1

We get a java app source code shipped from a partner, but it doesn't include test code.

We want to run sonar qube against the code; but against our standard quality profile (PMD/Findbugs etc) technical debt gets skewed by no test coverage. I tried disabling the coverage rules, or setting the coverage ration to 0 but that just killed everything, no issues, no technical debt or useful feedback on the code.

Can anyone suggest a ruleset or mechanism that would allow us to run a sonar report on the code and retain some of the useful feedback relating to technical debt? Other than writing a new plugin....

bfd
  • 31
  • 1
  • 3
  • Disabling the coverage rule and rebuild the project should do the trick. Did you rebuild? – Absurd-Mind Jun 23 '14 at 14:01
  • Yes; disabled the coverage rules "Insufficient branch coverage by unit tests" and "Insufficient line coverage by unit tests"; rebuilt the project, and we get 0 issues, 0 security violations and 0 technical debt. If I didn't know better I'd think this code was well written... – bfd Jun 23 '14 at 14:20
  • There must be something wrong, inspect the build logs if there is some hint why no static analysis was run. Did you call `mvn sonar:sonar` and not just `mvn verify`? (In case of maven) – Absurd-Mind Jun 23 '14 at 14:24
  • this is being done via sonar-runner; rather than the mvn plugin. There doesnt appear to be any problem with the build.... – bfd Jun 24 '14 at 09:37
  • so, the resolution turned out to be – bfd Jun 25 '14 at 11:04
  • 1
    So, the resolution turned out to be. Delete the project. Remove the bespoke quality profile which I had configured and messed around with. Rebuild the project and run sonar against the default profile. Recreate the Quality Profile (it was originally derived from another project). Add the project to the new profile. Rebuild application and run sonar against the new profile. Then remove the coverage rules identified, re-run the build, and everything is hunky dory... The technical debt is reduced somewhat, given that coverage is not taken in to account. – bfd Jun 25 '14 at 11:10
  • Thanks for the update, as i read this is suspect there was some misconfiguration which got cleaned by setup everything from the beginning. – Absurd-Mind Jun 25 '14 at 11:26

1 Answers1

0

In the todays sonar configuration there is an option to define where are the coverage test result file. Sonar only reads the file to figure out the coverage.

This file is in a default folder. If it don't exists sonar will ignore coverage aspects during the scan. What I did sometimes was just change the default location to some unexistent folder.

I will not give here the exact path to find this configuration in sonar because it changes from time to time. However, you should find it very easily.

Jandisson
  • 360
  • 1
  • 10