• This repository has been archived on 07/Jan/2021
  • Stars
    star
    165
  • Rank 228,906 (Top 5 %)
  • Language
    Java
  • License
    MIT License
  • Created about 9 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Stash (BitBucket) plugin, a pull-request decorator which allows to integrate SonarQube violations directly into your pull-request

SonarQube Stash (BitBucket) plugin

Important note

Version 7.7 of SonarQube dropped support for the extension point sonar-stash uses. This means this plugin can not work on SonarQube versions >= 7.7. Therefore the 1.6.0 release is the last feature-release of sonar-stash.

Build Status SonarQube Quality Gate Unit-Tests Overall Coverage SonarQube Reported Bugs SonarQube Reported Vulnerabilities Technical Debt

SonarQube is now a real reviewer! SonarQube Stash (BitBucket) plugin is a pull-request decorator which allows to integrate SonarQube violations directly into your pull-request.

Screenshot SonarQube plugin

After every run, in addition of the diff view, you may access to an overview of your SQ analysis:

Screenshot SonarQube plugin

Getting started

Prerequisites

  • Git client to checkout the code
  • Maven 3.0.5+
  • JDK 1.8+
  • SonarQube 6.7 (LTS) and 7.6
  • Stash (BitBucket) REST API 1.0 (3.x, 4.x)

Note: these are the versions where the plugin has been tested. Other versions may or may not work, YMMV.

To build the plugin

This command generates a jar file:

mvn clean package

To deploy the plugin

Just copy the sonar-stash-plugin jar file to the plugin folder of the expected SonarQube server and restart the SonarQube server. For instance, on Linux platform:

cp target/sonar-stash-plugin-1.0.jar $SONARQUBE_HOME/extensions/plugins

Configuration on SonarQube server

Go to Stash general settings screen on SonarQube server to fill:

Screenshot SonarQube plugin

Stash base URL (sonar.stash.url): To define Stash instance.

Stash base user (sonar.stash.login): To define user to push violations on Stash pull-request. User must have REPO_READ permission for the repository. Please notice Stash password needs to be provided to sonar-runner through sonar.stash.password on the commandline.

Stash user slug (sonar.stash.user.slug): If the user username contains special characters the API requires the use of a different slug.

Stash issue threshold (sonar.stash.issue.threshold): To limit the number of issue pushed to Stash.

Stash issue severity threshold (sonar.stash.issue.severity.threshold): Defines minimum issue severity to create diff-view comments for. Overview comment will still contain all severities. By default, all issues are pushed to Stash.

Stash timeout (sonar.stash.timeout): To timeout when Stash Rest api does not replied with expected.

Stash reviewer approval (sonar.stash.reviewer.approval): SonarQube is able to approve the pull-request if there is no new issue introduced by the change. By default, this feature is deactivated: if activated, Stash base user must have REPO_WRITE permission for the repositories.

Approval severity (sonar.stash.reviewer.approval.severity.threshold): Only approve the pull-request if no issues higher than this threshold are detected.

Include Analysis Overview Comment (sonar.stash.include.overview): Toggles whether a comment with overview information should be created.

Screenshot SonarQube plugin

Stash tasks severity threshold (sonar.stash.task.issue.severity.threshold): SonarQube is able to create tasks for all issues with a severity higher to the threshold. By default, this feature is deactivated (threshold: NONE).

Screenshot SonarQube plugin

Include existing issues (sonar.stash.include.existing.issues): Toggles whether already existing issues should also be reported.

Include Vicinity Issues Range (sonar.stash.include.vicinity.issues.range): Specifies in which area (in lines) around the current diff issues should be reported

Excluded Rules (sonar.stash.exclude.rules): Comma separated list of rules for which no comments should be created.

File names in overview comment(sonar.stash.overview.filenames): Amount of filenames listed in overview comments

How to run the plugin?

