{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
3

Apigee SonarQube Plugin  

  • Export to PDF
Nicolas TISSERAND created · Nov 18, 2017 at 02:39 PM · 4.2k Views · edited · Apr 09, 2020 at 09:39 PM

Hello,

I'm glad to announce that the a Apigee Plugin for SonarQube has been released.

For those who are not aware, SonarQube is an open source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

This plugin works with existing SonarQube installations. It allows SonarQube to examine Apigee Edge proxy definitions, by examining the XML files. It is based on SonarQube's built-in sonar-xml-plugin on which custom rules have been implemented.

The goal is to detect common bad practices, just like the bundle-linter available here do. Moreover, in constructing this plugin, I have taken inspiration from the rules catalog of this previously existing linter.

The latest release 2.1.0 of this plugin comes with the support of sonarXML 2.0.1+ and has been tested with all current public releases of SonarQube (from 6.7 to 8.2).

Note: SonarQube is unrelated to the Apigee project code-named "Sonar".


Some screenshots of the results in action :

Project overview in Sonar :

Project issues in Sonar :


Installation instructions :

With SonarQube Marketplace :

  • Use the Marketplace Update Center to search the Apigee plugin :
  • Click on the install button
  • (The SonarXML Plugin will be installed in the same time if it's not already installed)

    If the Marketplace is unreachable from your Sonar server :

    • Put the file sonar-apigee-plugin-X.X.X.jar in the directory $SONARQUBE_HOME/extensions/plugins. (the jar is available in the release section)
    • Mandatory :
      • Check that the SonarXML Plugin is already installed (minimum release 2.0.1.2020)
      • If not, download it here (minimum release 2.0.1.*) and put the jar also in the directory $SONARQUBE_HOME/extensions/plugins

Finally :

  • Restart the SonarQube server
  • Set the "Sonar way Apigee" quality profile as default. You can also create a new profile and add it the rules coming from ApigeeXML and CommonXML repositories.
  • Add .wsdl as suffix to be analyzed in the XMLPlugin administration.
  • Configure your Quality Gates as needed

Some links :

  • Project site, documentation & issue tracking : https://github.com/CreditMutuelArkea/sonar-apigee-plugin
  • Direct link to binary : https://github.com/CreditMutuelArkea/sonar-apigee-plugin/releases/latest


Please feel free to give any feedback, or to vote for this article.


Regards,

Nicolas.

project-overview.png (31.7 kB)
project-issues.png (116.1 kB)
marketplace.png (19.7 kB)
thub.nodes.view.add-new-comment
apigeedeploymentbest practicesdesignpluginsSDKstools
Add comment Show 14
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Sai Saran Vaidyanathan ♦   · Nov 18, 2017 at 06:48 PM 0
Link

This is awesome @Nicolas TISSERAND

Thanks for building this. Would it be possible to re-use the output of the bundle-linter and push that to SONAR ? In that case, we don't have to rewrite in both places. Just a thought

avatar image Nicolas TISSERAND Sai Saran Vaidyanathan ♦ · Nov 22, 2017 at 10:39 AM 0
Link

Unfortunately it's not possible to directly re-use the bundle-linter. SonarQube is developped in Java, so the plugins must be in Java and packaged with Maven. (https://docs.sonarqube.org/display/DEV/Developing+a+Plugin).

But, I use the bundle-linter as source of inspiration. There are some nice tips (like reverse loops for example).

For the moment, I manage these rules from bundle-linter : PD003, TD002, FL001, ST001, PO001, PO002, PO007, PO008, PO019, PO020, FR001 and some own rules created from previous experiences or based on this page.

The first tests are in progress in my company. Then I'll see later to share it with the community. (And I'll update this article with links and doc)


avatar image potturiprasanth Sai Saran Vaidyanathan ♦ · Jan 06, 2018 at 12:31 AM 0
Link

Thanks @Nicolas TISSERAND for building this. Just an FYI on side note, working on similar use case but installed SONARJS jenkins plugin and configured that in pipeline post apigeelinter

Any suggestion on this approach?

avatar image Nicolas TISSERAND potturiprasanth · Jan 08, 2018 at 10:56 AM 0
Link

Hello @potturiprasanth . I think that it can work. But in order to execute apigeelinter, nodejs must be installed on the jenkins server which is not always the case (just like me). And the results of apigeelinter stay in Jenkins, isn't it ?

