{"id":18601741,"url":"https://github.com/eficode/codesonar-plugin","last_synced_at":"2025-04-10T19:30:45.958Z","repository":{"id":26784757,"uuid":"30242969","full_name":"eficode/codesonar-plugin","owner":"eficode","description":null,"archived":false,"fork":false,"pushed_at":"2022-11-17T09:14:44.000Z","size":1267,"stargazers_count":5,"open_issues_count":22,"forks_count":1,"subscribers_count":28,"default_branch":"master","last_synced_at":"2025-03-25T03:01:53.639Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eficode.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-02-03T13:03:56.000Z","updated_at":"2022-11-17T07:38:15.000Z","dependencies_parsed_at":"2023-01-14T05:17:34.556Z","dependency_job_id":null,"html_url":"https://github.com/eficode/codesonar-plugin","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eficode%2Fcodesonar-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eficode%2Fcodesonar-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eficode%2Fcodesonar-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eficode%2Fcodesonar-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eficode","download_url":"https://codeload.github.com/eficode/codesonar-plugin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248281395,"owners_count":21077423,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T02:09:17.191Z","updated_at":"2025-04-10T19:30:45.605Z","avatar_url":"https://github.com/eficode.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"## About CodeSonar\n[GrammaTech CodeSonar](https://www.grammatech.com/products/codesonar) GrammaTech's flagship static analysis software,\nidentifies programming bugs that can result in system crashes, memory corruption, leaks, data races, and security\nvulnerabilities.\n\nBy analyzing both source code and binaries, CodeSonar empowers developers to eliminate the most costly and\nhard-to-find defects early in the application development lifecycle.\n\n## Introduction\n\nThe CodeSonar plugin collects project analysis data from a designated CodeSonar hub.\n\nHistorical data about CodeSonar warning counts and code size are presented in the Job Dashboard.\n\nThe plugin can be configured to change the build result if the CodeSonar analysis results meet specified conditions.\nThe following documentation cites relevant sections in the CodeSonar manual. These citations take the form:\n\n**MANUAL**: **Subject** \u003e ... \u003e **Page Title**\n\nwhere **Subject** \u003e **....** \u003e **Page Title** denotes a navigation path through the CodeSonar manual table of contents.\n\n## Setting Up The Plugin\n\nThese instructions assume that you have:\n\n* Installed Jenkins.\n* Established a Jenkins job to build your software.\n* Installed CodeSonar.\n* Installed the CodeSonar plugin for Jenkins.\n\n## Setting up the plugin involves three steps, each detailed below.\n\n* Make sure CodeSonar is ready to analyze your software\n* Incorporate the CodeSonar build/analysis in your Jenkins job\n* Apply the CodeSonar plugin to your Jenkins job\n\n### Make sure CodeSonar is ready to analyze your software\nWork through the following steps to make sure that CodeSonar is in a suitable state to be invoked by your Jenkins job.\n\n1. Make sure the path to `/codesonar/bin` is in the `PATH` of the user who is running Jenkins.\n * Otherwise, your codesonar analyze command will have to specify the path to the codesonar executable.\n2. Please make sure that the launch daemon is running on the server. This needs to run as the user\n running Jenkins. It is encouraged to configured a [cronjob](https://en.wikipedia.org/wiki/Cron)\n for this\n3. Start the CodeSonar hub to use for recording the analysis results (if it is not already running).\n * **MANUAL**: **How CodeSonar Works** \u003e **CodeSonar Structure** \u003e **Hub** \u003e **Starting a Hub**\n * The remainder of these instructions will refer to the hub location as `host:port`.\n4. Establish a project directory and project name for the CodeSonar project that will be built and analyzed.