堆栈内存溢出
  简体   繁体   English

SonarQube分支机构或项目之间的泄漏期

[英]SonarQube Leak Period between Branches or Projects

 原文  2017-11-23 15:09:47       java/ maven/ sonarqube

问题描述

I am currently introducing SonarQube into a large legacy project. 我目前正在将SonarQube引入大型遗留项目。 This means that there are already hundreds of warnings, in the first step I would like to ensure that there are no new warnings coming from our feature branches. 这意味着已经有数百个警告,在第一步中我想确保没有来自我们的功能分支的新警告

To achieve this, I want to have the Sonar analysis run on every feature branch, compare it to the main branch and alert the committer in case new warnings have been introduced. 为实现这一目标,我希望在每个功能分支上运行声纳分析,将其与主分支进行比较,并在引入新警告时提醒提交者。

Assume the following situation: 假设以下情况:

MyProject 1.0-SNAPSHOT is the name and version of the project on SonarQube. MyProject 1.0-SNAPSHOT是SonarQube上项目的名称和版本。 It has 100 warnings. 它有100个警告。 It represents the develop branch. 它代表了develop分支。 The leak period is the analysis from 1 day ago. leak period是从1天前开始的分析。 This works very well, I can see which new warnings have been introduced since yesterday. 这很有效,我可以看到自昨天以来引入了哪些新的警告

Developers are working on feature/somefeature branches. 开发人员正在开发feature/somefeature分支。 When they open a pull request, I want a Sonar analysis to run on that branch. 当他们打开拉取请求时,我希望在该分支上运行声纳分析。 This works fine, but I can't set the leak version to MyProject 1.0-SNAPSHOT from yesterday, because this branch is seen as a completely separate project by SonarQube, even though I set the sonar.projectKey to the same name and I have also tried playing around with the sonar.branch property. 这工作正常,但我无法从昨天将leak version设置为MyProject 1.0-SNAPSHOT ,因为这个分支被SonarQube看作是一个完全独立的项目 ,即使我将sonar.projectKey设置为相同的名称而且我也有尝试过使用sonar.branch属性。

The desired outcome is: 期望的结果是:

  1. develop -> 100 warnings 发展 - > 100警告

  2. feature/somefeature -> 102 warnings feature / somefeature - > 102警告

  3. On the SonarQube dashboard of feature/somefature display "2 new warnings". feature/somefature的SonarQube仪表板上显示“2个新警告”。

Can it be done with sonar itself, or do I need to write my own program using the Sonar REST API? 可以用声纳本身完成,还是需要使用Sonar REST API编写自己的程序?

1 个解决方案

解决方案1
 6 已采纳  2017-11-28 15:02:54

You should use Branch Plugin in order to analyse branches for only new issues. 您应该使用Branch Plugin来分析仅针对新问题的分支。 This plugin has a corresponding Quality Gate: 这个插件有一个相应的质量门:

For short-lived branches, there is a kind of hard-coded quality gate focusing only on new issues. 对于短期分支机构,有一种硬编码的质量门,仅关注新问题。

It will create Issues only if there are new bugs or vulnerabilities. 只有在存在新的漏洞或漏洞时才会创建问题。

As per the plugin documentation all your feature branches should be identified as short-lived branches . 根据插件文档,所有功能分支都应标识为短期分支

NOTE: Branch Plugin is licensed under SonarSource and is available in nonfree Developer Edition 注意: Branch Plugin在SonarSource下获得许可,并且在非自由 开发人员版中可用

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 sonarQube 中的“泄漏期”是什么意思? - What does the “leak period” mean in sonarQube? 使用脚本删除旧的SonarQube项目 - Delete old SonarQube projects with script Sonarqube多个项目的历史记录表 - Sonarqube history table on multiple projects 如何确定SonarQube中列出的分支 - How to determine what the branches are that are listed in SonarQube SonarQube - 考虑多个项目显示代码覆盖率 - SonarQube - Show code coverage considering multiple projects SonarQube:如何分析共享多个模块的项目? - SonarQube: How to analyze projects that share multiple modules? 日历之间的Java期间 - Java Period Between Calendar POJO之间SonarQube中的重复块 - Duplicated blocks in SonarQube between POJOs 声纳方式配置文件和sonarqube java规则存储库之间的Sonarqube区别 - Sonarqube difference between sonar way profile and sonarqube java rules repository 配置项目后,SonarQube在仪表板中未显示任何问题 - SonarQube is not showing any issues in the Dashboard after configuring projects
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM