Spring-boot: Investigate CI integration with sonarcloud.io

Created on 17 Jan 2018 · 11Comments · Source: spring-projects/spring-boot

11624 as shown there could be some value.

task

Source

philwebb

👍1

Most helpful comment

FindBugs is unsupported and outdated, HuntBugs also dead. Only Sonar complex rules analyser is alive.

AFAIK, SpotBugs is alive and the successor to FindBugs.

shakuzen on 21 Jan 2018

👍2

All 11 comments

I'm not opposed to adding extra code quality checks to the build as long as they don't slow things down too much and can be run locally prior to pushing a change.

wilkinsona on 17 Jan 2018

I am ok to integrate it as long as it is an integral part of our development process and we take the time to craft a profile that eliminates what we consider false positive. The direct side effect of that is that we need a quality gate with concrete actions when it doesn't pass.

snicoll on 17 Jan 2018

👍1

@wilkinsona it is possible to create maven profile to run locally on local SonarQube instance,
also possible run IntelliJ Idea SonarLint plugin with rules and settings from http://sonarcloud.io. SonarLint can analyse only on VCS changed files. We need measure sonar plugin overhead on typical project build.

igor-suhorukov on 20 Jan 2018

Thanks for the info. Running a local instance is what I’ve done in the past and I’ve found it cumbersome and awkward. I’d like a way to analyse code locally but using the rules defined in the server. At a minimum I think that analysis needs to happen in command line builds (as we do today with Checkstyle). Being able to run them in IntelliJ and Eclipse would be a nice bonus.

wilkinsona on 20 Jan 2018

I’d like a way to analyse code locally but using the rules defined in the server

I know only local IDE approach: SonarLint with remote rule server configuration
sonarling-screenshot

igor-suhorukov on 20 Jan 2018

Perhaps running PMD and FindBugs as part of the build would be better. That might potentially find the same issues without requiring the server. This article has some relevant background.

philwebb on 21 Jan 2018

@philwebb FindBugs is unsupported and outdated, HuntBugs also dead. Only Sonar complex rules analyser is alive. It is possible to run IntelliJ Idea analyser from scripts, but difficult to enforce rules and generate buid reports from output.

igor-suhorukov on 21 Jan 2018

I wonder how much mileage we’d get out of using jQAssistant? At first look, it’s incredibly flexible and integrates with Maven. It looks like it could do what we might want, but it may require quite a bit of effort if we have to write many of the queries ourselves. I think @olivergierke may have some experience with it and could perhaps offer some advice.

wilkinsona on 21 Jan 2018

👍1

@wilkinsona thank you for information! Very interesting framework in terms of code structure querying in SQL like language.

igor-suhorukov on 21 Jan 2018

FindBugs is unsupported and outdated, HuntBugs also dead. Only Sonar complex rules analyser is alive.

AFAIK, SpotBugs is alive and the successor to FindBugs.

shakuzen on 21 Jan 2018

👍2

@shakuzen thank you!

igor-suhorukov on 21 Jan 2018

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Spock 1.0 currently in dependency management has problems running Spring Boot tests

lievendoclo · 3Comments

Guava ClassPath doesn't work after upgrading 1.4.0.M1

izeye · 3Comments

Configure LDAP for Spring Security in application.properties

bbrouwer · 3Comments

OAuth2AutoConfiguration uses OAuth2MethodSecurityExpressionHandler without a BeanResolver set

rwinch · 3Comments

Replace SpringApplication.run(Object) with type safe variants

philwebb · 3Comments