Skip to first unread message
Dinesh Bolkensteyn
Dec 7, 2015, 12:09:02 PM12/7/15
to SonarQube
Hi all,
I would like to release the SonarQube C# Plugin 4.4 and the SonarQube Scanner for MSBuild 1.1.
The main feature of this combined release is to run the SonarQube C# rules as part of the build, when using MSBuild 14 (VS 2015).
This means that files are no longer analyzed indepdently, one by one, but the project is now seen as a whole.
As an example, the rule to detect classes which do not implement IDisposable but have IDisposable field members (S2931) can now report issues in SonarQube even when the field type is defined in another file - whereas previously the rule could not see that the class implements IDisposable.
See https://jira.sonarsource.com/browse/MMF-61 for further details on this feature.
This release ships with the same set of rules as the ones available in SonarLint for Visual Studio 1.6, adding 30 new rules.
Downloads:
SonarQube C# plugin 4.4 RC1 : https://github.com/SonarSource/sonar-csharp/releases/download/4.4-RC1/sonar-csharp-plugin-4.4-RC1.jar
SonarQube Scanner for MSBuild 1.1 RC1 : https://github.com/SonarSource/sonar-msbuild-runner/releases/download/1.1-RC1/MSBuild.SonarQube.Runner-1.1-RC1.zip
The documentation is up-to-date, and there is no end-user visible change in how to use the C# plugin or MSBuild Scanner:
Wiki: http://docs.sonarqube.org/display/PLUG/C%23+Plugin & http://docs.sonarqube.org/display/SONAR/Analyzing+with+SonarQube+Scanner+for+MSBuild
End-to-end ALM Rangers documentation PDF: https://github.com/SonarSource/sonar-.net-documentation/releases/download/1.2.1/SonarQube-Setup-Guide-For-Net-Users-v-1-2-1.pdf
As usual, I'd like to thank Duncan, Bogdan, Jean-Marc and Sam who just joined from Microsoft for their work on this sprint.
The vote is open for 72 hours.
Release early, release often!
Jorge Costa
Dec 7, 2015, 12:51:09 PM12/7/15
to SonarQube
Hi Dinesh,
I am using sonar-runner and i still see loads of false positives that are supposed to be fixed in this release.
for example S2333
and S1172, unused arguments for event handlers.
thanks
jc
Dinesh Bolkensteyn
Dec 8, 2015, 3:17:38 AM12/8/15
to SonarQube
Hi Jorge,
You need to use MSBuild 14 (that ships with VS 2015 RTM and VS 2015 Update 1) to benefit from the new feature of this sprint.
If you're on MSBuild 12, files will still be analysed 1 by 1, independently of one another.
Jorge Costa
Dec 8, 2015, 3:42:17 AM12/8/15
to SonarQube
i am using sonar-runner : http://docs.sonarqube.org/display/SONAR/Analyzing+with+SonarQube+Scanner
what is the property to change that?
Dinesh Bolkensteyn
Dec 8, 2015, 3:44:27 AM12/8/15
to Jorge Costa, SonarQube
Hi Jorge,
The use of the sonar-runner to analyse C# and .NET projects is no longer supported.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/c6de0d87-bdc3-4a77-af75-9cd9ee86dce7%40googlegroups.com.--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/EojqsKTMON8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
Jorge Costa
Dec 8, 2015, 3:57:37 AM12/8/15
to SonarQube, jmec...@gmail.com
suppose you need to make the analysis failed if using sonar runner? using it it will just cause noise everywhere because there results are going to be totally different..
you really should consider doing this in this release and officially inform about that sonar runner is no longer supported, because i really missed this communication
Dinesh Bolkensteyn
Dec 8, 2015, 4:06:35 AM12/8/15
to Jorge Costa, SonarQube
we're currently still allowing the use of the sonar-runner so that existing users can transition smoothly to the SonarQube Scanner for MSBuild.
(we don't want to break every existing build as soon as you upgrade from the C# plugin 4.3 to 4.4)
however we might in a future release fully stop to support the sonar-runner, as well as MSBuild 12, which indeed offer lower quality analysis results.
the deprecation of the sonar-runner was announced in this blog post - and we completely removed any reference to the sonar-runner from our C# & VB.NET plugins several months ago:
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/0bd0f30c-b158-4bbb-b8f0-b5371536d771%40googlegroups.com.
Jorge Costa
Dec 8, 2015, 4:30:08 AM12/8/15
to Dinesh Bolkensteyn, SonarQube
and its was ok, but now the results start to diverge quite a lot that it no longer makes sense to keep it. i hear everyday, reports about differences between local analysis and server analysis. you should really consider dropping support as soon as possible.
people using sonar runner are better off using 4.3 and sticking to it until they are ready to move to msbuild.
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/78df58c4-11fa-4dbe-86fb-259425bc6be9%40googlegroups.com.
Dinesh Bolkensteyn
Dec 8, 2015, 7:39:42 AM12/8/15
to SonarQube
thanks for the suggestion Jorge - we'll keep that in mind when reconsidering the sonar-runner & MSBuild 12 in the upcoming sprints.
On Monday, December 7, 2015 at 6:09:02 PM UTC+1, Dinesh Bolkensteyn wrote:
Dinesh Bolkensteyn
Dec 8, 2015, 7:57:41 AM12/8/15
to SonarQube
FYI I've just created the following ticket, scheduled to be fixed in this 4.4 sprint, to make this more explicitl:
On Monday, December 7, 2015 at 6:09:02 PM UTC+1, Dinesh Bolkensteyn wrote:
Jorge Costa
Dec 8, 2015, 8:19:29 AM12/8/15
to Dinesh Bolkensteyn, SonarQube
ok, thanks. thats a good idea.
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/be6005a2-1896-4807-8f5e-cd0a1c1bf67c%40googlegroups.com.
Jorge Costa
Dec 9, 2015, 3:15:24 PM12/9/15
to SonarQube
tried now the msbuild runner, and building is failing because sonar reports warnings as errors? by default those should be warnings so that the it does not fails the build?
[Csc] file.cs(97, 9): error S125: Remove this commented out code.
On Monday, 7 December 2015 19:09:02 UTC+2, Dinesh Bolkensteyn wrote:
text2...@gmail.com
Dec 10, 2015, 2:18:54 AM12/10/15
to SonarQube
Hi Dinesh,
Any idea about scanning of Microsoft Sql projects. Suggest me the SQL plugin for this.
Thanks,
Raghavendra Naik
Dinesh Bolkensteyn
Dec 10, 2015, 6:11:29 AM12/10/15
to Jorge Costa, SonarQube
Thanks Jorge
I assume that you have somehow set the "treat all warnings as errors" flag set on your project - which promotes warnings into errors.
We've created a ticket to force this flag to false during a SonarQube analysis:
We've identifed 2 other issues as well with this RC:
- the MergeRuleSet task can fail to access the ruleset file with a message stating it is already used by another process
- When there is a SonarLint rule failure (e.g. ConditionalSimplification & DelegateSubtraction throws a NPE) - then the whole SonarQube fails
We're going to build an RC2 - meanwhile let us know of any further issue that you might find
--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/EojqsKTMON8/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/75882db4-69c2-46eb-944b-24102da10323%40googlegroups.com.
Jorge Costa
Dec 10, 2015, 6:27:44 AM12/10/15
to Dinesh Bolkensteyn, SonarQube
Hi Dinesh,
We have that set for all projects inside visual studio. i agree with you that the runner should force this to false since the objective of the analysis is not to brake the build but upload issues and metrics to sonar
will do, thanks
br,
jc
Dinesh Bolkensteyn
Dec 11, 2015, 12:17:43 PM12/11/15
to Jorge Costa, SonarQube
The RC2 is available:
SonarQube C# plugin: https://github.com/SonarSource/sonar-csharp/releases/download/4.4-RC2/sonar-csharp-plugin-4.4-RC2.jar
SonarQube Scanner for MSBuild: https://github.com/SonarSource/sonar-msbuild-runner/releases/download/1.1-RC2/MSBuild.SonarQube.Runner-1.1-RC2.zip
Please test again, the vote is extended by another 72 hours.
Jorge Costa
Dec 12, 2015, 10:59:09 AM12/12/15
to Dinesh Bolkensteyn, SonarQube
+1 the false positives reported using sonar runner are also gone.
Dinesh Bolkensteyn
Dec 14, 2015, 8:36:05 AM12/14/15
to Jorge Costa, SonarQube
An RC3 is now available, which fixes additional 2 issues spotted during the week-end:
- existing project rulesets are now overriden instead of being merged (this avoids useless computation during the build - only the SonarQube C# plugin analyzers are executed)
- a NPE exception during the import of the SARIF report - the "issues" element is optional, but was required required in 4.3-RC2.
The new downloads:
- SonarQube C# Plugin 4.4-RC3: https://github.com/SonarSource/sonar-csharp/releases/download/4.4-RC3/sonar-csharp-plugin-4.4-RC3.jar
- SonarQube Scanner for MSBuild 1.1-RC3: https://github.com/SonarSource/sonar-msbuild-runner/releases/download/1.1-RC3/MSBuild.SonarQube.Runner.1.1-RC3.zip
Dinesh Bolkensteyn
Dec 17, 2015, 5:42:04 AM12/17/15
to SonarQube
I am now closing this vote and will proceed with the release.
Thank you all.
On Monday, December 7, 2015 at 6:09:02 PM UTC+1, Dinesh Bolkensteyn wrote:
Reply all
Reply to author
Forward
0 new messages