Hello,
I'm glad to announce that the a Apigee Plugin for SonarQube has been released.
For those who are not aware, SonarQube is an open source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
This plugin works with existing SonarQube installations. It allows SonarQube to examine Apigee Edge proxy definitions, by examining the XML files. It is based on SonarQube's built-in sonar-xml-plugin on which custom rules have been implemented.
The goal is to detect common bad practices, just like the bundle-linter available here do. Moreover, in constructing this plugin, I have taken inspiration from the rules catalog of this previously existing linter.
Note: SonarQube is unrelated to the Apigee project code-named "Sonar".
Some screenshots of the results in action :
Project overview in Sonar :
Project issues in Sonar :
Installation instructions :
For SonarQube from 5.6 up to 5.6.6 :
- Check that the sonarXML Plugin is already installed (minimum release 1.4.3.1027)
- Put the file sonar-apigee-plugin-X.X.X.jar in the directory $SONARQUBE_HOME/extensions/plugins. (the jar is available in the release section)
For SonarQube from 5.6.7 and later (including 6.7.*, 7.0 and later)
- Check that the sonarXML Plugin is already installed (minimum release 1.4.3.1027)
- Use the Marketplace Update Center to install the Apigee plugin :
Finally :
- Restart the SonarQube server
- Activate all rules in the sonar way profile or make the "Sonar way Apigee" quality profile as default.
- Add .wsdl as suffix to be analyzed in the XMLPlugin administration.
Some links :
- Project site, documentation & issue tracking : https://github.com/CreditMutuelArkea/sonar-apigee-plugin
- Direct link to binary : https://github.com/CreditMutuelArkea/sonar-apigee-plugin/releases/latest
Please feel free to give any feedback, or to vote for this article.
Regards,
Nicolas.
This is awesome @Nicolas TISSERAND
Thanks for building this. Would it be possible to re-use the output of the bundle-linter and push that to SONAR ? In that case, we don't have to rewrite in both places. Just a thought
Unfortunately it's not possible to directly re-use the bundle-linter. SonarQube is developped in Java, so the plugins must be in Java and packaged with Maven. (https://docs.sonarqube.org/display/DEV/Developing+a+Plugin).
But, I use the bundle-linter as source of inspiration. There are some nice tips (like reverse loops for example).
For the moment, I manage these rules from bundle-linter : PD003, TD002, FL001, ST001, PO001, PO002, PO007, PO008, PO019, PO020, FR001 and some own rules created from previous experiences or based on this page.
The first tests are in progress in my company. Then I'll see later to share it with the community. (And I'll update this article with links and doc)
Thanks @Nicolas TISSERAND for building this. Just an FYI on side note, working on similar use case but installed SONARJS jenkins plugin and configured that in pipeline post apigeelinter
Any suggestion on this approach?
Hello @potturiprasanth . I think that it can work. But in order to execute apigeelinter, nodejs must be installed on the jenkins server which is not always the case (just like me). And the results of apigeelinter stay in Jenkins, isn't it ?
Thank you for working on SonarQube plugin for Apigee.
I am unable to restart the server after I put the file sonar-apigee-plugin-X.X.X.jar in the directory $SONARQUBE_HOME/extensions/plugins
Hello @Jinesh Thakkar. Thank you for trying my plugin but you are a bit too earlier. The plugin is still under development and it is not properly released. This is the reason why I didn't made an announcement here yet.
The plugin still contains some bugs, just like this one and I'm working on this with the help of the SonarQube community.
Stay tuned, I'll provide some news as soon as possible.
Hi @Jinesh Thakkar, the version 1.1.0 hes been released. Please follow the installation instructions above and let me know if everything is ok now.
Contributors
54 People are following this .
