Scan Report Files
The cxx plugin supports the reading of a variety of report files from C++ tools. The reports generated by the tool can be read in without conversion.
For code analysis tools, the rules are already preconfigured and central administration via a Quality Profile is possible.
The reading in of source files (indexing) is a prerequisite for the subsequent reading in and visualisation of reports of external tools.
(1) Create report files
The first thing to do is to create a report using the external tools. Typically, this is part of the build automation.
Hints:
- It is important to understand that the cxx plugin itself does not execute any external tools, it only imports their report files via the SonarScanner.
- When executing the tool, it must be ensured that the paths in the report match the later project base directory. Usually the easiest way to do this is to start the tool on the same computer in the project base directory.
- Do not put the report files in the same directory as your source code. When scanning later, this can lead to reports themselves also being verified as source files (e.g. XML files).
Sample:
cppcheck --xml-version=2 . 2> report.xml(2) Scan your project
After the reports are created, the project can be scanned as usual. In addition, the sensor to be used for reading the report must be added to the configuration. The sensor-specific settings are documented in the section for the respective sensor.
Hint: The cxx plugin has a built-in XLS transformation. This is especially handy when XML data needs to be converted before being read in with the cxx plugin. See sonar.cxx.xslt for more information.
Sample:
# must be unique in a given SonarQube instance
sonar.projectKey=my:project
# mandatory: files to be handled by the cxx plugin
sonar.cxx.file.suffixes=.h,.cpp
# cppcheck sensor configuration
sonar.cxx.cppcheck.reportPaths=report.xml
The cxx plugin itself is able to read in C and C++ code. Code read in this way is displayed in SonarQube as the CXX programming language (language key=cxx). In addition, the CXX report sensors also support SonarCFamily for C/C++ and C++ (CppDepend).
The plugins can be run in parallel on a SonarQube Server (see hints below).
| Language | SonarQube UI | language key | plugin |
|---|---|---|---|
| C / C++ | CXX | cxx | cxx plugin |
| C++ | C++ | cpp | SonarCFamily for C/C++ |
| C++ | C++ (CppDepend) | c++ | CppDepend C\C++ Plugin |
| C | C | c | SonarCFamily for C/C++ |
Hints:
- You have to decide which plugin you want to use for indexing the source code. In SonarQube, each file extension must be uniquely assigned to one programming language. When operating several C/C++ plugins in parallel, this must be taken into account during configuration (sonar.cxx.file.suffixes).
- Only one programming language sensor can read in a source file!
- Language keys must be unique within SonarQube, therefore each programming language sensor must define its own key, even if it is the same programming language.
The list contains the tools supported by the cxx plugin, sorted by their field of application. The link will take you to the detailed description.
Code Analysis
- sonar.cxx.clangsa.reportPaths
- sonar.cxx.clangtidy.reportPaths
- sonar.cxx.cppcheck.reportPaths
- sonar.cxx.drmemory.reportPaths
- sonar.cxx.gcc.reportPaths
- sonar.cxx.infer.reportPaths
- sonar.cxx.pclint.reportPaths
- sonar.cxx.rats.reportPaths
- sonar.cxx.valgrind.reportPaths
- sonar.cxx.vc.reportPaths
- sonar.cxx.vera.reportPaths
Coverage
- sonar.cxx.bullseye.reportPaths
- sonar.cxx.cobertura.reportPaths
- sonar.cxx.ctctxt.reportPaths
- sonar.cxx.vscoveragexml.reportPaths
Unit Test
expandable
- If no results are displayed after a successful scan, check Manage Quality Profiles first.
- If scanning is failing, check items listed under Troubleshooting Configuration.
- If no issues are displayed for your source code in SonarQube, check the items listed under Troubleshooting Reports.
- In the case of incomplete scans, Detect and fix parsing errors gives advice on how to fix this.
The listing below shows an example of the contents of a scanner .LOG file and describes the specific steps. In order to get all required information, the debug information should be switched on during scanning.
In the first section you get information about the used scanner and the properties used by the scanner. Here you can also find the Java version and the version of the SonarQube Server.