\n * If you have previously analyzed your software with CodeSonar, you can use the existing project infrastructure.\n * Otherwise, choose a project directory, and create the directory if it does not already exist.\n In either case, make sure the project directory has a suitable location and read/write settings.\n If Jenkins is running with different OS credentials to your own, remember to take this into account.\n * Use the same project directory and project name every time you perform the CodeSonar\n build/analysis for a given project.\n * The project directory should not be deleted at the end of the build: the CodeSonar GUI needs\n to interact with its contents, and incremental builds need information that is stored there.\n * Make sure the project directory is in a location where Jenkins will not automatically\n delete it after running the job. For example, it is probably a good idea to locate it\n outside the Jenkins workspace.\n * Similarly, take steps to ensure that your other build tools will not delete the project directory.\n * Set the project directory permissions to allow the Jenkins process to read and write to it.\n * The remainder of these instructions will refer to the project directory as `projdir` and the project name as `proj-name`.\n * If the project directory does not include a general project configuration file (for example, because you just created\n the directory in the previous step), create one now:\u003cbr\u003e\n * `codesonar create-conf projdir/proj-name`\n **MANUAL: Using CodeSonar** \u003e **Building and Analyzing Projects** \u003e **Options, Preferences, and Configuration Files** \u003e **Configuration Files**\n\n5. Edit the general project configuration file (`projdir/proj-name.conf`) to specify your required\n configuration parameter settings (unless the factory settings are suitable).\n _MANUAL_: _Using CodeSonar_ \u003e _Building and Analyzing Projects_ \u003e _Options, Preferences, and Configuration Files_ \u003e\n _Compiler-Independent Configuration File Parameters for CodeSonar_\n\nIn particular:\nYou may wish to specify one or more `CFLAGS_APPEND` rules.\nIf you are performing a clean build every time, set `INCREMENTAL_BUILD=No`.\n\n6. Make sure there is a CodeSonar launch daemon running on the analysis machine, with the same owner as the Jenkins process.\n\nMANUAL: How CodeSonar Works \u003e Build and Analysis \u003e cslaunchd: The CodeSonar Launch Daemon\n\nIf the analysis machine is running Windows, check to see whether there is a `cslaunchd` service on the\nanalysis machine, with the same owner as the Jenkins process. If not, set one up.\n\n**MANUAL**: _Using CodeSonar_ \u003e _Building and Analyzing Projects_ \u003e _Continuous Integration_ \u003e _Using CodeSonar With Continuous Integration Tools_\n\nNote that if Jenkins is running as a service, its owner will usually be\n`SYSTEM`. Otherwise, arrange to start the launch daemon at system startup.\nGo on to Incorporate the CodeSonar build/analysis in your Jenkins job.\n\n### Incorporate the CodeSonar build/analysis in your Jenkins job\n\nYou will incorporate the CodeSonar build/analysis in your Jenkins job by\nextending the current contents of the Build section as described in the following steps.\n\n1. View the Job Dashboard for the Jenkins job that is building your software.\n2. Click Configure to open the Job Configurations page.\n3. Define a HUB parameter for the job, so you can use it both for the CodeSonar analysis invocation and to configure the CodeSonar plugin later:\n 1. Make sure This build is parameterized is selected.\n 1. Under This build is parameterized, click Add Parameter, then select String Parameter from the menu that pops up.\n 1. Jenkins will display a set of fields for setting up your new parameter. Fill them out as follows.\n * Name: `HUB`\n * Default Value: the location (host:port) of your CodeSonar hub. For example, `alexhubmachine:7340`.