Skip to first unread message
o.gy...@gmail.com
May 29, 2017, 7:29:20 AM5/29/17
to SonarQube, Daniel Krupp
Hi,
Are there any plans to extend the current visualization of the reports on the UI with more information from the source analyzers?
For example in this SonarJS example https://blog.sonarsource.com/wp-content/uploads/2017/05/cool-issue-annotated.png there are
some assumptions made by the analyzer (in this case by somebody) which were drawn on the screenshot, like "when 'name' is falsy, 'noTrigger' is false".
The analyzer knows this information during the analysis but it is not stored to the database if I'm correct.
Would it be possible to store and show this extra information on the current UI if I had an analyzer plugin which produces more data-flow
related information (not just the place where the error happened)?
I mean something similar to this https://clang-analyzer.llvm.org/images/analyzer_html.png or in XCode arrows are drawn too: https://clang-analyzer.llvm.org/images/analyzer_xcode.png,
but even without the arrows (steps only) the additional information from the analyzer could help a lot to understand the error.
Thanks,
Gyorgy Orban
The SonarJS example was posted here https://blog.sonarsource.com/sonarjs-3-0/
Scott B.
May 29, 2017, 8:51:47 AM5/29/17
to SonarQube, danie...@gmail.com, o.gy...@gmail.com
Hi.
The next version of SonarQube (currently in RC) improves this a lot.
See an example: https://next.sonarqube.com/sonarqube/project/issues?id=org.sonarsource.sslr%3Asslr&open=AVwbZ4h58FN7287hDv85&resolved=false&rules=squid%3AS2589
Michael Gumowski
May 29, 2017, 9:18:22 AM5/29/17
to Scott B., SonarQube, danie...@gmail.com, o.gy...@gmail.com
Thanks for your reply @Scott,
This is indeed a hot topic here at SonarSource at the moment, and we are definitely working hard on the subject in order to improve things and help reporting of issues!
For your information, version 4.10 of the SonarJava analyzer (currently in RC1) considerably improved flow messages for Symbolic-execution-based rules (but obviously only targets Java language), while SonarQube 6.4 (currently in RC2) is offering a completely redesigned User Interface to ease navigation and help understanding of these flow messages.
For analyzers targeting other languages, such as SonarJavascript, adding flow messages is still work in progress, and will progressively be improved.
Cheers,
Michael
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/5bd932d7-abb8-48af-aadf-0353d31f999f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Michael Gumowski | SonarSource
György Orbán
Jun 8, 2017, 10:25:36 AM6/8/17
to SonarQube, scot...@gmail.com, danie...@gmail.com, o.gy...@gmail.com
Hi,
Thanks for the quick answers and examples!
I've checked the sonar-java plugin, if I'm right you are adding the flow information to the reports here: https://github.com/SonarSource/sonar-java/blob/d954b1af47491316c640f91ff907d97cd1d5d179/java-frontend/src/main/java/org/sonar/java/SonarComponents.java#L228
I've checked the http://javadocs.sonarsource.org/latest/apidocs/ (org.sonar.api.batch.sensor.issue) for the Issue and Issue.Flow interfaces which should handle these types of flow information if I'm right.
If I have analysis results with flow information I should be able to extend the saved issue this way and the latest SonarQube 6.4 should be able to visualize it.
Are there any other developer resources or discussions about the topic I should check?
Thanks,
Gyorgy Orban
Reply all
Reply to author
Forward
0 new messages