In a recent sonar test, we found over 30k total violations in our projects. I was told to spend some time to look over all of the blocker/critical violations and fix them accordingly. I was told by my mentor that to run sonar on the projects again, I would have to first commit the changes I made. And because I am an intern they don't want to do that. Is there any another method besides committing the changes and run sonar?
I am using Intellij and the projects are mavenized, if that helps with anything.
Yep, set up a local Sonar server by following the instructions at http://docs.sonarqube.org/display/SONAR/Installing
Once you've done that you can view all your projects at localhost:9000 by doing mvn sonar:sonar. It's not necessary to install a build server, so long as your projects are maven-enabled you should be able to just do mvn sonar:sonar whilst a local sonar server is running.
You can also install the eclipse plugin (if you use eclipse) which will allow you to do realtime code analysis - so you can see when you've managed to solve a violation. Violations are highlighted directly in the code as well which helps considerably.
http://docs.sonarqube.org/display/SONAR/SonarQube+in+Eclipse
Sonar internally uses plugin like PMD, Checkstyle etc. You can install PMD or checkstyle plugin for eclipse and it will show all the potential violations. It will be useful for you to see how far you have fixed the problems before you checkin
You could install hudson + sonar locally in your machine and run it every time that you want to, no need to commit code.
You will need to expend quite some time setting up stuff, but there is a lot of good documentation to do so.
Running SonarQube server with docker may help.
Install sonarqube server
docker pull sonarqube
Run server
docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube
Resume container when stopped
docker start sonarqube
Install SonarScanner
Download and install SonarScanner from scanner here.
Basic Configuration
Create a file named sonar-project.properties insider your project directory
with following contents.
sonar.projectKey=YourProjectKey
sonar.projectName=YourProjectName
sonar.projectVersion=1.0
sonar.sources=.
Run Analysis
cd /to/project/path
sonar-scanner
Access Results
open http://localhost:9000 in browser.
login with default username & password (admin, admin).
References
- https://www.gsaadeh.com/sonarqube-docker-locally/
- https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
- How restart a stopped docker container
Unbelievable solutions for something a simple script or plugin should be capable of. If Git commit can do it, why can't another? I found Sonar(Lint) plugin which works well with IJ. Maybe it was late into the game but it is available now.
You can use SonarLint. You can configure it with your IDE, and give it access to your SonarQube or SonarCloud, and configure each project to use the Quality Profiles used in your Sonar instance. So your IDE will show code smells, etc. while you code.
