This is awesome @Nicolas TISSERAND

Thanks for building this. Would it be possible to re-use the output of the bundle-linter and push that to SONAR ? In that case, we don't have to rewrite in both places. Just a thought

Unfortunately it's not possible to directly re-use the bundle-linter. SonarQube is developped in Java, so the plugins must be in Java and packaged with Maven. (https://docs.sonarqube.org/display/DEV/Developing+a+Plugin).

But, I use the bundle-linter as source of inspiration. There are some nice tips (like reverse loops for example).

For the moment, I manage these rules from bundle-linter : PD003, TD002, FL001, ST001, PO001, PO002, PO007, PO008, PO019, PO020, FR001 and some own rules created from previous experiences or based on this page.

The first tests are in progress in my company. Then I'll see later to share it with the community. (And I'll update this article with links and doc)

Thank you for working on SonarQube plugin for Apigee.

I am unable to restart the server after I put the file sonar-apigee-plugin-X.X.X.jar in the directory $SONARQUBE_HOME/extensions/plugins

Thanks @Nicolas TISSERAND for building this. Just an FYI on side note, working on similar use case but installed SONARJS jenkins plugin and configured that in pipeline post apigeelinter

Any suggestion on this approach?

Hello @Jinesh Thakkar. Thank you for trying my plugin but you are a bit too earlier. The plugin is still under development and it is not properly released. This is the reason why I didn't made an announcement here yet.

The plugin still contains some bugs, just like this one and I'm working on this with the help of the SonarQube community.

Stay tuned, I'll provide some news as soon as possible.

Hello @potturiprasanth . I think that it can work. But in order to execute apigeelinter, nodejs must be installed on the jenkins server which is not always the case (just like me). And the results of apigeelinter stay in Jenkins, isn't it ?

Yes we have node and jenkins on same server, also regarding second point#result of apigeelint, as we are executing apigeelint from pipeline i think the result would be print on jenkins console.log..but I am yet to try that ..

Thanks,

@potturiprasanth : Yes, the results of apigeelint will be printed in the Jenkins console log. But, your history will depend on the number of builds kept by Jenkins whereas Sonar will store everything from the beginning.

Hi @Jinesh Thakkar, the version 1.1.0 hes been released. Please follow the installation instructions above and let me know if everything is ok now.

Thank you for making available this plugin.

Does this plugin also cover the javascript code.

No, the Javascript code is natively covered by the SonarJS plugin :

https://docs.sonarqube.org/display/PLUG/SonarJS

I'm currently working on the version 2.0.0 of my plugin to be compatible with the latest version of SonarQube. Please wait few days before it'll be released. (Version 1.3.0 is not compatible at all).

Hi @Nicolas TISSERAND - is this a google tool or your its your personal tool. Or does Google support it.

Hi @amit nerkar - It's my own tool, open sourced, initially developed for my needs in my company.
There is no support at all from Google, neither from SonarSource.

Hi Nicolas,

I am trying to add custom rules in this plugin for my org.

I want to develop something similar to below rule in this plugin :-

var plugin ={
    ruleId:"MyRule-002",
    name:"Check if the Spike Arrest policy is being used in the PreFlow section",
    message:"Spike Arrest policy should be included in the PreFlow section.",
    fatal:false,
    severity:2,//error
    nodeType:"ProxyEndpoint",
    enabled:true},
  debug =require("debug")("bundlelinter:"+ plugin.name);var onProxyEndpoint =function(ep, cb){var hadError =false,
    spikeArrestFound =false;if(ep.getPreFlow()){var steps = ep.getPreFlow().getFlowRequest().getSteps();
    steps.forEach(function(step){if(step.getName()&& ep.getParent().getPolicies()){var p = ep.getParent().getPolicyByName(step.getName());if(p.getType()==="SpikeArrest"){
          spikeArrestFound =true;}}});}if(!spikeArrestFound){
    ep.addMessage({
      plugin,
      message: plugin.message
    });
    hadError =true;}if(typeof(cb)=='function'){
    cb(null, hadError);}};module.exports ={
  plugin,
  onProxyEndpoint
};

@nicolastisseran  Is it possible to modify existing rules? if not then is there any way where we can disable some of rules?

Hi @suchita99696 

There is not way to modify existing rules because they are hard-coded in the plugin. Only parameterized rules can be tuned (such as the "Description pattern" rule for Apiproxy description).

If you want to disable some rules, you can achieve this in creating a custom SonarWay Profile and choose only desired rules.

@nicolastisseran  this is awesome work here. 

Can i add a new rules to a existing list of rules ?

Hello @saigurunath01 

The main purpose of this sonar plugin is to match with the implementation of apigeelint rules. (But I know that the latest rules are not yet implemented.)

What do you mean exactly with "adding new rules" ?

If you're expecting to add new rule with some DSL configuration (just like the sonarXML analyzer), then it's not possible. The checks often relies on several xml files, this is the reason why the rules are hardcoded in the SonarApigee plugin.

If you need some other rules that can be useful for all other Apigee users, then feel free to propose a PR in the project as well as in the original apigeelint project

Regards.