TechCognia TSql SonarQube Plugin
version 1.7.0 (earlier version 1.6.x)
- Compatible with SonarQube 7.1 , 7.0 and 6.7.2
- Rule are updated with categorization of Bugs, Vulnerability and Code Smell.
Our existing customers can use this version of plugin to upgrade to latest version of SonarQube along with SQLCodeGuard (v2.8/2.9).
System Requirements (Client/Slave)
- Windows 2003/2008 R2/2012 R2 or Window 7 Operation System
- Microsoft .Net Framework 4.0
- SqlCodeGuard 2.8/2.9
- SonarQube Scanner (Command line) 3.1
- JDK 8 / JRE 8
- SonarQube 6.7.2 / 7.0 / 7.1 running in Windows/Linux
The downloaded zip file contains the following
- The plugin techcognia-tsql-plugin-X.X.X.X.jar
- A sample "sonar-project.properties" file
A folder "TechCognia" which contains the following
* SqlCodeGuardAPI.dll * TechCognia.MsBuild.dll * SQLCodeGuard.msbuild file will be mapped to the plugin once we install the plugin inside sonarqube. * License Information
- Extract the downloaded zip file at a suitable location
- Copy the file techcognia-tsql-plugin-X.X.X.X.jar to SONARQUBE_HOME/extensions/plugins. Existing users of this plugin will need to delete the earlier versions jar file and add the new one.
- Copy the "TechCognia" folder inside the attachments folder to a location of your choice on your local drives or to "C:\Program Files (x86)"
- Restart the SonarQube server.
- Login as a SonarQube administrator, go to Configuration > General Settings > TSQL Plugin
- Enter the full path of copied SQLCodeGuard.msbuild in the MSBuild File Path text box if its different from "C:\Program Files (x86)\TechCognia\SqlCodeGuard.msbuild".
- Enter the full path of the MsBuild.exe if its different from the default one mentioned in the settings.
- Paste your license key and Save.
Note : It is always recommended to take a back up of your database before adding or upgrading the versions of our plugin.
How to run a analysis
To analyze a TSQL project, you must create a configuration file ‘sonar-project.properties’ in the root directory of the project. A simple example of your sonar-project.properties can be as follows
This sonar-project.properties is placed outside Database Folder, having this setting will analyze all your sql files inside all the folders.
You can use more modules to exclude/include folders inside the database folder.
# Required metadata sonar.projectKey=ProjectKey:ProjectName sonar.projectName=ProjectName sonar.projectVersion=1.0 # Path to the parent source code directory. # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. # Since SonarQube 4.2, this property is optional. If not set, SonarQube starts looking for source code # from the directory containing the sonar-project.properties file. sonar.modules=Database Database.sonar.projectBaseDir=Database Database.sonar.sources=. # Encoding of the source code sonar.sourceEncoding=UTF-8
Execute the following command from the root directory of the project at the command prompt
For Sonar-Scanner Command line
Why do I need SqlCodeGuard.msbuild file ?
SqlCodeGuard.msbuild file is invoked by plugin when an analysis is run through the sonar-runner. This file has RunSqlCodeGuard tasks which would call the SqlCodeGuard api's to get the rule violations/issues and complexity levels for each of the sql files.
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <UsingTask AssemblyFile="TechCognia.MSBuild.dll" TaskName="TechCognia.MSBuild.RunSqlCodeGuard" /> <PropertyGroup> <SourcePath>c:\temp\SQL</SourcePath> <Rules>c:\temp\SQL</Rules> <OutputPath>c:\temp</OutputPath> </PropertyGroup> <Target Name="Release"> <RunSqlCodeGuard SourcePath="$(SourcePath)" ActiveRules="$(Rules)" OutFile="$(OutputPath)" Quiet ="false" FileEncoding = "UTF-8" TreatWarningsAsErrors="false" TreatIssueAsError="" /> </Target> </Project>
This consist of a PropertyGroup section which has few properties such as SourcePath, Rules and OutputPath. The plugin invokes this file by assigning appropriate values to these properties therefore you may not need to change anything in this file unless you are trying to achieve more or add custom tasks.
This task is created by TechCognia and is available in TechCognia.MsBuild.dll. This creates a custom sqlcodeguard report using the SQLCodeGuardAPI.dll. The output is then parsed and stored into SonarQube by the plugin.
- SourcePath - Source path of the directory to be analysed
- ActiveRules - A semi-colon separated list of rule codes for analysis.
- OutFile - The output location for the custom generated sqlcodeguard xml report.
- Quiet - If set to true, the analysis of sql files will continue quietly even if there are rule code violations detected which should be treated as errors. During an incremental or preview analysis, it is recommended that you always run your analysis in quiet mode. If set to "false" by default, the analysis stops as soon as rule code violation which should be treated as error is detected.
- FileEncoding - By default it is "UTF-8". This is the file encoding for generated output report
- TreatWarningsAsErrors - By default it is "false". Through this the issues/violations reported by sqlcodeguard can be treated as errors in the msbuild run. This does not have any relationship with the way sonarqube reports the data. This can be used to control or fail your continuous integration process.
- TreatIssueAsError - By default it is blank. A comma seperated list of rule codes that you want to be treated as errors.
Can I provide a actual database for analysis ?
As of now the plugin cannot analyse a database, it only looks at the script files to perform its analysis using SqlCodeGuard.