The last two months my Trivadis colleague Daniel Schutzbach and I have been working on the PL/SQL Cop plugin for SonarQube. The goal was to support the most recent SonarQube versions 5.6 LTS, 6.7 LTS and 7.0. Dani was doing the heavy lifting and my job was testing and minor bug fixing. Today I can proudly announce that we were successful and that we have released the following three plugins:
In this blog post I show how to setup a new SonarQube 7.0 server using Docker and analyze a PL/SQL project on my local machine with SonarQube Scanner. This post is a stripped down version of my Continuous Code Quality for PL/SQL with Docker post. I assume you know about Docker and have it installed on your machine.
Here is the table of content of the major steps.
In this step step I create a standalone container for SonarQube 7.0 using defaults to keep it simple.
1 |
docker run -d --name sq7 -p 9000:9000 sonarqube:7.0 |
To install the current version of PL/SQL Cop for SonarQube within the “sq7” container run
1 2 3 |
docker exec sq7 wget --no-check-certificate \ https://www.salvis.com/blog?ddownload=8167 \ -O /opt/sonarqube/extensions/plugins/sonar-plsql-cop-plugin-6.7.0.0.jar |
The wget command will be executed within the “sq7” container. Windows user have to replace the “\” with “^” when using CMD or with “" when using PowerShell.
To load the plugin we need to restart the container.
1 |
docker restart sq7 |
We will complete the installation in step 5.
Download PL/SQL Cop and unzip the downloaded file in a directory of your choice. I've installed it on my local machine in "/usr/local/bin/tvdcc".
Download SonarQube Scanner and unzip the downloaded file in a directory of your choice. I've installed it on my local machine in "/usr/local/opt/sonar-scanner".
Open "http://localhost:9000" in your web browser and log in with username "admin" and password "admin".
SonarQube asks you to provide a token name. Enter "cop" and press "Generate" and then "Continue" on the next page. Then the token name and the token will be shown on the upper right corner of the screen as follows:
Copy your token text (39d483241393ddd5600e9c9348ced410c7903c1a) to the clipboard and store it somewhere. We will need it in step 6. Press "Skip this tutorial" in the upper right corner.
Click on "Administration" and the Category "Trivadis PL/SQL Cop" and change the "Path to PL/SQL Cop command line tvdcc executable" to the path according step 3. In may case this is "/usr/local/bin/tvdcc/tvdcc.sh". Press "Save" and you are done.
Create a temporary directory (in my case "/Users/phs/demo" and type the following
1 |
git clone https://github.com/PhilippSalvisberg/plscope-utils.git |
This will clone the plscope-utils git repository. If you do not have Git installed you may download the repository as zip file and extract it.
Run the following command to analyze the PL/SQL packages of this project:
1 2 3 4 5 |
cd plscope-utils/database/utils/package sonar-scanner \ -Dsonar.projectKey=plscope-utils:main \ -Dsonar.sources=. \ -Dsonar.login=39d483241393ddd5600e9c9348ced410c7903c1a |
Windows user have to replace the "\" with "^" when using CMD or with "” when using PowerShell.
Open “http://localhost:9000” in your web browser.
Click on “plscope-utils:main”, select the “Issues” tab for this project and select all rules.
Click on an issue to see the source code line causing this issue.
Setting up a SonarQube 7.0 server with Docker is no big deal. Installing the PL/SQL Cop plugin is simple as well. However, I have only shown the minimum configuration. For real projects you will spend some time to configure your quality profiles and quality gates. A CI environment might help you to implement a fast quality feedback loop.
The audioless video summarizes the major installation and configuration steps. I hope this will encourage you to try PL/SQL Cop.
8 Comments
Can you share this docker image? Because when i try to run sonar-scanner itg gettin error and in debug mod i could not find any clue.
I’ve used the standard SonarQube image available on https://hub.docker.com/_/sonarqube/ . You should be able to create a container as described in chapter one. It should work, if you follow the instructions in this post.
Ok, i found the problem, in tvdcc.cmd file the java_home was wrong i changed it and it work.
@echo off
set TVDCC_HOME=%~dp0
set JAVA_HOME=C:\Program Files\Java\jre1.8.0_77
for %%X in (java.exe) do (set FOUND=%%~$PATH:X)
if not defined FOUND (
set JAVA_EXE=\bin\java.exe
for %%i in (“%JAVA_HOME%”) do if not exist “%%~si\%JAVA_EXE%” (
echo Cannot find “%JAVA_HOME%%JAVA_EXE%”, please set JAVA_HOME in tvdcc.cmd manually
goto endTVDCC
)
) else (
set JAVA_HOME=
set JAVA_EXE=java
)
:startTVDCC
“%JAVA_HOME%”%JAVA_EXE% -Xmx1024m -jar %TVDCC_HOME%tvdcc.jar %*
:endTVDCC
Also if its already determined below script can be usable.
@echo off
set TVDCC_HOME=%~dp0
set JAVA_EXE=\bin\java.exe
:startTVDCC
“%JAVA_HOME%”%JAVA_EXE% -Xmx1024m -jar %TVDCC_HOME%tvdcc.jar %*
:endTVDCC
Thanks for the feedback. Yes, you have to amend JAVA_HOME in tvdcc.cmd if java.exe is not found in the path.
What about opensourcing the plugin, are there any future plan?
No, there are currently no plans to open source this project.
The result of the scan was not able to published on my SonarQube UI. We have plans to buy this plugin but it is important that we should see first the results of analysis on our Sonar dashboard
Hi Faye,
Could you please open an issue here: https://github.com/Trivadis/plsql-cop-sonar/issues/new ?
It helps if you provide some details, e.g.
– OS where you are running SonarQube,
– Version of SonarQube
– Version of PL/SQL Cop for SonarQube plugin you’ve installed
– Directory where you have installed PL/SQL Cop CLI
– Version of the PL/SQL Cop CLI
– Screenshot of the configuration screen in SonarQube
– Version of SonarScanner you are using
– Output of SonarScanner
Thank you.