\n * Description: you may want to enter a short description to remind yourself why you have this variable.\n4. Use the same process to define a `PROJ_NAME` parameter whose value matches your established CodeSonar project name (proj-name).\n![Jenkins configuration parameters](docs/img/jenkins_params.png \"Jenkins configuration parameters\")\n\n5. Edit the Build section to integrate the CodeSonar build/analysis.\n Remember to specify authentication options in your build/analysis commands if they will be required by your hub.\n **MANUAL**: **How CodeSonar Works** \u003e **CodeSonar Structure** \u003e **Hub** \u003e **Authentication and Access Control**\n\n| Project Language | Editing the Build Section |\n| :------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| **C, C++** | For every existing build step that involves C/C++ compilation, edit the build step to incorporate the CodeSonar build/analysis command. If the current build step or steps contain one command that involves C/C++ compilation, this will involve constructing a single codesonar analyze command. Otherwise there are two possible approaches: |\n| | * Accumulate components into a CodeSonar project by constructing a codesonar build command for each software build command that involves C/C++ compilation, then add a final codesonar analyze command to analyze the project. |\n| | *or* |\n| | Replace the text of the build step or steps with an invocation of a shell script or batch file with equivalent contents, then construct a single codesonar analyze command based on that invocation. |\n| | The codesonar analyze command must include the -foreground option. |\n| | See Example 1 and Example 2. |\n| **Java** | Add a new, final build step that executes the CodeSonar Java build/analysis on the bytecode produced by the other build steps. The codesonar analyze command must include the -foreground option. |\n| | See Example 3. |\n| | *MANUAL*: Using CodeSonar \u003e Building and Analyzing Projects \u003e Java \u003e Build and Analysis for Java Projects |\n| **Mixed Java and C/C++** | Combine the approaches for Java-only and C/C++-only projects: |\n| | 1. Edit the build steps to incorporate a codesonar build command for each software build command that involves C/C++ compilation. |\n| | 2. Add a new build step that executes codesonar build on any Java bytecode produced by earlier build steps. |\n| | 3. Add a new, final build step that invokes codesonar analyze to analyze the project. |\n| | |\n| | See Example 4 and Example 5. |\n\n6. Click Save.\n7. Check everything is working properly:\n 1. Click Build with Parameters, check the parameter settings are correct, and click **Build**.\n 2. Jenkins will execute the updated job.\n Check that the Jenkins job executed successfully, and check the job's Console Output to ensure that the build proceeded as you expected.\n * If necessary, click _Configure_ and adjust your edits, and make any other changes necessary to get your job running correctly.\n * If the CodeSonar build/analysis is not running to completion, the manual section on Troubleshooting the build may be helpful.\n MANUAL: Using CodeSonar \u003e Building and Analyzing Projects \u003e Troubleshooting the Build\n 3. Open the CodeSonar GUI in your web browser and inspect your analysis results on the Analysis page.\n MANUAL: Using CodeSonar \u003e GUI Reference \u003e GUI Reference\n8. Go on to Apply the CodeSonar plugin to your Jenkins job.\n\n### Apply the CodeSonar plugin to your Jenkins job\n\nOnce your Jenkins job is correctly invoking the CodeSonar analysis, you can apply the CodeSonar plugin to collect\nanalysis information from the hub.\n\n1. Go back to Job Configurations page for the Jenkins job that is building your software.\n1. Under Post-build Actions, click Add post-build action, and select CodeSonar from the menu that pops up.\n * If CodeSonar is not a menu option, the plugin may not be installed.\n1. Jenkins will display fields for you to configure this application of the plugin.