{"id":47919227,"url":"https://github.com/hpopp/sonar-elixir","last_synced_at":"2026-04-04T05:50:53.711Z","repository":{"id":340489464,"uuid":"1166280318","full_name":"hpopp/sonar-elixir","owner":"hpopp","description":"Community SonarQube plugin for the static analysis of Elixir projects.","archived":false,"fork":false,"pushed_at":"2026-03-08T17:31:14.000Z","size":87,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-08T19:33:27.643Z","etag":null,"topics":["code-quality","elixir","sonarqube","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hpopp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-25T03:58:24.000Z","updated_at":"2026-03-08T17:30:30.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/hpopp/sonar-elixir","commit_stats":null,"previous_names":["hpopp/sonar-elixir"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hpopp/sonar-elixir","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpopp%2Fsonar-elixir","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpopp%2Fsonar-elixir/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpopp%2Fsonar-elixir/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpopp%2Fsonar-elixir/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hpopp","download_url":"https://codeload.github.com/hpopp/sonar-elixir/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hpopp%2Fsonar-elixir/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31389391,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T04:26:24.776Z","status":"ssl_error","status_checked_at":"2026-04-04T04:23:34.147Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-quality","elixir","sonarqube","static-analysis"],"created_at":"2026-04-04T05:50:51.264Z","updated_at":"2026-04-04T05:50:53.700Z","avatar_url":"https://github.com/hpopp.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sonar-elixir\n\n\u003e SonarQube plugin for static analysis of Elixir projects.\n\n[![CI](https://github.com/hpopp/sonar-elixir/actions/workflows/ci.yml/badge.svg)](https://github.com/hpopp/sonar-elixir/actions/workflows/ci.yml)\n[![Version](https://img.shields.io/badge/version-0.1.1-orange.svg)](https://github.com/hpopp/sonar-elixir/commits/main)\n[![License](https://img.shields.io/github/license/hpopp/sonar-elixir)](LICENSE)\n[![Last Updated](https://img.shields.io/github/last-commit/hpopp/sonar-elixir.svg)](https://github.com/hpopp/sonar-elixir/commits/main)\n\n\u003e [!NOTE]\n\u003e This plugin is in early development. Only a subset of rules are currently implemented.\n\u003e Feedback, bug reports, and contributions are welcome.\n\n## Features\n\n- **Static analysis** -- Credo-inspired rules covering code smells, security vulnerabilities, and reliability bugs.\n- **Metrics** -- Lines of code and comment line counts.\n- **Test coverage** -- Imports coverage via the [`sonarqube`](https://github.com/hpopp/mix-sonarqube) Hex package.\n- **Syntax highlighting** -- Elixir-aware highlighting in the SonarQube code viewer.\n\n## Installation\n\n**Compatibility:** SonarQube 2025.1 LTA and later (Community Build and Server editions).\n\n1. Download the latest `sonar-elixir-plugin-x.y.z.jar` from [Releases](https://github.com/hpopp/sonar-elixir/releases).\n\n2. Copy the JAR to your SonarQube installation's plugin directory.\n\n```shell\ncp sonar-elixir-plugin-0.1.0.jar $SONARQUBE_HOME/extensions/plugins/\n```\n\n3. Restart SonarQube.\n\n**Docker users** can volume-mount the JAR instead. See the included `docker-compose.yml` for an example.\n\n\u003e **Note:** Elixir must be installed on the machine running `sonar-scanner`. The plugin shells out to the Elixir runtime for AST parsing and tokenization.\n\n## Project Setup\n\nCreate a `sonar-project.properties` file in your project root:\n\n```properties\nsonar.projectKey=my-elixir-app\nsonar.projectName=My Elixir App\nsonar.sources=lib\nsonar.tests=test\nsonar.sourceEncoding=UTF-8\nsonar.host.url=http://localhost:9000\n\n# Include if using mix-sonarqube for coverage reporting.\nsonar.coverageReportPaths=cover/sonar-coverage.xml\n```\n\nThen run the scanner:\n\n```shell\nsonar-scanner\n```\n\n### Properties\n\n| Property                     | Description                          | Default    |\n| ---------------------------- | ------------------------------------ | ---------- |\n| `sonar.elixir.file.suffixes` | File extensions recognized as Elixir | `.ex,.exs` |\n| `sonar.coverageReportPaths`  | Path to the generated coverage XML   | _(none)_   |\n\n## Coverage\n\nCoverage is handled by the [`sonarqube`](https://github.com/hpopp/mix-sonarqube) Hex package. See its README for installation and setup instructions.\n\n## CI Integration\n\nA typical CI pipeline needs Elixir (for tests and coverage) and `sonar-scanner` (Java-based). The full sequence:\n\n```yaml\n# Example GitHub Actions steps\n- name: Install dependencies\n  run: mix deps.get\n\n- name: Run tests with coverage\n  run: mix sonarqube.coverage\n\n- name: Run SonarQube scanner\n  run: sonar-scanner\n  env:\n    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}\n    SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}\n```\n\n## Rules\n\n### Code Smells\n\n| Key                      | Description                                    | Severity | Default |\n| ------------------------ | ---------------------------------------------- | -------- | :-----: |\n| `function_names`         | Function names should be in snake_case         | Minor    |    ✓    |\n| `io_inspect`             | `IO.inspect` calls should be removed           | Major    |    ✓    |\n| `large_module`           | Modules should not have too many lines         | Minor    |         |\n| `missing_moduledoc`      | Modules should have `@moduledoc`               | Minor    |    ✓    |\n| `module_attribute_names` | Module attribute names should be in snake_case | Minor    |    ✓    |\n| `module_names`           | Module names should be in PascalCase           | Minor    |    ✓    |\n| `pipe_chain_start`       | Pipe chains should start with a raw value      | Minor    |         |\n\n### Vulnerabilities\n\n| Key                | Description                         | Severity | Default |\n| ------------------ | ----------------------------------- | -------- | :-----: |\n| `hardcoded_secret` | Credentials should not be hardcoded | Blocker  |    ✓    |\n\nRules marked with ✓ in **Default** are active in the built-in \"Elixir Way\" quality profile. All rules can be individually enabled or disabled in SonarQube's quality profile settings.\n\n## Contributing\n\n### Prerequisites\n\n- Java 17+\n- Maven\n- Elixir 1.15+\n\n### Build\n\n```shell\nmvn package\n```\n\nThe plugin JAR is written to `target/sonar-elixir-plugin-x.y.z.jar`.\n\n### Test\n\n```shell\nmvn test\n```\n\n### Local SonarQube\n\nThe included `docker-compose.yml` runs a SonarQube instance with the plugin mounted:\n\n```shell\ndocker compose up\n```\n\nSonarQube will be available at `http://localhost:9000` (default credentials: `admin` / `admin`).\n\n## License\n\nCopyright (c) 2026 Henry Popp\n\nThis project is MIT licensed. See the [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhpopp%2Fsonar-elixir","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhpopp%2Fsonar-elixir","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhpopp%2Fsonar-elixir/lists"}