Note: Apex plugin for SonarQube current functionality.

The plugin has support for the Apex language grammar, the current list of checks is focused mainly on test components. The support for more SFDC components is in progress.

Enforce Sonarqube Plugin

Description

The plug-in enables analysis of Apex source code with SonarQube.

Steps to Analyze a Apex Project

1. Install SonarQube Server

   • Download and unzip the SonarQube distribution (let's say in "C:\sonarqube" for windows or "/etc/sonarqube/" for linux)

2. Install SonarQube scanner and configure sonar-runner as an enviroment variable

   • For linux use, go to /etc/profile file, and add at the end of the file this code

           export SONAR_RUNNER_HOME=.../sonar-scanner-2.5.1
           export PATH=$PATH:$SONAR_RUNNER_HOME/bin.
     

   • For windows use, follow these steps using sonar scanner path and its bin folder as well

3. Install Apex Plug-in; To do this, download the plugin file (apex-plugin.jar) from here, then copy and paste into "../sonarqube/extensions/plugins" folder.

• Start the SonarQube server:

   ![starting SonarQube server](https://github.com/fundacionjala/enforce-sonarqube-plugin/blob/gh-pages/img/starting-sonarQube.png)
  

Note: These steps must be performed only once after plugin is installed in sonnarqube.

         3.1 Log in as administrator

         3.2 Go to Rules tab

         3.3 Select Apex in languages in the left panel.

         3.4 Then click on Bulk Change option

         3.5 Click on activate in option

         3.6 Enter Apex and click on apply

###Scanning projects.

1. Create a sonar-project.properties file at the root of your project

       sonar.projectKey=my:project
       sonar.projectName=My project
       sonar.projectVersion=1.0
       sonar.language=apex
       sonar.sources=.
   

   sonar.projectKey: must be unique in a given SonarQube instance

   sonar.projectName: this is the name displayed in the SonarQube UI

   sonar.language: specifies the language for analysis

   sonar.sources: this "dot" indicates to sonnar scanner to scan all files from the current level of directories, this is, all files that have an extension ".cls". This extension is defined by plugin scanner.

2. Run sonar-runner command from the project root dir.

3. Follow the provided link at the end of the analysis output to browse your project's quality in SonarQube

---

Enforce plug-in for developers.

Prerequisites

To build a SonarQube plug-in, you need Java 8 (or greater) and Maven 3.1 (or greater).

Structure

Enforce plug-in divides its structure in the following modules:

enforce-sonarqube-plugin
  | - apex-checks
  | - apex-squid
  | - sonar-apex-plugin
  /

apex-checks: Represents all sonarqube rules for analyze Apex language.

apex-squid: Represents to static source analyzer, which provides an AST.

sonar-apex-plugin: Represents to implementation of sonarqube plugin for Apex language.