The code coverage is an important part of the quality metrics of SonarQube. Unfortunately, SonarQube needs some extra steps to use our code coverage reports from our Azure DevOps pipeline as part of its code analysis. As in the last posts on code coverage, we again use Coverlet and ReportGenerator as part of our Azure …
In the older versions of SonarQube you got a dedicated InstallNTService.bat file to install the Windows Service of SonarQube. This file is no longer shipped with a current SonarQube installation. Instead, we must run SonarService.bat with the install option to run SonarQube as a Windows Service:
|
1 |
.\SonarService.bat install |
To remove the Windows Service, we can use …
The new LTS version 9.9 of SonarQube comes with a lot of changes. One of that changes is that OpenJDK 11 is no longer supported to run the SonarQube Server. Unfortunately, I could not find an OpenJDK 17 on openjdk.org. So, where can we find that specific version without licensing it from Oracle? As it …
One of the projects I have got “A” ratings though all metrics in SonarQube. The only problem: it showed a project size with 0 lines of code. How did this happen? After checking the logs, I noticed a warning indicator on the project page of SonarQube: I clicked on the link and got this notice …
After I updated SonarQube to version 9.7, I got this strange entry in the logs: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Should you run into the same error, append a ;encrypt=false to the connection string to your SQL Server database:
|
1 |
sonar.jdbc.url=jdbc:sqlserver://localhost;databaseName=SonarDB;encrypt=false |
I saw a …
Our latest upgrade of SonarQube took far more time than expected. I did a few upgrades in the last two years, but none was such a challenge. Everything that can go wrong has gone wrong, and without my prior experience, I may have given up. Let me point out the obstacles you may encounter and …
Welcome to the second part on Dependency-Check. Please make sure that you have read part one and got a working suppression file. Otherwise, you will get a lot of vulnerabilities reported in SonarQube. In this post, I use Visual Studio Team Services (VSTS) for my build pipeline. You can use different services to reach the …
The Open Web Application Security Project (OWASP) may be best known for its top 10 list of the most critical web application security risks. However, the project not only talks about problems; they offer a wide range of documentation to fix those problems (like the .NET Security Cheat Sheet) and publish tools like the OWASP …
SonarQube gives us a good and honest overview on the quality of our code. It’s most likely not as good as we hoped for and much work will be needed to get it to an acceptable level. But where do we start? And what can we do when we have many projects? This post is …
If you follow along with the last few posts on SonarQube, you will now have a working installation that continuously monitors the quality of your code. Today we link Visual Studio to SonarQube using SonarLint. This post is part of the SonarQube series. You can find the other parts here: Part 1: SonarQube: Installation Walkthrough …