SonarQube plugin to run the JDeveloper 11g or 12c code auditing tool (ojaudit) in the background and report all violations found by the Oracle JDeveloper auditing framework to SonarQube. Can be used for any JDeveloper 11g or 12c project, whether it is SOA, plain java, WebCenter, ADF or anything else.
Download and Installation
- before you install the plugin, run
JDEV_HOME/jdev/bin/ojaudit -rulehelp -output SONAR_HOME/conf/ojaudit-rulehelp.txtto generate a text file with all the audit rules in your JDeveloper installation. This is needed by the SonarQube plugin to discover all the rules that are available. Unfortunately, JDeveloper version 11.x does not include the severity for all rules in this file so all will be imported in SonarQube with severity Major. You can change these afterwards if you like.
if you decide to name the file something else or put it in another directory then edit(version 1.0 only works when rulehelp.txt file is placed in conf directory in sonar home directory)
SONAR_HOME/conf/sonar.propertiesand add a line
sonar.ojaudit.rulehelp=conf/ojaudit-rulehelp.txtto point to the location of the created text file. This path is relative to SONAR_HOME or can be an absolute path
- download the latest version of the plugin from https://github.com/adfemg/sonarqube-ojaudit/releases you don't need to download the sources to use the plugin, although you are welcome to do so and have a look how the thing really works
- put the downloaded JAR into
- (re)start SonarQube
- go to sonar in your webbrowser, login as administrator and go to settings. Then go to the
ADF EMG ojauditsettings and set the value for the
sonar.ojaudit.jdevhomeproperty. This should be the full path to the jdeveloper home directory. This is the directory that has
jdev/binas the subdirectory, for example
- while you are in the SonarQube web interface, go to Quality Profiles and verify there is a group for OJAudit Profiles that should have a
Sonar wayprofile with (depending on your JDeveloper installation) over 800 active rules. If 0 rules are active you have started SonarQube once without the
SONAR_HOME/conf/ojaudit-rulehelp.txtfile in place. Check if the file is there and if so, enable all rules in the
Sonar wayprofile. You can do this by editing the profile and search for all inactive rules from the ojaudit repository. Then simply use the bulk change at the right hand top to enable them all.
Be sure to read the installation instructions, especially the part on getting the rulehelp.txt file from ojaudit and registering it with SonarQube
When you analyse a project using SonarQube you can either use ant, maven or the command-line sonar-runner. Since the latter is the preferred approach by SonarQube we'll be using that as an example although the same settings apply to the other methods.
For sonar-runner to do its work it needs a
sonar-project.properties file in the root of the project you are going to analyse. When using the ojaudit plugin the example below is the simplest setup:
# basic information about the sonar project sonar.projectKey=ExampleProject sonar.projectName=Description of your project. sonar.projectVersion=0.99 # set language to use ojaudit plugin sonar.language=ojaudit # sources of the project assuming this properties file is # in same directory as .jws file sonar.sources=. # jdeveloper workspace file to analyze. # Relative path from the directory of this property file sonar.ojaudit.jws=ojauditSonar.jws
Once this is done you can simply run
SONAR_HOME/bin/sonar-runner from your project directory and it should analyse your project with ojaudit and feed all violations to SonarQube.
Most projects that you want to analyse with ojaudit probably also have java code in them. You could create two
sonar-project.properties files and use one to analyse your project with java plugins and one for ojaudit, but there is a clever way to do both in one run by using modules. You can specify multiple modules in a single
sonar-project.properties file and then override sonar properties per module. This allows you to setup one module for java analysis and another for ojaudit analysis:
# basic information about the sonar project sonar.projectKey=ExampleProject sonar.projectName=Description of your project. sonar.projectVersion=0.99 # use two modules sonar.modules=java-module,ojaudit-module # configuration for java-module java-module.sonar.language=java # although property is named projectName, this is actually the module name java-module.sonar.projectName=Java Module # by default modules are in a subdirectory with there name and we don't need that java-module.sonar.projectBaseDir=. java-module.sonar.sources=src/main/java,src/test/java # configuration for ojaudit-module # set language to use ojaudit plugin ojaudit-module.sonar.language=ojaudit ojaudit-module.sonar.projectName=OJAudit Module ojaudit-module.sonar.projectBaseDir=. # sources of the project assuming this properties file is in same directory as .jws file ojaudit-module.sonar.sources=. # jdeveloper workspace file to analyze. Relative path from the directory of this property file ojaudit-module.sonar.ojaudit.jws=ojauditSonar.jws
If you now run sonar-runner it should analyse your project in one go with both the SonarQube java analysis as well as the ojaudit analysis from our plugin.
Below are the properties you can set.
||project only||no default||Relative path to .jws or .jpr file from sonar project home|
||global and/or project||no default||absolute path to JDeveloper home directory (that has
||global and/or project||
||name of the JDeveloper audit profile to execute. Run
||global and/or project||
||ojaudit executable within
||global and/or project||60||maximum number of seconds to wait for ojaudit to complete|
||Path to the output of
Developing the plugin
If you want to build your own version of the SonarQube plugin from sources this is the page for you. This is also the place to be if you want to contribute to the project by adding new functionality or fixing bugs. If you're just interested in downloading the finished product and using it in your SonarQube installation simply read the instructions above.
Here are the few simple steps if you want to develop the plugin yourself:
- clone (or fork)
- open the ojauditSonar workspace from that checkout in JDeveloper and browse around
mvn clean installto build the plugin with maven, although you can also run this from within JDeveloper by right clicking the
- install the resulting
target/sonar-ojaudit-plugin-xxxx.jarinto your SonarQube installation and follow the other configuration instructions above