Run preview analysis without authentication

[Christine Nof]

Dear Sonar Experts,

We recently upgraded to Sonar 6.1. We are experiencing a number of bumps in this upgrade. One of our issues is running on the command line. We have two scripts that run Sonar commands and our development community does not use all the same IDE.

Issue 1:

The maven plugin without sonar.login is unsuccessful. Is there a bug that is preventing all users from running this command without authentication?

Unsuccessful command:

mvn -o org.sonarsource.scanner.maven:sonar-maven-plugin:3.2:sonar -Dsonar.analysis.mode=preview -Dsonar.branch=$BRANCH -Dsonar.host.url=$SONAR_URL 

-Dsonar.skipPackageDesign=true -Dsonar.report.export.path=sonar-report.json

Successful command:

mvn -o org.sonarsource.scanner.maven:sonar-maven-plugin:3.2:sonar -Dsonar.analysis.mode=preview -Dsonar.branch=$BRANCH -Dsonar.host.url=$SONAR_URL 

-Dsonar.skipPackageDesign=true -Dsonar.report.export.path=sonar-report.json -Dsonar.login=%SONAR_USERNAME% -Dsonar.password=%SONAR_PASSWORD%

Issue 2:

We tried using the SonarLint CLI instead, but we noticed that it displays all errors (which means that the HTML page is too large and will not load). Does anyone know how to run SonarLint CLI with only new errors?

Thank you!

Christine

[Mark Gortzak]

Hi Christine,

About 1), it seems to me as if anonymous access is disallowed. What is there error?

About 2), I've asked the same question. You can use a glob pattern to exclude/include specific files. As of the time of me asking it wasn't possible to only analyze changed files with SonarLint CLI,

Hope this helps.

Greetings,

Mark

Op woensdag 10 mei 2017 01:18:27 UTC+2 schreef Christine Nof:

[Christine Nof]

Dear Mark,

Thank you for the reply!

Regarding issue #1:

The GUI shows that "Force user authentication" is set to Off/False. The sonar.forceAuthentication

A grep of the file system shows that the need_authorization.rb files has this value:

./web/WEB-INF/lib/need_authorization.rb:          force_authentication = Api::Utils.java_facade.getConfigurationValue('sonar.forceAuthentication')=='true'

I'm unclear how to interpret the file vs the user interface.

As far as the the Group permissions, Administrator and sonar-administrators are the only ones with access to "Execute Analysis". If I understand properly, permissions shouldn't be required to run a preview analysis - but obviously I have something set so that that isn't a correct statement. Do I need to allow the "Anyone" group to "Execute Analysis"... and if I do so, can I prevent them from updating the server?

Regarding the second issue, thank you for your input. We will probably continue to run desktop analysis using Maven.

Christine

[Mark Gortzak]

Hi Christine,

My understanding (guess?) is that yes, the user that performs a preview analysis (which is just a different type of analysis) needs the "execute analysis" permission. How this pertains to the code, I do not know. I'm just a user, not a developer :-).

Our setup is using LDAP for authentication, with the correct groups. We have a sonarqube user in the group sonar-developer. I created a token for that user, which is used in the SonarQube scanner. This way I do not have to provide the token or the user/pass in each analysis.

Hope this helps.

Greetings,

Mark

Op donderdag 11 mei 2017 21:51:02 UTC+2 schreef Christine Nof:

[Christine Nof]

Hi Mark and all,

From reading the description of the "Execute Analysis" permission, it appears that anyone who has that access can also upload analysis results. We currently have people who can run a preview analysis using a name sonar.login parameter. Those people do not have "Execute Analysis" permission.

We are looking for a way to anonymously execute analysis without being able to upload the results. We have been able to do so up until our recent upgrade from 5.1 to version 6.1. It appears that maybe we need either a generic user (such as your sonarqube user) or for each user to use the sonar.login and sonar.password parameters. Is there a way to run preview analysis without those parameters?

Thank you!

Christine