Show more comments
avatar image Jinesh Thakkar · Jan 03, 2018 at 07:42 AM 0
Link

Thank you for working on SonarQube plugin for Apigee.

I am unable to restart the server after I put the file sonar-apigee-plugin-X.X.X.jar in the directory $SONARQUBE_HOME/extensions/plugins

avatar image Nicolas TISSERAND Jinesh Thakkar · Jan 08, 2018 at 10:29 AM 0
Link

Hello @Jinesh Thakkar. Thank you for trying my plugin but you are a bit too earlier. The plugin is still under development and it is not properly released. This is the reason why I didn't made an announcement here yet.

The plugin still contains some bugs, just like this one and I'm working on this with the help of the SonarQube community.

Stay tuned, I'll provide some news as soon as possible.

avatar image Nicolas TISSERAND Jinesh Thakkar · Jan 28, 2018 at 02:14 PM 0
Link

Hi @Jinesh Thakkar, the version 1.1.0 hes been released. Please follow the installation instructions above and let me know if everything is ok now.

avatar image amit nerkar · Apr 01, 2019 at 02:31 PM 0
Link

Thank you for making available this plugin.

Does this plugin also cover the javascript code.

avatar image Nicolas TISSERAND amit nerkar · Apr 01, 2019 at 02:37 PM 0
Link

No, the Javascript code is natively covered by the SonarJS plugin :

https://docs.sonarqube.org/display/PLUG/SonarJS

I'm currently working on the version 2.0.0 of my plugin to be compatible with the latest version of SonarQube. Please wait few days before it'll be released. (Version 1.3.0 is not compatible at all).

avatar image amit nerkar Nicolas TISSERAND · Apr 02, 2019 at 02:24 PM 0
Link

Hi @Nicolas TISSERAND - is this a google tool or your its your personal tool. Or does Google support it.

Show more comments
avatar image Parita Desai · Oct 29, 2020 at 10:58 AM 0
Link

Hi Nicolas,

I am trying to add custom rules in this plugin for my org.

I want to develop something similar to below rule in this plugin :-

var plugin ={
    ruleId:"MyRule-002",
    name:"Check if the Spike Arrest policy is being used in the PreFlow section",
    message:"Spike Arrest policy should be included in the PreFlow section.",
    fatal:false,
    severity:2,//error
    nodeType:"ProxyEndpoint",
    enabled:true},
  debug =require("debug")("bundlelinter:"+ plugin.name);var onProxyEndpoint =function(ep, cb){var hadError =false,
    spikeArrestFound =false;if(ep.getPreFlow()){var steps = ep.getPreFlow().getFlowRequest().getSteps();
    steps.forEach(function(step){if(step.getName()&& ep.getParent().getPolicies()){var p = ep.getParent().getPolicyByName(step.getName());if(p.getType()==="SpikeArrest"){
          spikeArrestFound =true;}}});}if(!spikeArrestFound){
    ep.addMessage({
      plugin,
      message: plugin.message
    });
    hadError =true;}if(typeof(cb)=='function'){
    cb(null, hadError);}};module.exports ={
  plugin,
  onProxyEndpoint
};

Article

Contributors

avatar image avatar image

Follow this article

55 People are following this .

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Navigation

Apigee Tools & Plugins - Apigee Development Made Easy
  • Apigee SonarQube Plugin

Related Articles

Apigee Tools & Plugins - Apigee Development Made Easy

Apigee 4MV4D - API Traffic Management : Quota - Series - Introduction to API Traffic Management - S02E01

Apigee 4MV4D - API Traffic Management : Quota - Series - Quota Policy - S02E02

Apigee Edge - 4MV4D - Quota Policy - Calendar Type - S02E06

Entrust certificate use in Apigee Mutual TLS API call

Apigee Edge - 4MV4D - Quota Policy - Rolling Window Type - S02E07

What does this error mean when I am viewing my apiproxy "The revision is deployed, but traffic cannot flow. Unexpected error occurred while processing the updates"

Auto scaling on Apigee Cloud - How does it work ? Find out here...

Apigee Edge - 4MV4D - Quota Policy - Flexi Type - S02E08

How do I setup maven API deployments to work with a http/https proxy server ?

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Articles
  • Ideas
  • Badges