\n 1. Select the protocol used by your hub from the Protocol menu: either http or https.\n 1. Enter `${HUB}` in the hub address field.\n 1. Enter `${PROJ_NAME}` in the Project name field.\n 1. Click the **Add** button next to the **Credentials** field, then fill in **Add Credentials** form that opens and click Add.\n1. Set Kind to \"Username with password\" or \"Certificate\".\n1. Set Scope to Global.\n1. Use the remaining fields to specify the hub user account credentials that the plug-in should use in obtaining analysis information from the hub. See below for information about the permissions required and additional manual references.\n1. These credentials will not be applied to the build/analysis commands you specified in the previous step. If you want to specify authentication credentials for those commands, use the appropriate command-line authentication options.\n **Optional** If you want to configure one or more \"CodeSonar conditions\", see the descriptions below.\n1. Click Save.\n * The list of links at the left-hand side of the Job Dashboard will now include Latest CodeSonar Analysis link.\n This navigates to the CodeSonar GUI Analysis page for the most recently executed analysis of this project.\n1. Please check if everything is working properly:\n 1. Click Build with Parameters, check that the parameter settings are correct, and click Build.\n Jenkins will execute the updated job.\n 1. Please check if the Jenkins job executed successfully, and check the job's Console Output to ensure that the build proceeded as you expected.\n * If necessary, click Configure and adjust your edits, and make any other changes necessary to get your job running correctly.\n1. Notice that the dashboard now contains charts of \"Total number of warnings\" and \"Lines of Code\" (if it doesn't, reload the page). These charts represent CodeSonar analysis history for this project.\n\n**Warning**: When configuring a project, please make sure that the project names in CodeSonar are unique if you build the same \nproject in two different Jenkins jobs. One possibility is to add a suffix or prefix to the project names. Otherwise, you may end\nwith unexpected results in the jobs!\n\n### Build Step Examples\n\nThese examples all assume the following:\n\n* Build parameter `${HUB}` has been established and set to the hub location.\n* Build parameter `${PROJ_NAME}` has been established and set to the CodeSonar project name.\n* The project directory is `/myfiles/csonar_projects/projX`\n\n#### Example 1: C/C++ project; Jenkins build steps include one command that involves C/C++ compilation.\n\nSuppose that the Jenkins job build step text is:\n\n```bash\ncd /myfiles/src/projX \u0026\u0026 make normal\n```\n\nThen replace the build step text with:\n\n```bash\ncd /myfiles/src/projX \u0026\u0026 codesonar analyze /myfiles/csonar_projects/projX/${PROJ_NAME} -foreground ${HUB} make normal\n```\n\n#### Example 2: C/C++ project; Jenkins build steps include multiple commands that involve C/C++ compilation.\n\nSuppose that the Jenkins job build step text is:\n\n```bash\ncd /myfiles/src/projX\nrm -f *.o\ngcc -c A.c\ngcc -c B.c\ngcc -c C.c\n```\n\nThere are several possible approaches.\n\n1.\n\n```\ncd /myfiles/src/projX\nrm -f *.o\ncodesonar build /myfiles/csonar_projects/projX/${PROJNAME} -foreground ${HUB} gcc -c A.c\ncodesonar build /myfiles/csonar_projects/projX/${PROJNAME} -foreground ${HUB} gcc -c B.c\ncodesonar build /myfiles/csonar_projects/projX/${PROJNAME} -foreground ${HUB} gcc -c C.c\ncodesonar analyze /myfiles/csonar_projects/projX/${PROJNAME} -foreground ${HUB}\n```\n\n1. Collect the build step text into a single shell script /path/to/dir/mybuildscript.sh:\n\n```\ncd /myfiles/src/projX\nrm -f *.o\ngcc -c A.c\ngcc -c B.c\ngcc -c C.c\n```\n\nthen replace the build step text with:\n\n```\ncd /path/to/dir \u0026\u0026 codesonar analyze ${PROJNAME} -foreground ${HUB} sh -xe mybuildscript.sh\n```\n\n2. Collect the build step text into a single batch file path\\to\\dir\\mybuildbat.bat:\n\n```bash\ncd \\myfiles\\src\\projX\nrm -f *.o\ngcc -c A.c\ngcc -c B.c\ngcc -c C.c\n```\nthen replace the build step text with:\n\n```bash\ncodesonar analyze ${PROJNAME} -foreground ${HUB} path\\to\\dir\\mybuildbat.bat\n```\n\n#### Example 3: Java project\n\nSuppose that the Jenkins job writes Java build output to /myfiles/buildoutput/classes.