Is there a way to run sonar on projects without using the repository?

Question

In a recent sonar test, we found over 30k total violations in our projects. I was told to spend some time to look over all of the blocker/critical violations and fix them accordingly. I was told by my mentor that to run sonar on the projects again, I would have to first commit the changes I made. And because I am an intern they don't want to do that. Is there any another method besides committing the changes and run sonar?

I am using Intellij and the projects are mavenized, if that helps with anything.

score 22 · Accepted Answer · edited Mar 04 '15 at 19:00

22

Yep, set up a local Sonar server by following the instructions at http://docs.sonarqube.org/display/SONAR/Installing

Once you've done that you can view all your projects at localhost:9000 by doing mvn sonar:sonar. It's not necessary to install a build server, so long as your projects are maven-enabled you should be able to just do mvn sonar:sonar whilst a local sonar server is running.

You can also install the eclipse plugin (if you use eclipse) which will allow you to do realtime code analysis - so you can see when you've managed to solve a violation. Violations are highlighted directly in the code as well which helps considerably.

http://docs.sonarqube.org/display/SONAR/SonarQube+in+Eclipse

edited Mar 04 '15 at 19:00

schnatterer

7,525
7
61
80

answered Feb 07 '12 at 17:38

alex.p

2,627
17
28

i did the installation using localhost:9000, when i do "mvn sonar:sonar" it always fails with this error "". i also tried the eclipse plugin, i installed maven and the sonar plugins for eclipse. when i tried that, i got stuck on linking the projects to sonar server, it asked for the groupId which im not sure what it is. – iCodeLikeImDrunk Feb 07 '12 at 20:18
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-dependency-plugin:2.3:unpack (unpack-pinkcommon-tools) on project pinkcommon-ejb: Error unpacking file: C:\cygwin\home\trunk-sonar\webapps \pinkcommon\pinkcommon-tools\target\classes to: C:\cygwin\home\trunk-sonar\webapps\pinkcommon\pinkcommon-ejb\target\classes [ERROR] org.codehaus.plexus.archiver.ArchiverException: The source must not be a directory. – iCodeLikeImDrunk Feb 07 '12 at 20:19
Well the groupId is in your pom, should be somewhere near the top within the tags. That should be the pom that you're running sonar:sonar on. With little info to go on I can't isolate where you're getting the error from but you can always try running mvn clean install sonar:sonar on the subprojects rather than the parent project to see if that works and possibly isolate the problem. – alex.p Feb 07 '12 at 21:09
webapps com.otc.web 1.73.1-SNAPSHOT com.otc.web otciq 1.73.1-SNAPSHOT pom well this is in my pom, so i input com.otc.web as groupId and otciq as artifactId right? – iCodeLikeImDrunk Feb 07 '12 at 21:27
stupid thing just wont work lols, imma use what sajan said(pmd), its tedious but it gets the job done for now, thanks!!! – iCodeLikeImDrunk Feb 07 '12 at 21:51

score 21 · Answer 2 · answered Dec 19 '19 at 06:02

Running SonarQube server with docker may help.

Install sonarqube server

docker pull sonarqube

Run server

docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube

Resume container when stopped

docker start sonarqube

Install SonarScanner

Download and install SonarScanner from scanner here.

Basic Configuration

Create a file named sonar-project.properties insider your project directory with following contents.

sonar.projectKey=YourProjectKey
sonar.projectName=YourProjectName
sonar.projectVersion=1.0
sonar.sources=.

Run Analysis

cd /to/project/path
sonar-scanner

Access Results

open http://localhost:9000 in browser.

login with default username & password (admin, admin).

References

It's actually a really nice and concise instructions/steps to get things up and running. Given that original question and answer are almost 5 years old, I highly suggest this option instead. Thank you Rashi — Mohamed El-Beltagy, Sep 15 '20 at 19:47
See https://medium.com/bb-tutorials-and-thoughts/setting-up-sonarqube-on-your-local-machine-for-nodejs-projects-85e101675f7b for more detailed info — HelloWorld101, Aug 25 '22 at 14:45

score 3 · Answer 3 · answered Feb 07 '12 at 17:37

3

Sonar internally uses plugin like PMD, Checkstyle etc. You can install PMD or checkstyle plugin for eclipse and it will show all the potential violations. It will be useful for you to see how far you have fixed the problems before you checkin

answered Feb 07 '12 at 17:37

Sajan Chandran

11,287
3
29
38

will either of them find similar violations to sonar? – iCodeLikeImDrunk Feb 07 '12 at 20:26
Yes, both of them exactly find similar voilations. – Sajan Chandran Feb 07 '12 at 20:33
man, this is picking some violations like sonar, but its a lot of back and forth from intellij then sonar then eclipse lols, thanks!!! – iCodeLikeImDrunk Feb 07 '12 at 20:40
1 more question, does pmd have any sort of keyboard shortcuts? cause rightclicking then selecting pmd gets tedious when i got about 5k BLOCKER violations :( – iCodeLikeImDrunk Feb 07 '12 at 20:44

score 2 · Answer 4 · answered Dec 04 '19 at 12:26

2

You can use SonarLint. You can configure it with your IDE, and give it access to your SonarQube or SonarCloud, and configure each project to use the Quality Profiles used in your Sonar instance. So your IDE will show code smells, etc. while you code.

answered Dec 04 '19 at 12:26

Pasan Sumanaratne

795
6
13

score 0 · Answer 5 · answered May 16 '22 at 16:29

0

You can install a SonarLint VSCode extension if you use VSCode.

answered May 16 '22 at 16:29

Mistico

231
3
4

score 0 · Answer 6 · answered Feb 07 '12 at 17:33

0

You could install hudson + sonar locally in your machine and run it every time that you want to, no need to commit code.

You will need to expend quite some time setting up stuff, but there is a lot of good documentation to do so.

answered Feb 07 '12 at 17:33

Alberto Gutierrez

1,588
7
9