Plugin activation for an analysis

To activate the plugin, just add the following options to the SonarQube launcher (for instance with sonar-runner):

For SonarQube 5.2+:

sonar-runner -Dsonar.analysis.mode=issues \
	-Dsonar.stash.notification=true -Dsonar.stash.project=<PROJECT> -Dsonar.stash.repository=<REPO> \
	-Dsonar.stash.pullrequest.id=<PR_ID> -Dsonar.stash.password=<STASH_PASSWORD>...

Repository source configuration

To tell the plugin about the root directory of your repository use the sonar.stash.repository.root property. This is necessary to correlate the the file locations between SonarQube and Stash.

sonar-runner -Dsonar.stash.repository.root="$PWD" -Dsonar.stash.notification

Screenshot SonarQube plugin

Reset comments of previous SonarQube analysis

If needed, you can reset comments published during the previous SonarQube analysis of your pull-request. Please add sonar.stash.comments.reset option to your SonarQube analysis. Please notice only comments linked to the sonar.stash.login user will be deleted. This reset will be the first action performed by the plugin.

sonar-runner -Dsonar.analysis.mode=incremental -Dsonar.stash.notification -Dsonar.stash.comments.reset -Dsonar.stash.project=<PROJECT> -Dsonar.stash.repository=<REPO> -Dsonar.stash.pullrequest.id=<PR_ID> -Dsonar.stash.password=<STASH_PASSWORD>...

How to activate the coverage inside the pull-request

This functionality has been moved to its own plugin: https://github.com/AmadeusITGroup/sonar-coverage-evolution

Protect passwords

The plugin can also read the password from an environment variable. This is configured by setting sonar.stash.password.variable to the name of the environment variable to read. The prevents the password from leaking into the process table.

How to contribute

  • Before developing a major feature please open a ticket and announce it. Maybe the maintainers have strong opinions or useful hints about it.

  • Add unit and for major features integration tests.

  • Use the Google Java Style Guide for new development.

More Repositories

1

GraphDash

A web-based dashboard built on graphs and their metadata.
Python
283
star
2

Redis-Operator

Redis Operator creates/configures/manages Redis clusters atop Kubernetes
Go
168
star
3

Moire-Pattern-Detection

Jupyter Notebook
90
star
4

JumpSSH

Python module to run commands on remote servers through one or more jump servers.
Python
76
star
5

tansu

tansu is a lightweight, push-based state management library. It borrows the ideas and APIs originally designed and implemented by Svelte stores.
TypeScript
68
star
6

HttpSessionReplacer

Store JEE Servlet HttpSessions in Redis
Java
49
star
7

kanary

Go
40
star
8

otter

The Otter project is a highly modular framework whose goal is to provide a common platform to accelerate and facilitate the development of runtime customizable Angular based Web Applications
TypeScript
39
star
9

kubervisor

The Kubervisor allow you to control which pods should receive traffic or not based on anomaly detection.It is a new kind of health check system.
Go
35
star
10

NTP-Proxy

Two programs, which can be used for OS/application leap second immunity verification.
C
27
star
11

cPMML

cPMML is C++ library for scoring machine learning models serialized with the Predictive Model Markup Language (PMML)
C++
25
star
12

workflow-controller

Kubernetes workflow controller
Go
23
star
13

Kubernetes-Kafka-Connect-Operator

A kubernetes operator to deploy and auto-scale KafkaConnect Application.
Go
20
star
14

Assistive-Webdriver

Assistive-Webdriver is a tool to automate end-to-end web application tests with a screen reader.
TypeScript
19
star
15

cpubench1A

cpubench1a is a CPU benchmark program suitable to evaluate the CPU capacity of physical or virtual machines.
Go
15
star
16

amc

Collection of high performance C++ containers that can be chosen as drop-in replacements for std::vector and std::set
C++
13
star
17

protractor-to-playwright

Command line tool that automatically migrates tests from protractor to playwright.
TypeScript
13
star
18

CoreDumper

Clone of https://code.google.com/p/google-coredumper/ with enhancements by Amadeus
C
11
star
19

opsmancombo

Python class for MongoDB Ops Manager and Ansible module
Python
10
star
20

kassette

kassette is a development server, used mainly for testing, which proxies requests and is able to easily manage local mocks.
TypeScript
9
star
21