\n\nThen add a new \"Execute shell\" build step with the following contents.\n\n```bash\ncodesonar analyze /myfiles/csonar_projects/projX/${PROJNAME} -foreground ${HUB} cs-java-scan /myfiles/buildoutput/classes\n```\n\n#### Example 4: Mixed C/C++ and Java project; single build command\n\nSuppose that the Jenkins job build step text is:\n\n```bash\ncd /myfiles/src/projX\nmake all\n```\n\nand that the Jenkins job writes Java build output to `/myfiles/buildoutput/classes`.\n\n#### Example 5: Mixed C/C++ and Java project; multiple build commands\n\nSuppose the Jenkins job build step text is:\n\n```bash\ncd /myfiles/src/projX\nrm -f *.o\nrm -f *.class\ngcc -c A.c\ngcc -c B.c\njavac J.java\n```\n\nand that the Jenkins job writes Java build output to /myfiles/buildoutput/classes.\n\nThere are several possible approaches.\n\n1. Move the build text to a Makefile, shell script, batch file, or similar, then follow the approach illustrated in Example 4. |\n2. Replace the build step text with:\n\n```bash\ncd /myfiles/src/projX\nrm -f *.o\nrm -f *.class\ncodesonar build /myfiles/csonar_projects/projX/${PROJNAME} -foreground ${HUB} gcc -c A.c\ncodesonar build /myfiles/csonar_projects/projX/${PROJNAME} -foreground ${HUB} gcc -c B.c\njavac J.java\ncodesonar build /myfiles/csonar_projects/projX/${PROJNAME} -foreground ${HUB} cs-java-scan /myfiles/buildoutput/classes\ncodesonar analyze /myfiles/csonar_projects/projX/${PROJNAME} -foreground ${HUB}\n```\n\n## Configuration Settings\n\nThe CodeSonar plugin for Jenkins has two required configuration settings and a number of optional ones.\n\n* Protocol, Hub address, Project name are always required.\n* The Credentials setting is required if special user Anonymous does not have sufficient permissions to interact with\n the CodeSonar analysis information on the hub.\n* Users can also specify zero or more CodeSonar conditions.\n\n### Required Configuration Settings\n\n| Setting Name | Description | Notes |\n|------------------|----------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|\n| **Protocol** | The protocol that should be used to communicate with the hub: either http or https. | Always explicitly specify https if you are concerned about security, otherwise you may be sending unencrypted data to an imposter hub. |\n| | MANUAL: How CodeSonar Works \u003e CodeSonar Structure \u003e Hub \u003e Hub Location | |\n| **Hub address** | The location of the CodeSonar hub that you are using to manage your analysis results, in format hostname:port. | If you have set up a `${HUB}` parameter for the job, you can use it here. |\n| | MANUAL: How CodeSonar Works \u003e CodeSonar Structure \u003e Hub \u003e Hub Location | |\n| **Project name** | The CodeSonar project name. | If you have set up a `${PROJNAME}` parameter for the job, you can use it here. |\n| | | |\n\n### Optional Configuration Settings\n\nThe hub user account you specify here must have sufficient permissions to access the relevant analysis information.\n\nThe hub user account credentials that the plugin should use when obtaining analysis information from the hub.\n\n* **MANUAL**: How CodeSonar Works \u003e CodeSonar Structure \u003e Hub \u003e Hub User Accounts\n* **MANUAL**: Role-Based Access Control (RBAC) \u003e RBAC: Role-Permissions\n\n#### Global permissions\n\nYou need to configure the CodeSonar user to have the following permissions.\n\n* `G_LIST_PROPERTIES`\n* `G_LIST_USERS`\n* `G_SIGN_IN`\n* `G_SIGN_IN_CERTIFICATE` or `G_SIGN_IN_PASSWORD`, depending on the **Kind of credentials** you are specifying.