Skip to main content
Last updated December 23, 2013 21:41, by wvanderdeijl
Feedicon  

SonarQube ojaudit plugin

Download and Installation

  1. before you install the plugin, run JDEV_HOME/jdev/bin/ojaudit -rulehelp -output SONAR_HOME/conf/ojaudit-rulehelp.txt to generate a text file with all the audit rules in your JDeveloper installation. This is needed by the SonarQube plugin to discover all the rules that are available in your JDeveloper installation. Unfortunately, JDeveloper version 11.x does not include the severity for all rules in this file so all will be imported in SonarQube with severity Major. You can change these afterwards if you like.
  2. if you decide to name the file something else or put it in another directory then edit SONAR_HOME/conf/sonar.properties and add a line
    sonar.ojaudit.rulehelp=conf/ojaudit-rulehelp.txt to point to the location of the created text file. This path is relative to SONAR_HOME or can be an absolute path
    (version 1.0 only works when rulehelp.txt file is placed in conf directory in sonar home directory)
  3. download the latest version of the plugin from https://java.net/projects/sonarqube-ojaudit/downloads
    you don't need to download the sources to use the plugin, although you are welcome to do so and have a look how the thing really works
  4. put the downloaded JAR into SONAR_HOME/extensions/plugins/
  5. (re)start SonarQube
  6. go to sonar in your webbrowser, login as administrator and go to settings. Then go to the ADF EMG ojaudit settings and set the value for the sonar.ojaudit.jdevhome property. This should be the full path to the jdeveloper home directory. This is the directory that has jdev/bin as the subdirectory, for example /apps/oracle/jdev12120/jdeveloper
  7. while you are in the SonarQube web interface, go to Quality Profiles and verify there is a group for OJAudit Profiles that should have a 'Sonar way' profile with (depending on your JDeveloper installation) over 800 active rules. If 0 rules are active you have started SonarQube once without the SONAR_HOME/conf/ojaudit-rulehelp.txt file in place. Check if the file is there and if so, enable all rules in the 'Sonar way' profile. You can do this by editing the profile and search for all inactive rules from the ojaudit repository. Then simply use the bulk change at the right hand top to enable them all.

Usage

Be sure to read the installation instructions, especially the part on getting the rulehelp.txt file from ojaudit and registering it with SonarQube

When you analyse a project using SonarQube you can either use ant, maven or the command-line sonar-runner. Since the latter is the preferred approach by SonarQube we'll be using that as an example although the same settings apply to the other methods.

For sonar-runner to do its work it needs a sonar-project.properties file in the root of the project you are going to analyse. When using the ojaudit plugin the example below is the simplest setup:

# basic information about the sonar project
sonar.projectKey=ExampleProject
sonar.projectName=Description of your project.
sonar.projectVersion=0.99

# set language to use ojaudit plugin
sonar.language=ojaudit
# sources of the project assuming this properties file is 
# in same directory as .jws file
sonar.sources=.

# jdeveloper workspace file to analyze.
# Relative path from the directory of this property file
sonar.ojaudit.jws=ojauditSonar.jws

Once this is done you can simply run SONAR_HOME/bin/sonar-runner from your project directory and it should analyse your project with ojaudit and feed all violations to SonarQube.

Most projects that you want to analyse with ojaudit probably also have java code in them. You could create two sonar-project.properties files and use one to analyse your project with java plugins and one for ojaudit, but there is a clever way to do both in one run by using modules. You can specify multiple modules in a single sonar-project.properties file and then override sonar properties per module. This allows you to setup one module for java analysis and another for ojaudit analysis:

# basic information about the sonar project
sonar.projectKey=ExampleProject
sonar.projectName=Description of your project.
sonar.projectVersion=0.99

# use two modules
sonar.modules=java-module,ojaudit-module

# configuration for java-module
java-module.sonar.language=java
# although property is named projectName, this is actually the module name
java-module.sonar.projectName=Java Module
# by default modules are in a subdirectory with there name and we don't need that
java-module.sonar.projectBaseDir=.
java-module.sonar.sources=src/main/java,src/test/java

# configuration for ojaudit-module
# set language to use ojaudit plugin
ojaudit-module.sonar.language=ojaudit
ojaudit-module.sonar.projectName=OJAudit Module
ojaudit-module.sonar.projectBaseDir=.
# sources of the project assuming this properties file is in same directory as .jws file
ojaudit-module.sonar.sources=.
# jdeveloper workspace file to analyze. Relative path from the directory of this property file
ojaudit-module.sonar.ojaudit.jws=ojauditSonar.jws

If you now run sonar-runner it should analyse your project in one go with both the SonarQube java analysis as well as the ojaudit analysis from our plugin.

Configuration Options

Below are the properties you can set.

property set at default meaning
sonar.ojaudit.target project only no default Relative path to .jws or .jpr file from sonar project home
sonar.ojaudit.jdevhome global and/or project no default absolute path to JDeveloper home directory (that has jdev/bin as subdirectory)
sonar.ojaudit.profile global and/or project All Rules name of the JDeveloper audit profile to execute. Run jdev/bin/ojaudit -profilehelp to list available profiles. Can also be a path to an exported profile XML file. This path has to be absolute or relative to the sonar project home
sonar.ojaudit.executable global and/or project ojaudit.exe on windows, otherwise ojaudit ojaudit executable within JDEV_HOME/jdev/bin directory. Is needed to force usage of the 64-bit version of ojdeploy
sonar.ojaudit.timeoutsecs global and/or project 60 maximum number of seconds to wait for ojaudit to complete
sonar.ojaudit.rulehelp global only SONAR_HOME/conf/ojaudit-rulehelp.txt Path to the output of ojaudit -rulehelp. Can be relative to SONAR_HOME or an absolute path.

Examples

To Do...

Developing the plugin

If you want to build the plugin yourself from source code or even contribute to the project, please see the separate page on Developing

 
 
Close
loading
Please Confirm
Close