Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mirkosertic/mavensonarsputnik

Maven Plugin for Sputnik with Multi-Module Support
https://github.com/mirkosertic/mavensonarsputnik

owasp-dependencycheck pitest pretested-commit-analysis sonarqube sputnik

Last synced: 3 months ago
JSON representation

Maven Plugin for Sputnik with Multi-Module Support

Host: GitHub
URL: https://github.com/mirkosertic/mavensonarsputnik
Owner: mirkosertic
License: apache-2.0
Created: 2016-01-20T23:26:29.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2017-12-05T14:19:41.000Z (about 7 years ago)
Last Synced: 2024-10-06T03:02:58.997Z (3 months ago)
Topics: owasp-dependencycheck, pitest, pretested-commit-analysis, sonarqube, sputnik
Language: Java
Size: 96.7 KB
Stars: 3
Watchers: 3
Forks: 2
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Maven Sonar Sputnik Integration

Maven Plugin for Sputnik with Multi-Module Support.

Together with [Sputnik](https://github.com/TouK/sputnik), [Jenkins](https://jenkins-ci.org) and [Gerrit](https://www.gerritcodereview.com) you can easily setup a pretested commit infrastructure for semi-automatic Code Reviews.

[![Build Status](https://travis-ci.org/mirkosertic/mavensonarsputnik.svg?branch=master)](https://travis-ci.org/mirkosertic/mavensonarsputnik) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/de.mirkosertic.mavensonarsputnik/sputnik/badge.svg)](https://maven-badges.herokuapp.com/maven-central/de.mirkosertic.mavensonarsputnik/sputnik)

## System Requirements

| Plugin-Version | Java | Maven | SonarQube |
|----------------|--------------|---------------|-------------------|
| 1.7 | min. 7 | min. 3.2.5 | min. 4.5 |
| 1.8 | min. 8 | min. 3.2.5 | min. 4.5 |

## Usage

The following command can be used in conjunction with the [Gerrit Trigger](https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger) on Jenkins:

```
mvn de.mirkosertic.mavensonarsputnik:sputnik:1.8:sputnik
-DgerritRevision=
-DgerritChangeId=~~
-DsputnikConfiguration=
```

The sputnik.properties file contains authentication information to connect to Gerrit:

```
connector.host=
connector.path=
connector.port=
connector.username=
connector.password=
customsonar.enabled=true
customsonar.configurationFile=
```

The sonar.properties file contains authentication information to connect to SonarQube:

```
# Only Required if you are not declaring SonarQube configuration in pom.xml
sonar.jdbc.url=
sonar.jdbc.driverClassName=
sonar.jdbc.username=
sonar.jdbc.password=
sonar.host.url=
```

JDBC Configuration is only required for Sonarqube 4.

## Advanced Reporting

### Mutation Testing

This plugin can integrate Mutation Testing results based on [PITest](http://pitest.org) in the review. To enable this,
you also need to enable the PITest Reviewer in the sputnik.properties file by adding the following line:

```
pitest.enabled=true
```

The PITest Plugin is automatically invoked.

### OWASP Dependency Checks

This plugin also runs a [OWASP Dependency Check](https://www.owasp.org/index.php/OWASP_Dependency_Check) in case of any changes at the Maven project configuration, hence if a pom.xml is part of the current patchset.

To enable the OWASP Dependency Reviewer in the sputnik.properties file by adding the following line:

```
owaspdependencycheck.enabled=true
```

### Automated Quality Feedback

The Maven plugin can add reports to the review comments. For instance, a SonarQube Plugin can generate a simple text file containing statistics about the submitted change and how it affects SonarQube metrics. This file is stored by the Plugin and can be read and added as a review comment.

Report embedding can be enabled by the following line in the sonar.properties file:

```
customsonar.additionalReviewCommentFiles=
```

The reports must be stored in the SonarRunner working directory, project-root/.sonar.

An example Report can be generated using [Sonar Delta Report Plugin](https://github.com/mirkosertic/sonardeltareport).

### Additional SonarQube Reports

SonarQube can generate HTML reports for a given PatchSet. To enable this feature, you have to

* Install the Issues Reports Plugin
* Add the following lines to your sonar.properties file:
```
# This are already the default values
sonar.issuesReport.console.enable=true
sonar.issuesReport.html.enable=true
sonar.issuesReport.json.enable=true
```

SonarQube will place to files inside the .sonar/issues-report Directory of the workspace:

* issues-report-light.html contains only the new introduced and removed issues of the PatchSet
* issues-report.html contains all issues of the PatchSet

These Reports can be easily integrated using the Publish HTML Post Build Action of Jenkins