\n\n#### Permissions on analyzed project `${PROJNAME}`\n\nIn addition, these permissions are needed for the project.\n\n* `ANALYSIS_ANNOTATE`\n* `ANALYSIS_EXISTS`\n* `ANALYSIS_READ`\n* `ANALYSIS_WARNING_EXISTS`\n* `ANALYSIS_WRITE`\n* `PROJECT_EXISTS`\n* `PROJECT_READ`\n\n* `NAMEDSEARCH_READ` for the following built-in warning searches: _active_, _new_, _active and new_.\n\nYou do not need to configure credentials if special user _Anonymous_ has sufficient permissions to obtain analysis information from the hub: in this case, the plugin will interact with the hub in an anonymous session (Anonymous does not need `G_SIGN_IN_CERTIFICATE` or `G_SIGN_IN_PASSWORD`).\nNote that these credentials are not used to authenticate CodeSonar build/analysis commands issued by your Jenkins job.\nIf you want to specify authentication credentials for those commands, use the appropriate command line\nauthentication options.\n\n## CodeSonar conditions\n\nUsers can specify zero or more CodeSonar conditions. Each condition specifies a bound on some particular\nproperty of the CodeSonar analysis results, along with the build result setting to be applied if the property's\nvalue lies outside the specified bound.\n\nThere are six different condition types.\n\n* **Cyclomatic complexity**\n\nOne or more procedures has cyclomatic complexity (as determined by CodeSonar) that exceeds the specified limit.\n\n**MANUAL**: How CodeSonar Works \u003e CodeSonar Structure \u003e Metrics\n\n* **Red alerts**\n\nThe number of red alerts from CodeSonar analysis exceeds the specified limit. Please note that this has nothing to\ndo with the color in the margin of the warning page. Instead, you can see the specification in the manual\nfor when CodeSonar marks a warning as red. Please see the image under **Yellow alerts**.\n\n**MANUAL**: Using CodeSonar \u003e GUI Reference \u003e Alerts\n\n* **Warning count increase: new only**\n\nThe number of new warnings issued by the CodeSonar analysis exceeds the number issued for the previous analysis by more than the specified percentage.\n\n**MANUAL**: How CodeSonar Works \u003e CodeSonar Structure \u003e Warnings \u003e Warnings: Instances and Groups\n\n* **Warning count increase: overall**\n\nThe number of warnings issued by the CodeSonar analysis exceeds the number issued for the previous analysis by more than the specified percentage.\n\n**MANUAL**: How CodeSonar Works \u003e CodeSonar Structure \u003e Warnings \u003e Warnings: Instances and Groups\n\n* **Warnings count increase: specified score and higher**\n\nThe number of warnings in the specified score range issued by the CodeSonar analysis exceeds the number issued for the previous analysis by more than the specified percentage.\n\n**MANUAL**: How CodeSonar Works \u003e CodeSonar Structure \u003e Warnings \u003e Warnings: Instances and Groups\n\n* **Yellow alerts**\n\nThe number of yellow alerts from the CodeSonar analysis exceeds the specified limit. Please note that this has\nnothing to do with the color in the margin of the warning page. Instead, you can see the specification in the manual\nfor when CodeSonar marks a warning as yellow.\n\n**MANUAL**: Using CodeSonar \u003e GUI Reference \u003e Alerts\n\n### Note on yellow and red alerts\n\nThe red and yellow alerts in CodeSonar do not correlate to the red and yellow warning score coloring,\nas shown in the following image.\n\n![score-coloring](docs/img/codesonar-red-yellow-score.png \"Warning score coloring\")\n\nInstead, you can see how many red and yellow warnings that CodeSonar found under an analysis in the\nupper right corner. Yellow warnings are typically related to parse errors, while red warnings are a bit severe.\nPlease see the list when an alert will be marked as either red or yellow in the manual pages:\n\n**MANUAL**: Using CodeSonar \u003e GUI Reference \u003e Alerts\n\n![red-yellow-warnings](docs/img/hub_alerts.png \"Red and yellow\")\n\n## Configuration Example\n\nWith this configuration, the plugin will mark the build as \"Failed\" if the CodeSonar analysis produces one or more\nred alerts or 2 or more warnings with a score of at least 56.