Enhance Your C/C++ Code Quality with SonarQube Community Edition and CppDepend Integration
In today's competitive software development landscape, ensuring code quality and maintainability is essential for any project's success. Integrating SonarQube Community Edition with CppDepend offers developers a powerful, combined solution for seamless code analysis.
In this guide, we'll walk you through the process of integrating these two powerful tools, allowing you to maximize your project's code quality and maintainability while minimizing technical debt. Discover how this integration can revolutionize your development process and set your project up for success.
- Plugin Prerequisites
- Installing the CppDepend Plugin
- Define the CppDepend Rules-set that will be configured into the Sonar server
- Activate the CppDepend Rules in the Sonar server
- Run Sonar-Scanner
- Browse CppDepend Rules Issues in the SonarQube UI
Before using CppDepend on a computer, you must first activate your SonarQube license or begin your evaluation period. To achieve this, simply unzip the CppDepend files on the computer and launch VisualCppDepend.exe once. If your machine is connected to the internet, you'll undergo a brief activation process.
In case your machine lacks internet connectivity, an alternative offline activation procedure will be offered. This step is mandatory for operating the SonarQube CppDepend plugin.
Please note that the CppDepend SonarQube plugin is compatible with SonarQube versions 5.6 and above.
Plugin Prerequisites
- Install SonarQube
Download http://www.sonarqube.org/downloads/ - Install sonar-scanner
Install doc https://docs.sonarqube.org/9.8/analyzing-source-code/scanners/sonarscanner/ - Install a C++ sonar plugin
You can install the SonarQube C++ Community plugin from https://github.com/SonarOpenCommunity/sonar-cxx
Install the CppDepend Plugin
In case of SonarQube community version 2 and above Copy the sonar-cxx-cppdepend-community-2.jar And in case of SonarQube community version 1 Copy the sonar-cxx-cppdepend-community-1.jar
- from the $CppDependInstallDir$\SonarPlugin directory
- to the $SonarQubeInstallDir$\extensions\plugins directory
- Restart the SonarQube server for it to take account of the CppDepend plugin.
Configure the CppDepend plugin
In the SonarQube user interface, go to Administration. You need to be logged with the appropriate administrator privileges for that.
- MANDATORY Specify the full path of the CppDepend SonarQube rules scanner. For Windows it's CppDepend.SonarQube.RuleRunner.exefrom the $CppDependInstallPath$\SonarPlugin directory, and for Linux it's SonarQubeLiteScanner.sh from the $CppDependInstallPath$ directory . Don't prefix the path with an environnement variable path, write the entire absolute path (follow this advice for all paths writing you'll find in this documentation).
- OPTIONAL Specify the CppDepend project file path (.cdproj extension) to fetch the rules from. If it's not specified the default CppDepend rule set will be used.
- The CppDepend project file,
- Rules defined in the CppDepend Rules Files referenced by the CppDepend project file
Activate the CppDepend Rules in the Sonar server
The CppDepend rules are now loaded in the SonarQube repository but not activated yet.
To activate them, you have to:
- Log as admin in the SonarQube UI
- Go to the Quality Profiles tab
- Create a custom Quality Profile. If you already have a custom Quality Profile you can skip this step.
- Make sure that you choose the Sonar way profile as parent of your new Quality Profile:
- After the creation of the custom Quality Profile, you have to add the CppDepend rules. For that click on the Activate More button:
- Choose the CppDepend repository, and click on the Bulk Change button and activate all the CppDepend rules in your new Quality Profile:
- Finally go back to the Quality Profile tab and set the new Quality Profile as Default:
Activate the CppDepend Rules in the Sonar server (before SonarQube v6.X)
- Log as admin in the SonarQube UI
- Go to the Rules tab
- Choose Language C++ and Repository: CppDepend
- Activate these rules in the profile you want by clicking on Bulk Change - Activate In:
Notice that the handle of a rule is the rule name with also the parent group(s) names and the rule source code. This remark is important in this situation when:
- The CppDepend project used for analysis contains a custom rule-set
- The CppDepend project specified in the SonarQube configuration to define the rules in the SonarQube system (parameter CppDepend rules from cdproj, see the previous section) is different from the CppDepend project used for analysis.
If some rules have been added or removed in your custom rule-set:
1) Restart the SonarQube server to let it parse the CppDepend project specified in the SonarQube configuration to define the rules
2) Go again in the Rules tab logged as administrator, to activate/deactivate these new/removed rules through eventually a Bulk Change action.
Run Sonar-Scanner
Here is the SonarQube documentation concerning runnig Sonar-Scanner from the command line argument.
The cppdepend project file parameter is mandatory -D sonar.cpp.cppdepend.projectPath={the path of cdproj}.
>sonar-scanner -D sonar.cpp.cppdepend.projectPath={the path of cdproj}
Don't use any environment variable in paths and if the path contains a space character, surround it with double quotes -D sonar.cpp.cppdepend.projectPath="C:\work with space\project.cdproj"
Browse CppDepend Rules Issues in the SonarQube UI
- CppDepend Rules Issues are now reported as any issues in the SonarQube UI.
- You can browse it, go to source code declaration (in the UI), assign it, change its status...
If some issues are missing in the SonarQube UI:
- Check that you followed all rules activation steps explained in this document.
- Then double check that the concerned rule is indeed activated by checking if it emits at least one issue.
- In such case, if some issues are missing, this is because the source file declaration of their parent types hasen't been found. Typically this happens with types and their members generated by the compiler.
