{"id":20325599,"url":"https://github.com/apiaddicts/sonar-openapi","last_synced_at":"2025-04-11T19:55:44.569Z","repository":{"id":80498314,"uuid":"474063683","full_name":"apiaddicts/sonar-openapi","owner":"apiaddicts","description":"Evaluation engine for OpenAPI/Swagger API definitions in SonarQube","archived":false,"fork":false,"pushed_at":"2024-09-05T15:44:05.000Z","size":407,"stargazers_count":8,"open_issues_count":1,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-25T15:49:59.638Z","etag":null,"topics":["code-quality","openapi","openapi3","openapi31","sonarqube"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apiaddicts.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-25T15:25:42.000Z","updated_at":"2025-02-24T21:43:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"6ce99061-90cc-41e2-852a-d3f5cb4b9648","html_url":"https://github.com/apiaddicts/sonar-openapi","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apiaddicts%2Fsonar-openapi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apiaddicts%2Fsonar-openapi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apiaddicts%2Fsonar-openapi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apiaddicts%2Fsonar-openapi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apiaddicts","download_url":"https://codeload.github.com/apiaddicts/sonar-openapi/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248472966,"owners_count":21109626,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-quality","openapi","openapi3","openapi31","sonarqube"],"created_at":"2024-11-14T19:40:45.445Z","updated_at":"2025-04-11T19:55:44.530Z","avatar_url":"https://github.com/apiaddicts.png","language":"Java","readme":"\n# 🛠️ Sonar OpenApi (plugin) ![Release](https://img.shields.io/badge/release-1.1.1-purple) ![Swagger](https://img.shields.io/badge/-openapi-%23Clojure?style=flat\u0026logo=swagger\u0026logoColor=white) ![Java](https://img.shields.io/badge/java-%23ED8B00.svg?style=flat\u0026logo=openjdk\u0026logoColor=white)  [![License: LGPL v3](https://img.shields.io/badge/license-LGPL_v3-blue.svg)](https://www.gnu.org/licenses/lgpl-3.0) \n\nSonar OpenApi (plugin) is a code analyzer for OpenAPI specifications,  is the spiritual successor of [SonarOpenApi](https://github.com/societe-generale/sonar-openapi), carrying on from the point where it left off with support of Apiaddicts community.\n\n### This repository is intended for :octocat: **community** use, it can be modified and adapted without commercial use. If you need a version, support or help for your **enterprise** or project, please contact us 📧 devrel@apiaddicts.org\n### 💡 If you have an idea for a rule but you are not sure that everyone needs it you can implement a [custom rule](CustomRules.md) available only for you.\n\n[![Twitter](https://img.shields.io/badge/Twitter-%23000000.svg?style=for-the-badge\u0026logo=x\u0026logoColor=white)](https://twitter.com/APIAddicts) \n[![Discord](https://img.shields.io/badge/Discord-%235865F2.svg?style=for-the-badge\u0026logo=discord\u0026logoColor=white)](https://discord.gg/ZdbGqMBYy8)\n[![LinkedIn](https://img.shields.io/badge/linkedin-%230077B5.svg?style=for-the-badge\u0026logo=linkedin\u0026logoColor=white)](https://www.linkedin.com/company/apiaddicts/)\n[![Facebook](https://img.shields.io/badge/Facebook-%231877F2.svg?style=for-the-badge\u0026logo=Facebook\u0026logoColor=white)](https://www.facebook.com/apiaddicts)\n[![YouTube](https://img.shields.io/badge/YouTube-%23FF0000.svg?style=for-the-badge\u0026logo=YouTube\u0026logoColor=white)](https://www.youtube.com/@APIAddictslmaoo)\n\n# 🙌 Join the **Sonar OpenApi (plugin)** Adopters list \n📢 If Sonar OpenApi is part of your organization's toolkit, we kindly encourage you to include your company's name in our Adopters list. 🙏 This not only significantly boosts the project's visibility and reputation but also represents a small yet impactful way to give back to the project.\n\n| Organization  | Description of Use / Referenc |\n|---|---|\n|  [CloudAppi](https://cloudappi.net/)  | Apification and generation of microservices |\n| [Madrid Digital](https://www.comunidad.madrid/servicios/sede-electronica/madrid-digital/)  | Generation of microservices  |\n| [Apiquality](https://apiquality.io/)  | Generation of microservices  |\n\n# 👩🏽‍💻  Contribute to ApiAddicts \n\nWe're an inclusive and open community, welcoming you to join our effort to enhance ApiAddicts, and we're excited to prioritize tasks based on community input, inviting you to review and collaborate through our GitHub issue tracker.