Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When having two sonarqube schemas on the same Oracle instance, especially if they are in 2 different versions, SonarQubeTM can SonarQubecan get confused and picks the first it finds. In that case, there are two known workarounds:
1. Remove the DBA rights to the sonarqube users in Oracle
2. Use sonar.hibernate.default_schema in sonar.properties to set the schema. In that case, -Dsonar.hibernate.default_schema should be used as well during project analysis.

...

Failed to start on Windows Vista

SonarQube TM seems unable to start when installed under the folder "Program Files" in VISTA. It should therefore not be installed there.

Failed to launch the

...

SonarQubeservice on Windows platform with a LocalSystem account

This error happens when the temporary file path specified for the Local System doesn't exist. Assuming that environment variables have their default settings and that Windows is installed on the ‘C’ drive, the following paths should exist:

...

In most cases, the "Temp" folder is missing and should be created. See SONAR-2660.

Failed to start

...

SonarQubewith Oracle due to bad USERS table structure

When another(s) USERS table exists in the Oracle DB, if the sonarqube user has read access on this other USERS table, the SonarQube TM web server can't start and an exception like the following one is thrown:

...

For some proxies exception "java.net.ProtocolException: Server redirected too many times" might mean incorrect username or password.

Can

...

SonarQuberun in HTTPS mode

No. But you can run SonarQubeTM in SonarQubein a standard HTTPS infrastructure using reverse proxy (in this case the reverse proxy must be configured to set the value 'X_FORWARDED_PROTO: https' in each HTTP request header. Without this property, redirection initiated by the SonarQube TM server will fall back on HTTP).

...

What is the difference between org.codehaus.mojo:sonar-maven-plugin and org.codehaus.sonar:sonar-maven-plugin?

Here is the rational: SonarQubeTM needs SonarQubeneeds a Maven plugin to perform analysis of your project. This plugin is part of SonarQubeTM project SonarQubeproject so the name of this plugin is org.codehaus.sonar:sonar-maven-plugin because codehaus is hosting the project. Each time there is a new version of SonarQubeTM, there is a new version of the Sonar Maven plugin. For a given version of the SonarQube TM server, you MUST run the same version of the Sonar Maven plugin. It means that you would have to run:

Code Block
mvn org.codehaus.sonar:sonar-maven-plugin:2.5:sonar

if you have installed SonarQubeTM 2SonarQube2.5.
As this is very annoying to type, you could add the groupId in your settings.xml. This way you could type:

...

BUT in this case the latest version of the Maven Sonar plugin would be taken. As soon as SonarQubeTM 2SonarQube2.6 would be released, Maven would automatically use the plugin in version 2.6. If you don't plan to upgrade your SonarQube TM server, it will fail. The answer to this problem is already well-known: define all versions of your plugins in the pom. So you would add:

...

in all pom (or in corporate pom). And you would have to update your projects each time you are updating SonarQubeTM serverSonarQubeserver. Very annoying but that's not all.
What if you have an integration/acceptance/pre-production instance of SonarQube TM in version 2.5, and a production version in version 2.4? You can't analyse the same project with the two instances because you have fixed the version of the sonar Maven plugin to version 2.5 in the pom. You may finally make it works with external properties or any other ugly hack.

...

  • is hosted in org.codehaus.mojo groupId in order to save the settings.xml configuration
  • is supposed to be very stable (ie do not change for each SonarQubeTM server SonarQubeserver release)

When you run

Code Block
mvn sonar:sonar

...

. The bootstrap plugin will query SonarQube TM server to find its version, then fork a new build to run the normal plugin with

...

where XX is the version previously returned by the server. This way you can analyze the same project with different versions of SonarQube TM and still running the same command line (except SonarQube TM hostname of course) and without having to modify the pom.

...

It means that the analyzer encountered an issue while downloading the plugins from the SonarQubeTM server SonarQubeserver to the machine running the project analysis.

...

  • A connection issue with the SonarQubeTM serverSonarQubeserver. Check with your network administrator.
  • A user quota issue. Indeed, by default, all the plugins are downloaded to the local space of the user running the analysis. Some companies set restrictions in terms of local user space, hence the issue. The workaround is to set the 'SONAR_USER_HOME' environment variable on the machine running the analysis to a directory with enough available space to download all the plugins. 

...

Failed to analyse a project as another analysis on the same project seems to be running at the same time (Sonar 3.4 only)

In SonarQubeTM 3SonarQube3.4 (SONAR-3306) a new semaphore mechanism has been introduced to prevent launching several analysis on the same project in parallel. But in some cases when an analysis of a project is unexpectedly interrupted, the lock of the semaphore is sometimes not released and in such case it's up to the System administrator to relaunch the project analysis with the property 'sonar.forceAnalysis=true'. This limitation has been fixed in SonarQube TM 3.5 (SONAR-4053). 

How to remove false positive issues?

...

You can use the mechanism embedded in rules engine (//NOPMD...) or the generic mechanism implemented in SonarQubeTM: put //NOSONAR at the end of the line of the issue. This will suppress the issue.

...

The //NOSONAR tag is useful to deactivate all rules at a given line but is not suitable to deactivate all rules (or only a given rule) for all the lines of a method or a class. This is why support for @SuppressWarnings("all") has been added to SonarQubeTM.

Use the Switch Off Violations plugin

...