PL/SQL Cop for SonarQube – Changelog


General Availability (GA) Releases of Trivadis PL/SQL Cop for SonarQube



  • New:
    • Improve OS independence of properties sonar.plsqlcop.tvdcc.path and sonar.plsqlcop.tvdcc.param.licence.
      • Unix environments
        • remove leading c:
        • remove leading  d:
        • change \ to /
        • change tvdcc.cmd to
      • Windows environments
        • change to tvdcc.cmd
    • Processing continues without code validation if the PL/SQL Cop executable is not found. In this case, an error is logged.
  •  Fixed:
    • Eliminated the warning WARN: Property 'sonar.plsqlcop.file.suffixes' is not declared as multi-values/property set but was read using 'getStringArray' method.



  • Fixed
    • Crash of background analysis task when analysing empty directories or directories without relevant source files
    • Null pointer exception when analyzing directories without relevant source files (warning, without impact)



  • New:
    • Runs in SonarQube 6.7 – 7.0
  • Changed
    • Custom dashboards and dashboard widgets are discontinued by SonarQube, hence the following PL/SQL Cop widgets are not available anymore:
      • Project Summary
      • Parameters
    • The following metrics are discontinued by SonarQube and not available anymore:
      • Complexity / Function
      • Complexity / File



  • New:
    • Runs in SonarQube 5.6 – 6.6
      • Plugin interfaces do not allow JDBC connections to the SonarQube database anymore
      • SonarQube server is handling all database operations
    • New metric “Max. cyclomatic complexity”
    • New average complexity metrics
      • Complexity / Function
      • Complexity / File
    • New metric “Rating Max. Cyclomatic Complexity”
      • A: <11
      • B: 11 .. 30
      • C: 31 .. 40
      • D: 41 .. 50
      • E: > 50
    • New metric “Rating Max. Halstead Volume”
      • A: < 1001
      • B: 1001 .. 2000
      • C: 2001 .. 2500
      • D: 2501 .. 3000
      • E: > 3000
    • New metric “Rating Min. maintainability index (MI)”
      • A: > 84
      • B: 75 .. 84
      • C: 70 .. < 75
      • D: 64 .. < 70
      • E: < 64
    • The widget “Project Summary” shows the following additional metrics
      • Number of files
      • Number of lines
      • Number of net lines
      • Complexity
    • The widget “Parameters” shows now all PL/SQL Cop command line parameter values
  • Changed:
    • New formula for metric “Complexity”
      • Sum of the cyclomatic complexities of all units (procedures, functions, methods) in a file
      • This makes the complexity independent of the number of files used to store units
      • If units in a file are not “connected”, then the calculated complexity is expected to be “too high”
      • In previous versions the “Max. cyclomatic complexity” has been used for complexity, which was “too low” in some cases
    • SQALE characteristics are discontinued by SonarQube and replaced by rule types
    • SQALE characteristic “security” is mapped to rule type “Vulnerability”, issues of type error are mapped to rule type “Bug”, all other issues are mapped to rule type “Code Smell”
    • SQALE characteristics “changeability”, “efficiency”, “maintainability”, “portability”, “reliability”, “reusability” and “testability” are stored as tags. The SQALE characteristic “security” is not stored as a tag since this would be redundant to the rule type “Vulnerability”.
  • Fixed:
    • Metric links in widget “Project Summary” now open the correct detail pages



  • New:
    • Runs in SonarQube 4.5.0 – 5.1.2 (previously version 4.5.7 was required)
    • New version numbering system, indicating the required, minimal SonarQube LTS version

Version 2.1.2


  • Fixed:
    • Non-default activation severities are not considered when creating issues

Version 2.1.1


  • New:
    • Guidelines (rules) updated to include a reason
  • Fixed:
    • Various formatting issues

Version 2.0.0


  • New:
    • Supporting Trivadis PL/SQL & SQL Coding Guidelines Version 3.2
      • New rule numbering scheme
      • 13 new rules
        • G-5010: Try to use a error/logging framework for your application.
        • G-8410: Always use application locks to ensure a program unit only running once at a given time.
        • G-8420: Always use dbms_application_info to track program process transiently
        • G-3160: Avoid virtual columns to be visible.
        • G3170: Always use DEFAULT ON NULL declarations to assign default values to table columns if you refuse to store NULL values.
        • G2230: Try to use SIMPLE_INTEGER datatype when appropriate.
        • G-3150: Try to use identity columns for surrogate keys.
        • G-3180: Always specify column names instead of positional references in ORDER BY clauses.
        • G-3190: Avoid using NATURAL JOIN.
        • G-7460: Try to define your packaged/standalone function to be deterministic if appropriate.
        • G-7810: Do not use SQL inside PL/SQL to read sequence numbers (or SYSDATE)
        • G-8120: Never check existence of a row to decide whether to create it or not.
        • G-8310: Always validate input parameter size by assigning the parameter to a size limited variable in the declaration section of program unit.
      • PL/SQL Cop errors included as rules
        • E-0001: Timeout occurred (after n seconds) during load/parse/validation of resource.
        • E-0002: Syntax error. Please contact the author if the code compiles successfully in your environment.
        • E-0003: License limit reached.
      • Rules and quality profiles for non-default validators are loaded from PL/SQL Cop genmodel directory when starting SonarQube
      • Severity and SQALE characteristics are included in HTML and Excel outputs, issues are ordered by severity (Blocker, Critical, Major, Minor, Info)
    • New Preferences
      • Generate SonarQube model – Generate SonarQube XML model files for non-default validator
      • Validator class – Decendent of PLSQLJavaValidator, default is com.trivadis.tvdcc.validators.TrivadisGuidelines3
    • Fixed:
      • Analysis stops when PL/SQL Cop throws an error or when reported rule is unknown
    • Prerequisites:
      • PL/SQL Cop 2.0
      • SonarQube version 4.5.7 up to 5.1.2

Version 1.0.3


  • Fixed issues calling the command line utility with multiple file extension Windows. The filter parameter needs to be double quoted in this case.

Version 1.0.2


  • Fixed wrong issues severity. The severity of an issue is now reported according categorisation within SonarQube. This leads to a different and better SQALE rating.

Version 1.0.1


  • Support Non-Windows SonarQube installations
  • Fixed typos in settings page

Version 1.0.0


  • Initial GA Release
  • Checks for compliance of guidelines in Trivadis PL/SQL & SQL Coding Guidelines Version 2.0 and stores issues in the SonarQube database
  • Stores standard SonarQube metrics in the SonarQube database
    • Lines (incl. blank lines and comment lines)
    • Lines of Code (lines without blank lines and without comment lines)
    • Comment lines
    • Functions (PL/SQL units)
    • Statements
    • Complexity (Max. Cyclomatic Complexity)
  • Stores additional PL/SQL Cop file metrics in the SonarQube database
    • Max. Cyclomatic Complexity (redundant to Complexity)
    • Max. Halstead Volume
    • Min. maintainability index (MI)
    • Number of blank lines
    • Number of bytes
    • Number of commands
    • Number of comment lines (redundant to Comment lines)
    • Processing time in seconds
  • Tested on SonarQube 4.5.7 and SonarQube 5.1.2
  • SonarQube 5.2 and higher is currently not supported