Mode 1: Your SonarQube tool is already existing
This mode assumes that you have already installed and set your own SonarQube body. Thanks to this, Themis will question direct SonarQube and the update of the data of Themis will be performed after your usual SonarQube analysis.
Seek in the Administration > Projects part, open the listing of the sources of the involved project, then the listing of plugins and finally, click on the Add a plugin button:
In the settings window, select the Technical debt practice and the external Linter - SonarQube type of plugin. You have to then configure the following fields:
- Url: Indicate here the url of your SonarQube body
- Key of the project: It acts with the single identifier of a project in SonarQube. This identifier is accessible on the view dedicated to the project in the right part:
- User/Password: Inform here the SonarQube identifiers with a administrator priviledges (see below)
- Extensions to exclude: You may here list several extensions of file, separated by commas, in order for Themis to not take into account theses files.
Themis uses in its analysis the dates of last execution of SonarQube. This point is significant because it allows to Themis to exclude from its calculation the commits that take place after the beginning of the SonarQube analysis and reduce thus the risk of false positives. The Web services offered by SonarQube and allowing to access to this information require administrator priviledges. It is for this reason that identifiers are asked.
Supported versions of SonarQube
Currently, this plugin is compatible from SonarQube version 4.5.2 to version 7.3.
Mode 2: Themis does the SonarQube anaysis
This mode concerns you in the case where you do not have already deployed SonarQube tool, or else if you wish to devolve the analysis of code to Themis.
Themis will not deploy it self a SonarQube server. If you wish to deploy a SonarQube server, you may follow the official documentation. You may also deploy the tool via Docker. Here is for example a service that you may add in your Docker Compose configuration of Themis:
sonarqube: image: sonarqube:6.7.5 container_name: sonarqube ports: - 9000:9000 - 9001:9001
This example of configuration does SonarQube without relational databases to persist the data. It is therefore adapted for small volumes of data (a few sources). Beyond, a configuration more comprehensive will be necessary, and the launch of analysis in an continuous integration is advocated.
We recommend you then to check the installation of plugins in SonarQube via the Marketplace. A plugin allows the care of a particular programming language.
Themis will then take charge the analysis of code via the sonar-scanner utilitarian.
Prepare then your source by activating the "embedded Linters" mode, then by adding a sub-plugin for "Embedded-Linter - SonarQube". In the configuration parameters, inform for the following fields:
- URL: the address of the SonarQube body
- The administrator credentials (by default, admin/admin).
- The sources to analyze. Listing of the source code repositories to take into account in the analyis, separated by commas. By default, the root of the repository.
- Exclusion of files: Listing of grounds of way of files to exclude, separated by commas.
- Inclusion of files: Listing of grounds of way of files to include, separated by commas. If this parameter is present, only the files matching the ground will be taken into account.
More information on the official documentation.