\n\nFeel free to drop by and greet us on our GitHub discussion or Discord chat. You can also show your support by giving us some GitHub stars ⭐️, or by following us on Twitter, LinkedIn, and subscribing to our YouTube channel! 🚀\n\n[![\"Buy Me A Coffee\"](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/apiaddicts)\n\n\n## ⚙️ Features\n\n* Full compatibility with OpenAPI v2.0, v3.0.0, v3.0.1, v3.0.2, v3.0.3 and v3.1.0\n\n![SonarOpenApi in action](sonarqube.jpg)\n\n\u003ca name=\"install\"\u003e\u003c/a\u003e\n## Installing\n\nTo install the plugin, you need to compile it, then install it in your SonarQube server.\n\n1. Make sure you have at least JDK1.8 installed, as well as Maven 3.0.5 or later. They must be present in your PATH.\n2. In the master directory of the project, type `mvn install`. This will compile the project and generate the artifacts.\n3. Copy the file `sonar-openapi-plugin/target/sonar-openapi-plugin-\u003cversion\u003e.jar` into directory `extensions/plugins/`of\n   your SonarQube installation (you can install a local copy [from here](https://www.sonarqube.org/downloads/) for testing).\n4. Restart your SonarQube server.\n\n## Analyzing your projects\n\nTo analyze your projects, you must first [install](#install) the plugin.\n\n### Configuring sonar-scanner\n\nOnce installed, configure the analysis properties by creating the `sonar-project.properties` at the root of your project.\n[Sonar-scanner](https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) will look for this file when \nlaunching the analysis. Alternatively, you can define these properties as environment variables or using the Sonar Maven plugin.\n\nAn example configuration file is provided below for reference:\n\n```properties\n# must be unique in a given SonarQube instance\nsonar.projectKey=test:openapi\n# this is the name and version displayed in the SonarQube UI. Was mandatory prior to SonarQube 6.1.\nsonar.projectName=OpenAPI plugin tests\nsonar.projectVersion=1.0\n \n# Path is relative to the sonar-project.properties file. Replace \"\\\" by \"/\" on Windows.\n# This property is optional if sonar.modules is set. \nsonar.sources=.\n  \n# Encoding of the source code. Default is default system encoding\nsonar.sourceEncoding=UTF-8\n# Select the language to use for analysis \nsonar.language=openapi\n```\n\nFor details about how to configure SonarQube Scanner to analyze your projects, see [the documentation](https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner).\n\n### Configuring the plugin\n\nThe plugin automatically scans all `.yaml` and `.json` files that are compatible with the OpenAPI spec.\n\nIs considered to be compatible with OpenAPI v2 spec if the file contains the root key `swagger` and compatible with the v3 if contains `openapi`.\n\n### Running the analysis\n\n* Make sure the SonarQube server is running\n* [Generate a token](https://docs.sonarqube.org/latest/user-guide/user-token/) to authenticate to the server, or ask for one to your administrator\n* With `sonar-scanner` in you path, just launch the tool from the directory where you have created `sonar-project.properties`.\n* Make sure you specify the sonar server and token when launching the analysis\n\nYou should obtain an output similar to that:\n\n```text\nD:\\git\\testSonar\u003esonar-scanner -Dsonar.host.url=\u003cyour Sonar server\u003e -Dsonar.login=\u003cauthorization token\u003e\nINFO: -------------  Scan OpenAPI plugin tests\nINFO: Base dir: D:\\git\\testSonar\nINFO: Working dir: d:\\git\\testSonar\\.sonar\nINFO: Source paths: .\nINFO: Source encoding: UTF-8, default locale: en_US\nINFO: Load server rules\nINFO: Load server rules (done) | time=229ms\nINFO: Index files\nINFO: 4 files indexed\nINFO: Quality profile for openapi: Sonar way\nINFO: Sensor SonarJavaXmlFileSensor [java]\nINFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=1ms\nINFO: Sensor OpenAPI Scanner Sensor [openapi]\nINFO: Sensor OpenAPI Scanner Sensor [openapi] (done) | time=270ms\nINFO: Sensor Zero Coverage Sensor\nINFO: Sensor Zero Coverage Sensor (done) | time=8ms\nINFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.