ---------  ---------  ---------  --------------
             Total import time      54690      54690          0          8.412s

[Docker] Upgrade Sonarqube from 5.6 to 6.2

I just updated Sonarqube from 5.6 (LTS) to 6.2. Before that, I upgraded all my plugins in Sonarqube itself and made an backup of my installation and database. Then, I replaced image: sonarqube:lts-alpine in my docker-compose.yaml with image: sonarqube:6.2-alpine. I did an docker-compose up and it started, however, I had some errors so it just kept on restarting. Following this advice I then proceded to delete $SONAR_HOME/data/es/. I then restarted Sonarqube, which worked. I then pointed my Webbrowser to the URL of my Sonarqube Instance and added an /setup and allowed the Database Upgrade. After that, I had a working new Sonarqube instance :).

[Sonarqube] Use Sonarqube in IntelliJ / PhpStorm / etc.

Sonarqube is cool, as the generated results can not only be viewed via the web interface, but also via an plugin in IntelliJ or other Jetbrains IDEs. The installation is quite simple, you just need to download the latest plugin on this website: https://plugins.jetbrains.com/plugin/7238 and install it in the way described here: https://github.com/sonar-intellij-plugin/sonar-intellij-plugin. After that, you can easily hunt down and eliminate those errors :)!

[Docker] Sonarqube with Gogs/Drone to check software quality

Sonarqube is an really useful tool to check for different kind of errors in all kinds of programming languages. If you want to check out Sonarqube in a livedemo, just go over to https://sonarqube.com/. In the last two parts of my Docker series we created an gogs Git Repo as docker container and then went over to integrating gogs with drone (Version 0.4), an CI Build Server - also as Docker container. Today, we want to install Sonarqube as a tool to check upon our software quality, so that - as soon as we push an update to our gogs project, drone will execute an analysis using Sonarqube - which will give us information about different kind of errors and code quality.

# We will start by creating the needed folders:
sudo mkdir /var/sonarqube
sudo mkdir /var/sonarqube/data
sudo mkdir /var/sonarqube/extensions
sudo chown -R yourusername:yourusername /var/sonarqube
# Then we change our drone docker-compose.yml, so that drone and sonarqube will be started at the same time

sonarqube:
  restart: unless-stopped
  image: sonarqube:lts-alpine
  volumes:
    - /var/sonarqube/data:/opt/sonarqube/data
    - /var/sonarqube/extensions:/opt/sonarqube/extensions
  environment:
    - SONARQUBE_HOME=/opt/sonarqube
    - SONARQUBE_JDBC_USERNAME=sonar
    - SONARQUBE_JDBC_PASSWORD=sonar
    - SONARQUBE_JDBC_URL=
  ports:
    - "9000:9000"
    - "9092:9092"
drone:
  restart: unless-stopped
  image: drone/drone:0.4.2
  volumes:
    - /var/drone:/var/lib/drone
    - /var/run/docker.sock:/var/run/docker.sock
  env_file:
    - ./dronerc
  ports:
    - "8000:8000"
  links:
    - sonarqube

After that, we can start the service with docker-compose up -d and see Sonarqube on http://IPADDRESS:9000 (needs some time to load...).
To do an check of i.e. an Java Project, we need to write an new pom.xml file:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>com.example.appexample</groupId>
  <artifactId>appexample</artifactId>
  <version>1.0</version>

  <name>phpTest</name>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <sonar.language>java</sonar.language>
    <sonar.sources>src</sonar.sources>
    <sonar.exclusions>src/test/test.php, src/test/test/*</sonar.exclusions>
  </properties>

</project>

and we need a new .drone.yml

cache:
  mount:
    - /drone/.m2
build:
  main:
    image: maven:3-jdk-8-onbuild
    commands:
      - mvn sonar:sonar -Dsonar.host.url=http://IPOFTHESONARQUBESERVER:9000 -Dmaven.repo.local=/drone/.m2
      - echo "Sonarqube has been completed."
      - mvn clean install -Pcoverage -Dmaven.repo.local=/drone/.m2
      - mvn package -Dmaven.repo.local=/drone/.m2
      - mvn test -Dmaven.repo.local=/drone/.m2
      - echo "Build has been completed."
debug: true

And thats it :). Login into drone, activate your repo as valid CI repo and after that - with every push to that gogs repo, a new sonarqube analysis should be performed.