Colors-for-All

Colors-for-all enables you to easily check color contrasts and WCAG compliance (AA or AAA levels as defined by W3C) between specific colors in one shot ! This online application is available for UX/UI designers or any other people involved in digital accessibility.
TypeScript
8
star
22

unbreakable-branches-jenkins

Java
6
star
23

AutoSSL

Automated SSL certificates monitoring, renewal and deployment from blueprint
Python
5
star
24

cloud-cost-allocation

Python
5
star
25

H2O-to-PMML

Java
5
star
26

ngx-prefetch

Angular builder for prefetching resources before loading the application
TypeScript
5
star
27

Formula

C++
5
star
28

sonar-coverage-evolution

Report decreasing coverage to SonarQube
Java
5
star
29

oscad2

The Open Source Compliance Advisor is the interactive version of the OSLiC for enabling its requestors to use open source software compliantly.
SCSS
5
star
30

ContainerCoreInterceptor

Core_interceptor can be used to handle core dumps in a dockerized environment. It listens on the local docker daemon socket for events. When it receives a die event it checks if the dead container produced any core dump or java heap dump.
Go
5
star
31

asciidoctor-extension-apidoc

AsciidoctorJ inline macro for linking to Javadoc
Java
4
star
32

Accessibility.js

JavaScript
4
star
33

python-memoize

Project based on django-memoize. It is a memoization implementation technique used to cache functions' results with persistent storage in Redis.
Python
4
star
34

Anomaly-Detection-with-Gaussian-Mixtures

Scala
3
star
35

RedisCache

Python function decorator to cache the result in a Redis server.
Python
3
star
36

Time-Series-Library-with-Spark

Scala
3
star
37

python-jiffybox

API wrapper around the domainFACTORY JiffyBox API
Python
3
star
38

workflow-cps-global-lib-http-plugin

The goal of this plugin is to provide a way to retrieve shared libraries via HTTP(s) when referenced using the @Library declaration in a Jenkinsfile
Java
3
star
39

Confluence-Jira-Macro-customfields-workaround

Java
2
star
40

monitoring-plugins

Set of reusable monitoring plugins for Nagios/Icinga etc.
Perl
2
star
41

Interactive-Video-Player

An interactive video player based on Video.js
TypeScript
2
star
42

eclipse-toml-editor

A project transferred to Eclipse Foundation
Java
2
star
43

xjs

XJS: XML template language for typescript applications
TypeScript
2
star
44

Vidocq

A web-based UI to explore MongoDB
TypeScript
2
star
45

python-ptypes

Persistent types: storing objects in memory-mapped files without serializing
Python
2
star
46

Postman-Orchestrator

Java
1
star
47

Elastic-Scaling

Scala
1
star
48

jenkins-opentracing-plugin

Jenkins OpenTracing Plugin
Java
1
star
49

miniplanes

Go
1
star
50

pyctlmbatchtoolbox

Set of tools used to interact with Control-M
Python
1
star
51

odyssey-reactive-messaging

Java
1
star
52

collectd-plugins

Set of reusable plugins for collectd
Perl
1
star
53

bdist_pyinstaller

A side-car distutils command to automate creation of the pyinstaller packages in a non-intrusive way
Python
1
star
54

Checkout-Experience-iOS

Amadeus Payment Checkout Experience
Swift
1
star
55

ssh-key-generator

VSCode Extension facilitating the generation and the deployment of SSH keys
TypeScript
1
star
56

Amadeus-MetaConnect-Flight-Preselection

Google Tag Manager tag for flight preselection in Amadeus MetaConnect
Smarty
1
star
57

ivy

typescript template library to build advanced web applications : https://amadeusitgroup.github.io/ivy
TypeScript
1
star
58

keptn-splunk-sli-provider

Keptn-service to integrate Splunk in Keptn as the source for the Service Level Indicators and as a monitoring tool.
Go
1
star