\n\n![Jenkins actions](docs/img/jenkins_post_build.png \"Jenkins post-build conditions\")\n\nThe visibility filter parameter `filter` can be found under `\u003chub url\u003e/savedsearches.html?ssdomain=0`.\nYou may need to right-click to trigger the `id` column. The visibility filter that's used by default is\n`active` (the filter with the id number `2`).\n\n## Pipeline DSL\n\nIt's also possible to use the plugin with [Pipeline DSL](https://www.jenkins.io/doc/book/pipeline/syntax/)\nThe easiest way to get a usable template for your job is to use the\n[snippet generator](https://www.jenkins.io/doc/book/pipeline/getting-started/#snippet-generator). This is a small\nsample you may build upon:\n\n```groovy\npipeline {\n agent any\n parameters {\n string (\n defaultValue: 'some-name',\n description: 'The name of the project in CodeSonar',\n name : 'JOB_NAME'\n )\n string (\n defaultValue: '127.0.0.1:7340',\n description: 'The default address of the CodeSonar hub',\n name : 'HUB'\n )\n }\n stages {\n stage('build and analyze') {\n steps {\n // run the codesonar analyze commands ...\n script {\n codesonar conditions:\n [warningCountIncreaseSpecifiedScoreAndHigher(rankOfWarnings: 55, warningPercentage: '3')],\n credentialId: '....', hubAddress: '${HUB}', projectName: '${JOB_NAME}', protocol: 'http',\n filter: '2'\n }\n }\n }\n }\n}\n```\n\nThe credential id can be found in **Manage Jenkins** -\u003e **Credentials**. It's a UUID-ish string.\n\nThe visibility filter parameter `filter` can be found under `\u003chub url\u003e/savedsearches.html?ssdomain=0`. By default, \nwe use the `active` warning filter.\n\n## Note on visibility filters\n\n![CodeSonar visibility filters](docs/img/codesonar-visibility-filters.png \"CodeSonar visibility filters\")\n\nWhen you configure the job where you need to change the default visibility filter, you need to use the ID \nof the visibility filter in the form. Please note that the visibility filters are based on access control,\nso the user you configure in the credentials needs to be able to use the filter defined.\n\n**Manual**: Using CodeSonar -\u003e GUI reference -\u003e GUI reference (see under **Visibility Filter selector**).\n\n* `NAMEDSEARCH_READ` for the following built-in warning searches: _active_, _new_, _active and new_.\n* `NAMEDSEARCH_EXISTS` to see the filters.\n\n## Configuration Example\n\nWith this configuration, the plugin will mark the build as \"Unstable\" if the CodeSonar analysis produces one oxr two red alerts, but \"Failed\" if there are three or more. \n\n![Jenkins actions](docs/img/jenkins_params.png \"Jenkins post-build conditions\")\n\n## Jenkins Job DSL\n\nAvailable options\n\n```jenkins\njob{\n publishers{\n codeSonar(String hubAddress, String projectName){\n cyclomaticComplexity(int maxComplexity, boolean markAsFailed)\n redAlert(int maxAlerts, boolean markAsFailed)\n yellowAlert(int maxAlerts, boolean markAsFailed)\n newWarningCountIncrease(float percentage, boolean markAsFailed)\n overallWarningCountIncrease(float percentage, boolean markAsFailed)\n rankedWarningCountIncrease(int minRank, float percentage, boolean markAsFailed)\n }\n }\n}\n```\nExample\n\n```jenkins\njob('myProject_GEN'){\n publishers{\n codeSonar('hub','proj'){\n cyclomaticComplexity(20, false)\n redAlert(3, true)\n yellowAlert(10, false)\n newWarningCountIncrease(5, true)\n overallWarningCountIncrease(5, false)\n rankedWarningCountIncrease(30, 5, true)\n }\n }\n}\n```\n\n## Support and Contact\nPlease send an email on [support@praqma.net](mailto:support@praqma.net) if you have a request or question regarding the plugin.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feficode%2Fcodesonar-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feficode%2Fcodesonar-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feficode%2Fcodesonar-plugin/lists"}