\nINFO: Calculating CPD for 6 files\nINFO: CPD calculation finished\nINFO: Analysis report generated in 215ms, dir size=92 KB\nINFO: Analysis reports compressed in 37ms, zip size=17 KB\nINFO: Analysis report uploaded in 75ms\nINFO: ANALYSIS SUCCESSFUL, you can browse \u003cyour Sonar server\u003e/dashboard?id=test%3Aopenapi\nINFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report\nINFO: More about the report processing at \u003cyour Sonar server\u003e/api/ce/task?id=AWZZE5MdehEa_CTMQA3m\nINFO: Task total time: 3.356 s\nINFO: ------------------------------------------------------------------------\nINFO: EXECUTION SUCCESS\nINFO: ------------------------------------------------------------------------\n```\n\nThen, log into your SonarQube server and go to your project to see the found violations (if any).\n\n### Skipping rules\n\nSometimes, it makes sense to disable a rule altogether. The plugin comes with a way to control which rule is enabled on\na specific file. Use it with caution as it is generally a bad practice to disable a rule from code!\n\nThe `x-nosonar` OpenAPI extension completely disables a rule. Add it to the top-level OpenAPI document to disable a rule\nor a set of rules:\n\n```yaml\nopenapi: \"3.0.0\"\ninfo:\n  version: 1.0.0\n  title: Swagger Petstore\n  license:\n    name: MIT\nservers:\n  - url: http://petstore.swagger.io/v1\nx-nosonar: [ RuleId1, RuleId2 ]\n```\n\nYou can pass either a string or an array of string to the extension.\n\nTo disable a rule only in a specific API element, use the `x-sonar-disable` extension. To enable an otherwise globally\ndisable rule, use the `x-sonar-enable` extension. They are recognized in any API element that supports extensions, except\non the top-level document.\n\n```yaml\nopenapi: \"3.0.0\"\ninfo:\n  version: 1.0.0\n  title: Swagger Petstore\n  license:\n    name: MIT\nservers:\n  - url: http://petstore.swagger.io/v1\nx-nosonar: [ RuleId1, RuleId2 ]\npaths:\n  /pets:\n    get:\n      # This re-enables RuleId1 in this operation only (it is not inherited by child elements like tags or parameters)\n      x-sonar-enable: RuleId1\n      summary: List all pets\n      operationId: listPets\n      tags:\n        - pets\n      parameters:\n        - name: filter\n          in: query\n          description: attribute on which to filter\n          required: false\n          schema:\n            type: string\n          # This disables RuleId3 locally in this parameter (it is not inherited by child elements like schema)\n          x-sonar-disable: RuleId3\n```\n\nAs for `x-nosonar`, the `x-sonar-disable` and `x-sonar-enable` extensions accept a single string or an array of strings.\n\n\u003ca name=\"testing\"\u003e\u003c/a\u003e\n## Testing\n\nTo run tests locally follow these instructions.\n\n### Build the Project and Run Unit Tests\n\nTo build the plugin and run its unit tests, execute this command from the project's root directory:\n\n    mvn clean install\n\n### Integration Tests\n\nIntegration tests are provided with the plugin. To include them, use the \"its\" profile:\n\n    mvn -Pits clean install\n\nIf you are running behind an enterprise proxy, specify the java proxy options on the command line:\n\n- http.proxyHost\n- http.proxyPort\n- http.proxyUser\n- http.proxyPassword\n- https.proxyHost\n- https.proxyPort\n- https.proxyUser\n- https.proxyPassword\n\n### Performing a new release\n\nValidate that all is correct:\n\n`mvn clean package -Prelease`\n\nDeploy:\n\n`mvn clean deploy -Prelease`\n\n## 💛 Sponsors\n\u003cp align=\"center\"\u003e\n\t\u003ca href=\"https://apiaddicts.org/\"\u003e\n    \t\u003cimg src=\"https://apiaddicts.cloudappi.net/web/image/4248/LOGOCloudappi2020Versiones-01.png\" alt=\"cloudappi\" width=\"150\"/\u003e\n        \u003cimg src=\"https://www.comunidad.madrid/sites/default/files/styles/block_teaser_image/public/img/logos-simbolos/logo_centrado_md.png?itok=4rTUhmcj\" alt=\"md\" width=\"150\"/\u003e\n        \u003cimg src=\"https://apiquality.io/wp-content/uploads/2022/09/cropped-logo-apiquality-principal-1-170x70.png\" height = \"75\"\u003e\n        \u003cimg src=\"https://apiaddicts-web.s3.eu-west-1.amazonaws.com/wp-content/uploads/2022/03/17155736/cropped-APIAddicts-logotipo_rojo.png\" height = \"75\"\u003e\n\t\u003c/a\u003e\n\u003c/p\u003e","funding_links":["https://www.buymeacoffee.com/apiaddicts"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapiaddicts%2Fsonar-openapi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapiaddicts%2Fsonar-openapi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapiaddicts%2Fsonar-openapi/lists"}