SonarClojure

A SonarQube plugin to analyze Clojure source.

Build Status Quality Gate Coverage

Current State

Features:

Installation

In order to install SonarClojure:

  1. Download the latest jar of the plugin.
  2. Place the jar in the SonarQube server plugins directory, usually located under: /opt/sonarqube/extensions/plugins/
  3. Restart the SonarQube server.

Usage

  1. Change your project.clj file and add the required plugins:

    :plugins [[jonase/eastwood "0.3.6"]
              [lein-kibit "0.1.8"]
              [lein-ancient "0.6.15"]
              [lein-cloverage "1.1.2"]
              [lein-nvd "1.4.0"]]

Note 1: Please make sure the plugins above are setup correctly for your project. A good way to test this is to execute each one of them individually on your project. Once they are running fine, SonarClojure should be able to parse their reports.

Note 2: The lein plugin versions above are the ones we currently support. If you would like to test with a different version, keep in mind that it might cause errors on SonarClojure analysis.

  1. Create a sonar-project.properties file in the root folder of your app:

    sonar.projectKey=your-project-key
    sonar.projectName=YourProjectName
    sonar.projectVersion=1.0
    sonar.sources=.
  2. Run sonar-scanner on your project.

Configuring Sensors

Disabling

Sensors can be disabled by setting sonar.clojure.<sensorname>.disabled=true in the sonar-project.properties or by using the command line argument -Dsonar.clojure.<sensorname>.disabled when running sonar-scanner. Sensor names are eastwood, kibit, ancient, nvd and cloverage.

Report file location

Some sensors use report files to parse the results. Both cloverage and lein-nvd use this report files. By default they have a path already set but you can change the file locations by setting the property in the sonar-project.properties:

sonar.clojure.cloverage.reportPath=target/coverage/codecov.json

sonar.clojure.nvd.reportPath=target/nvd/dependency-check-report.json

Setting a timeout

By default, sensors have a timeout value of 300 seconds. This value applies per sensor while they are executing. You can change the default value by setting the property sonar.clojure.sensors.timeout in the sonar-project.properties file.

Debugging

Building from Source

./mvnw clean package

Maven will generate a SNAPSHOT under the folder target.

Compatibility

At the moment, SonarClojure supports SonarQube version 7.9.3+.

License

SonarClojure is open-sourced software licensed under the MIT license.