01 INFO: SonarScanner 4.5.0.2216
02 INFO: Java 11.0.2 Oracle Corporation (64-bit)
03 INFO: Scanner configuration file: /tmp/sonar-scanner-4.5.0.2216/conf/sonar-scanner.properties
04 INFO: Project root configuration file: /home/projects/cppcheck_sample/sonar-project.properties
05 INFO: Analyzing on SonarQube server 8.7.0
Under Plugins all available plugins are listed including their version number. Here you should also find the cxx plugin (C++ (Community) plugin).
07 DEBUG: Plugins:
08 DEBUG: * C++ (Community) 2.0.0.1234 (cxx)
The Project key defines the key to be used for the project on the SonarQube Server. Especially important is base dir: all relative paths are resolved relative to this directory.
10 INFO: Project key: cppcheck_sample
11 INFO: Base dir: /home/projects/cppcheck_sample
12 INFO: Working dir: /home/projects/cppcheck_sample/.scannerwork
13 DEBUG: Project global encoding: UTF-8, default locale: en_US
The programming languages available on the SonarQube Server are listed under Available languages. The entries under Declared extensions list the file extensions assigned to a programming language. Each file extension must be uniquely assigned to one programming language.
15 DEBUG: Available languages:
16 DEBUG: * CXX => "cxx"
17 DEBUG: Declared extensions of language CXX were converted to sonar.lang.patterns.cxx : **/*.cxx,**/*.cpp,**/*.cc,**/*.c,**/*.hxx,**/*.hpp,**/*.hh,**/*.h
The first step in the analysis of a project is always the Indexing files. Here the files are assigned to a programming language on the basis of the file extensions. Files that are not listed here are not displayed in the SonarQube UI. A description of how the files are filtered can be found at Narrowing the Focus. The cxx plugin sensors work with the language keys cxx, cpp and c.
19 INFO: Indexing files...
20 INFO: Project configuration:
21 DEBUG: 'src/component1.hh' indexed with language 'cxx'
22 DEBUG: 'src/component1.cc' indexed with language 'cxx'
23 DEBUG: 'src/main.cc' indexed with language 'cxx'
24 INFO: 3 files indexed
Under Quality profile for cxx the active Quality Profile for the project is displayed. Make sure that the rules you want to display are also activated in this Quality Profile.
26 INFO: Quality profile for cxx: MyProfile
The step Run sensors on project first checks which sensors should be run. Sensors that are not configured are ignored. Finally a list of sensors follows which are called one after the other during the following steps. If a sensor you want to use is listed under 'skipped', check the configuration settings again.
28 INFO: ------------- Run sensors on project
29 DEBUG: 'CXX Bullseye coverage report import' skipped because one of the required properties is missing
30 DEBUG: Sensors : CXX -> CXX Cppcheck report import -> Zero Coverage Sensor
Each call to a sensor always starts with Sensor Name and always ends with Sensor Name (done). The report sensors always show first the Ant pattern used and where to search for report files. Under Found files the number of found reports is displayed. Then the reports are displayed individually with Processing report and the number of saved issues. If an error occurs, it always applies to the previously listed report. Note that report senors can only assign information to previously indexed files. Relative paths are always resolved relative to project base dir.
32 INFO: Sensor CXX Cppcheck report import [cxx]
33 DEBUG: Searching 'sonar.cxx.cppcheck.reportPaths' files with Ant pattern '[cppcheck.xml]'
34 DEBUG: Search files(s) in path(s): '/home/projects/cppcheck_sample/cppcheck.xml'
35 DEBUG: Found '1' file(s)
36 INFO: Processing report '/home/projects/cppcheck_sample/cppcheck.xml'
37 INFO: Processing successful, saved new issues=10
38 INFO: Sensor CXX Cppcheck report import [cxx] (done) | time=104ms
If the analysis and reading of the reports was successful, there is an EXECUTION SUCCESS at the end .of the .LOG file. More information about scanning source files can be found under Scan Source Code.
40 INFO Analysis total time: 11.435 s
41 INFO: ------------------------------------------------------------------------
42 INFO: EXECUTION SUCCESS
43 INFO: ------------------------------------------------------------------------
44 INFO: Total time: 13.426s
45 INFO: Final Memory: 7M/27M
46 INFO: ------------------------------------------------------------------------