Table of Contents

SonarQube

SonarQube performs C# code analysis on all QActions of a protocol or C# Exe blocks of an Automation script.

Using SonarQube

You can go to SonarQube via Jenkins, either by clicking the SonarQube link in the menu on the left-hand side or by clicking the SonarQube icon in the Build History overview.

Note

The SonarQube icon in the Build History overview is only displayed for pipeline executions that were able to perform the SonarQube analysis pipeline step.


SonarQube links in Jenkins

Clicking this link will take you to the Overview page of the corresponding SonarQube project:


SonarQube project overview page

This displays a general overview of the performed analysis. You can see the number of bugs, code smells, and security vulnerabilities. In addition, you can also find a measure (in percent) of duplicated code and code that is covered by tests. There is also an estimate of technical debt, indicating the expected amount of time it would take to fix the code smells.

The measures are links. Clicking a measure will open the Issues page:


SonarQube issues page

This lists all the detected issues. Clicking one of these will take you to the location where the issue was detected.

In case you want to have more information about the detected code smell or bug, you can click the See Rule link. This will open an additional window with more information about the detected issue.


Rule displayed in SonarQube

In the image above, you will also notice red vertical bars next to the code. These indicate parts of the code that are not covered by tests.

Auto-generated code

SonarQube does not analyze code that it considers auto-generated. SonarQube considers files to be auto-generated in case one of the following is applicable:

  • The filename contains one of the following (case insensitive): ".G.", ".GENERATED.", ".DESIGNER.", "GENERATED.", "TEMPORARYGENERATEDFILE", ".ASSEMBLYATTRIBUTES.VB".

  • The file has a comment containing (case insensitive) "<AUTO-GENERATED", "<AUTOGENERATED", "GENERATED BY".

  • The file contains one of the following attributes: "DebuggerNonUserCode", "DebuggerNonUserCodeAttribute", "GeneratedCode", "GeneratedCodeAttribute", "CompilerGenerated", "CompilerGeneratedAttribute".

It is also possible to use a region containing "generated" (case insensitive) to indicate that a region of code should be considered auto-generated.

Note

If auto-generated code is the only code remaining, SonarQube may not effectively validate it.

For instance, in a connector solution with just the QAction_Helper project, we recommended adding a dummy QAction project. This ensures that SonarQube can accurately validate the dummy project and not the auto-generated code in QAction_Helper.

Excluding a project, files, or folders from analysis

To exclude a complete project from analysis, add the following to the .xxproj file:

<!-- in .csproj -->
<PropertyGroup>
   <!-- Exclude the project from analysis -->
   <SonarQubeExclude>true</SonarQubeExclude>
</PropertyGroup>

To exclude files/folders from analysis, you can include the following. In this example, all the files of the "Xml" and "Example" folder are excluded from analysis.

<!-- in .csproj -->
<ItemGroup>
   <SonarQubeSetting Include="sonar.exclusions">
      <Value>Xml/**,Example/**</Value>
   </SonarQubeSetting>
</ItemGroup>
Propose changes