Skip to content
A SonarQube plugin to analyze Clojure source.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/ISSUE_TEMPLATE
.mvn/wrapper
src
.gitignore
.travis.yml
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Dockerfile
LICENSE
README.md
mvnw
mvnw.cmd
pom.xml
start-sonarqube.sh
travis.sh

README.md

SonarClojure

A SonarQube plugin to analyze Clojure source.

Build Status Quality Gate Coverage

Current State

Features:

  • Static code analysis powered by eastwood and kibit.
  • Detection of outdated dependencies/plugins powered by lein-ancient.
  • Coverage reports powered by cloverage.
  • Detection of vulnerable dependencies powered by lein-nvd.

This plugin was inspired in the previous SonarClojure that at this moment is not under development and doesn't support SonarQube 6.7. Since the changes to port the old plugin were very extensive, I decided to start from scratch and use the old plugin as inspiration.

Installation

In order to install SonarClojure:

  1. Download the latest jar of the plugin.
  2. Place the jar in the SonarQube server plugins directory, usually located under: /opt/sonarqube/extensions/plugins/
  3. Restart the SonarQube server.

Usage

  1. Change your project.clj file and add the required plugins:

    :plugins [[jonase/eastwood "0.2.5"]
              [jonase/kibit "0.1.6"]
              [lein-ancient "0.6.15"]
              [lein-cloverage "1.0.13"]
              [lein-nvd "0.6.0"]]
  2. Create a sonar-project.properties file in the root folder of your app:

    sonar.projectKey=your-project-key
    sonar.projectName=YourProjectName
    sonar.projectVersion=1.0
    sonar.sources=src,project.clj
    sonar.clojure.lein-nvd.json-output-location=target/nvd/dependency-check-report.json
    sonar.clojure.cloverage.json-output-location=target/coverage/codecov.json
  3. Run sonar-scanner on your project.

Disabling Sensors

Sensors can be disabled by setting sonar.clojure.<sensorname>.disabled=true or by using command line switch -Dsonar.clojure.<sensorname>.disabled when running sonar-scanner.

Sensor names are eastwood, kibit, ancient-clj, lein-nvd and cloverage.

Some sensors have mandatory properties. Keep in mind that if you don't disable it, you will have to set the property.

Building from Source

./mvnw clean package

Maven will generate a SNAPSHOT under the folder target.

Compatibility

At the moment, SonarClojure was tested on SonarQube up to version 7.1.

We noticed that in later versions of SonarQube, the project overview might be empty. This normally suggests that SonarClojure was not able to detect analyzable files during the scanning.

License

SonarClojure is open-sourced software licensed under the MIT license.

You can’t perform that action at this time.