Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/insideapp-oss/sonar-apple
SonarQube plugin for Swift / Objective-C
https://github.com/insideapp-oss/sonar-apple
Last synced: about 2 months ago
JSON representation
SonarQube plugin for Swift / Objective-C
- Host: GitHub
- URL: https://github.com/insideapp-oss/sonar-apple
- Owner: insideapp-oss
- License: other
- Created: 2022-04-14T10:33:20.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-05-17T15:53:54.000Z (4 months ago)
- Last Synced: 2024-07-11T11:51:47.906Z (3 months ago)
- Language: Java
- Size: 1.05 MB
- Stars: 93
- Watchers: 6
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-list - insideapp-oss/sonar-apple - SonarQube plugin for Swift / Objective-C (Java)
README
![CI](https://github.com/insideapp-oss/sonar-flutter/workflows/CI/badge.svg)
[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=insideapp-oss_sonar-apple&metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=insideapp-oss_sonar-apple)
[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=insideapp-oss_sonar-apple&metric=coverage)](https://sonarcloud.io/summary/new_code?id=insideapp-oss_sonar-apple)
[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=insideapp-oss_sonar-apple&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=insideapp-oss_sonar-apple)
[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=insideapp-oss_sonar-apple&metric=reliability_rating)](https://sonarcloud.io/summary/new_code?id=insideapp-oss_sonar-apple)
[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=insideapp-oss_sonar-apple&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=insideapp-oss_sonar-apple)# SonarQube plugin for Swift / Objective-C
A plugin to enable analysis of Swift and Objective-C code quality and security.
Let us know if you want to get involved.
## Features
The plugin is designed to support Swift 5 syntax.
| Feature | Tool(s) | Availability |
|---------------------|-------------------|--------------------|
| Tests | Xcode | Swift, Objective-C |
| Coverage | Xcode | Swift, Objective-C |
| Complexity | SonarQube | Swift, Objective-C |
| Dead code | Periphery | Swift |
| Size | SonarQube | Swift, Objective-C |
| Syntax highlighting | SonarQube | Swift, Objective-C |
| Issues | SwiftLint, OCLint | Swift, Objective-C |
| Security | mobsfscan | Swift, Objective-C |## Installation
### Server-side
SonarQube 7.9+ is required.
- Download the plugin binary into the ``$SONARQUBE_HOME/extensions/plugins`` directory.
- Restart the server.
- Activate the rules in your Quality Profiles.### Client-side
Xcode 13+ and SonarScanner are required.
The following tools are optional:- [SwiftLint](https://github.com/realm/SwiftLint)
- [OCLint](https://oclint.org/)
- [mobsfscan](https://github.com/MobSF/mobsfscan)
- [Periphery](https://github.com/peripheryapp/periphery)#### Sonar configuration
Create a ``sonar-project.properties`` file at the root with this content:
```properties
# Project identification
sonar.projectKey=ios_app
sonar.projectName=iOS App
sonar.projectVersion=1.0
# Source code location.
# Path is relative to the sonar-project.properties file. Defaults to .
# Use commas to specify more than one folder.
sonar.sources=iOSApp
# Tests source code location.
# Path is relative to the sonar-project.properties file. Defaults to empty.
# Use commas to specify more than one folder.
sonar.tests=iOSAppTests## Coverage & Tests ##
# Path to the Xcode result bundle file.
# The path is relative to the project base directory.
# Defaults to build/result.xcresult
#sonar.apple.resultBundlePath=custom/path/to/file.xcresult## Periphery ##
# Index Store folder path.
# This matches the parameter "-derivedDataPath" in xcodebuild (see below).
# Warning: starting Xcode 14 the folder "Index" is renamed "Index.noindex".
sonar.apple.periphery.indexStorePath=derivedData/Index/DataStore## OCLint ##
# Path to the JSON Compilation Database folder
# The path is relative to the project base directory.
# Defaults to build/json_compilation_database
# sonar.apple.jsonCompilationDatabasePath=custom/path/to/folder## Misc ##
# Encoding of the source code. Default is default system encoding.
sonar.sourceEncoding=UTF-8
```For a complete list of available options, please refer to the [SonarQube documentation](https://docs.sonarqube.org/latest/analysis/analysis-parameters/).
#### Run analysis
Use the following commands from the root folder to start an analysis:
```bash
# Don't forget to add -workspace to the build command if your project is part of a workspace
# Don't forget to activate 'Gather coverage' option in the app scheme or add '-enableCodeCoverage YES' to the following command# Run tests
xcrun xcodebuild \
-project MyApp.xcodeproj \
-scheme MyApp \
-sdk iphonesimulator \
-destination 'platform=iOS Simulator,name=iPhone 11 Pro' \
-derivedDataPath ./derivedData \
-resultBundlePath build/result.xcresult \
OTHER_CFLAGS="\$(inherited) -gen-cdb-fragment-path build/compilation_database" \
-quiet \
clean test# Run the analysis and publish to the SonarQube server
# Don't forget to specify `sonar.host.url` and `sonar.token` in `sonar-project.properties` or supply it to the following command.
sonar-scanner
```### Advanced configuration
#### Periphery
The plugin assumes the Periphery configuration is properly settled for your project, in the [Periphery configuration file](https://github.com/peripheryapp/periphery#configuration).
The required information are the project, the schemes and the targets. You also need to provide the workspace, if you have one.
```yaml
workspace: path/to/workspace.xcworkspace # optional
project: path/to/project.xcodeproj
schemes:
- MyScheme
targets:
- MyTarget
```#### OCLint
On macOS, the system will block usage of OCLint. In order to get rid of the manual verification of each of them, use the following commands:
```bash
sudo xattr -dr com.apple.quarantine /usr/local/lib/oclint/rules/lib*
sudo xattr -dr com.apple.quarantine /usr/local/lib/oclint/reporters/lib*
```#### Sonar Scanner
If you have trouble running the Sonar Scanner, you can run it in verbose mode, to get more logs and information.
You can either:
- add `sonar.verbose=true` to your `sonar-project.properties`
- add the option `X` to the command, like so: `sonar-scanner -X ...`## Contributing
Any help is welcome, and PRs will be greatly appreciated!
Have a look at the [developer guide](https://github.com/insideapp-oss/sonar-apple/blob/main/DEVELOP.md) to get started.
## License
This plugin is released under the GNU LGPL v3 license. See the [LICENSE](https://github.com/insideapp-oss/sonar-apple/blob/main/LICENSE.md) file for more information.