New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I don't see any ZAP logs when lauching a sonar analysis #7

Open
san-ouadghiri opened this Issue Jul 11, 2017 · 7 comments

Comments

Projects
None yet
4 participants
@san-ouadghiri

san-ouadghiri commented Jul 11, 2017

Hi,

Context:

  • I use sonarqbe 6.4
  • The .jar file, compiled as stated in this plugin readme, is on the sonarqbe plugin folder
  • I analyze a maven project, coded in Java
  • I launch the sonar execution manually so far by calling the maven goal sonar:sonar -Dsonar.host.url=<MySonarURL> as stated in the sonar documentation

By default my POM as no mention of sonar nor zap. I tried adding some configuration like FranciscoSan did in #6 but did not obtain any better result 😞. The 6.4 version of sonarQbe does not offer dashboards thus I can't try adding any widget to it as a check.

I'm new to this plugin, and to sonar overall, so consider telling me to do basic dumb checks, it may be that.

My Logs Overall:
"C:\Program Files\Java\jdk1.8.0_131\bin\java" -Dmaven.multiModuleProjectDirectory=<myProject LocalDirectory> "-Dmaven.home=C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\plugins\maven\lib\maven3" "-Dclassworlds.conf=C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\plugins\maven\lib\maven3\bin\m2.conf" "-javaagent:C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\lib\idea_rt.jar=62655:C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\bin" -Dfile.encoding=UTF-8 -classpath "C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2017.1.3\plugins\maven\lib\maven3\boot\plexus-classworlds-2.5.2.jar" org.codehaus.classworlds.Launcher -Didea.version=2017.1.4 sonar:sonar -Dsonar.host.url=<MySonarURL>
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Engagement - UI testing 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- sonar-maven-plugin:3.3.0.603:sonar (default-cli) @ <Project> ---
[INFO] User cache: C:\Users\<me>\.sonar\cache
[INFO] Load global settings
[INFO] Load global settings (done) | time=218ms
[INFO] User cache: C:\Users\<me>\.sonar\cache
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=9ms
[INFO] SonarQube version: 6.4.0
[INFO] Default locale: "fr_FR", source code encoding: "UTF-8"
[INFO] Process project properties
[INFO] Load project repositories
[INFO] Load project repositories (done) | time=42ms
[INFO] Execute project builders
[INFO] Execute project builders (done) | time=0ms
[INFO] Load quality profiles
[INFO] Load quality profiles (done) | time=22ms
[INFO] Load active rules
[INFO] Load active rules (done) | time=210ms
[INFO] Load metrics repository
[INFO] Load metrics repository (done) | time=174ms
[WARNING] SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
[INFO] Publish mode
[INFO] Project key: <myProjectKey>
[INFO] ------------- Scan <myProject>
[INFO] Load server rules
[INFO] Load server rules (done) | time=38ms
[INFO] Initializer GenericCoverageSensor
[INFO] Initializer GenericCoverageSensor (done) | time=0ms
[INFO] Base dir: <myProject LocalDirectory>
[INFO] Working dir: <myProject LocalDirectory>\target\sonar
[INFO] Source encoding: UTF-8, default locale: fr_FR
[INFO] Index files
[INFO] 102 files indexed
[INFO] Quality profile for java: Sonar way
[INFO] Sensor JavaSquidSensor [java]
[INFO] Configured Java source version (sonar.java.source): 7
[INFO] JavaClasspath initialization
[INFO] JavaClasspath initialization (done) | time=15ms
[INFO] JavaTestClasspath initialization
[INFO] JavaTestClasspath initialization (done) | time=7ms
[INFO] Java Main Files AST scan
[INFO] 102 source files to be analyzed
[INFO] 102/102 source files have been analyzed
[INFO] Java Main Files AST scan (done) | time=10903ms
[INFO] Java Test Files AST scan
[INFO] 0 source files to be analyzed
[INFO] Java Test Files AST scan (done) | time=5ms
[INFO] Sensor JavaSquidSensor [java] (done) | time=11721ms
[INFO] Sensor Analyzer for "php.ini" files [php]
[INFO] 0/0 source files have been analyzed
[INFO] Sensor Analyzer for "php.ini" files [php] (done) | time=4ms
[INFO] Sensor SurefireSensor [java]
[INFO] parsing [<myProject LocalDirectory>\target\surefire-reports]
[INFO] Sensor SurefireSensor [java] (done) | time=3ms
[INFO] Sensor JaCoCoSensor [java]
[INFO] Sensor JaCoCoSensor [java] (done) | time=1ms
[INFO] Sensor SonarJavaXmlFileSensor [java]
[INFO] Sensor SonarJavaXmlFileSensor [java] (done) | time=1ms
[INFO] Sensor Zero Coverage Sensor
[INFO] Sensor Zero Coverage Sensor (done) | time=114ms
[INFO] Sensor CPD Block Indexer
[INFO] Sensor CPD Block Indexer (done) | time=254ms
[INFO] No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
[INFO] 6 files had no CPD blocks
[INFO] Calculating CPD for 96 files
[INFO] CPD calculation finished
[INFO] Analysis report generated in 2031ms, dir size=826 KB
[INFO] Analysis reports compressed in 402ms, zip size=373 KB
[INFO] Analysis report uploaded in 244ms
[INFO] ANALYSIS SUCCESSFUL, you can browse <MyProjectUnderSonarURL>
[INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[INFO] Task total time: 17.260 s
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 23.498 s
[INFO] Finished at: 2017-07-11T15:56:11+02:00
[INFO] Final Memory: 26M/595M
[INFO] ------------------------------------------------------------------------
Process finished with exit code 0

Is this plugin 6.4 compliant ? Did I miss something obvious like a basic ocnfiguration ? What checks/troubleshooting can I make ?
Thanks for your time,
San.

@boranx

This comment has been minimized.

boranx commented Jul 25, 2017

+1

@stevespringett

This comment has been minimized.

Contributor

stevespringett commented Jul 25, 2017

The plugin hasn't been updated for 6.x yet. It was forked from the Dependency-Check plugin for SQ5. The Dependency-Check plugin has been updated for SQ6, but this plugin as not. There are a lot of API changes between the two versions. There's also a drastic reduction in usability in SQ6 for plugins like ZAP and DC that do not relate findings to individual source files.

I'm hoping SonarSource addresses these issues, but it will mean even more API changes if they do.

@san-ouadghiri

This comment has been minimized.

san-ouadghiri commented Jul 25, 2017

Do you plan on adapting ZAP based on the Dependency-Check plugin, or do you wait for Sonar to address some of this plugin perimeter reduction (if they plan to, which is not sure) first?
I saw the same issue on the PERL plugin. Some deprecated API were removed, APIs still hugely used by plugins, leading to several lack of compliance between 6.3-6.4 and the sonar plugin world :|.

@san-ouadghiri

This comment has been minimized.

san-ouadghiri commented Aug 18, 2017

@stevespringett

This comment has been minimized.

Contributor

stevespringett commented Oct 17, 2017

Now that an updated version of the Dependency-Check SonarQube plugin has been released that supports SQ 6.3 and higher, the ZAP plugin should be updated in much the same manner.

I will not likely have time to do this until H1 2018 as I'm fully invested in other projects at the moment. PRs are always welcome ;-)

@NiklasMehner

This comment has been minimized.

NiklasMehner commented Nov 6, 2017

I have create pull request #9 for this issue.

@san-ouadghiri

This comment has been minimized.

san-ouadghiri commented Nov 10, 2017

@stevespringett @NiklasMehner I'm gonna try that asap and let you know. @NiklasMehner thank you very much for your time and that PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment