Enhance Your C/C++ Development with CppDepend's SonarQube Plugin
This documentation pertains to the complete C/C++ SonarQube integration, eliminating the need to install any SonarQube C++ plugins for source code parsing. If you are using a different C/C++ SonarQube plugin and only wish to import CppDepend issues, please consult the documentation for the SonarQube Light Integration.
To operate CppDepend on a machine, you must first activate your professional DevOps license or evaluation period. Once the CppDepend files are unzipped on the machine, run VisualCppDepend.exe once. If the machine is connected to the internet, a brief activation process will occur.
If the machine is offline, an alternative offline activation procedure will be provided, which must be completed to use the SonarQube CppDepend plugin.
The CppDepend SonarQube plugin is compatible with SonarQube version 5.6 and above.
- Introduction: CppDepend and SonarQube rule-sets are complimentary
- Getting Started Video
- C/C++ Plugin prerequisites.
- C/C++ Plugin installation and configuration.
- C/C++ Plugin Features
Introduction: CppDepend and SonarQube rule-sets are complimentary
Both CppDepend and SonarQube are static analyzers that offer a rule-based system to detect problems in C/C++ code. However the CppDepend default Rules-Set has very few overlap with the SonarQube rules
Basically the SonarQube rules are good at analyzing what is happening inside a method, the code flow while the CppDepend code model, on which the CppDepend rules are based, is optimized for a 360 view of particular higher-scale areas including OOP, dependencies, metrics, breaking changes, mutability, naming...
Concretely SonarQube rules can warn about problems like a reference that doesn't need to be tested for nullity because in the actual scope it cannot be null, while CppDepend can warn you about too complex classes or components, and offer advices about how to refactor to make the code cleaner and more maintainable.
Another point that makes the CppDepend ruling system unique is how easy it makes to write custom rules.
With CppDepend a rule is a LINQ query, that queries a code model dedicated to code quality,
edited live in Visual Studio, compiled and executed live at edition time.
Concretely, this piece of code below is a fully functional rule, could it be simpler?
// <Name>Classes must start with an I</Name>
warnif count > 0
Application.Types.Where(t => t.IsClass && !t.SimpleName.StartsWith("C"))
When defining a custom rule with CppDepend, the user doesn't need to create a Visual Studio project, create a source file, step into the edit/compile/debug cycle, maintain a binary dll that requires effort to be shared, versioned and integrated.
With CppDepend custom rules are raw texts, embedded as XML CDATA into the CppDepend project or rule files. Also, the documentation and how-to-fix guidelines can be embedded in the rule source code as comments.
Also each CppDepend rule can present its issues with extra data that will help understanding the problem and fix it.
Moreover each rule can embed two C# formulas that attempt to estimate both the cost to fix the issue and the annual cost to let the issue unfixed,
also called the technical-debt and the annual interest of the issue.
Since these formulas rely on what really matter at fix time, this makes the debt estimations smart.
Finally, with CppDepend each rule is run in a few milli-seconds even on a large code base.
As a consequence all rules can be passed in a few seconds (typically 2 or 3 seconds on a real-world code base), both in Visual Studio and in the Continuous-Integration system.
As a benefit, after each compilation and also at check-in time, the developer instantly knows about the new and fixed issues since the baseline, and the impact in terms of technical debt fixed or created.
Now let's explain how to integrate CppDepend rule results into the SonarQube system to cumulate the strength of both products.
Getting Started Video
C/C++ Plugin Prerequisites
- Install SonarQube.
- Install SonarQube Scanner or the old Sonar Runner.
- Add the SonarQube Scanner or the SonarRunner bin directory to the PATH environment variable.
Plugin installation and configuration
- Copy the sonar-cxx-plugin-cppdepend-1.0 from $CppDependInstallDir$/SonarPlugin to the $SonarQubeInstallDir$\extensions\plugins directory and restart SonarQube.
-
The default CppDepend rules are loaded to the SonarQube rules repository. However, if you need to customize these rules you can define your own custom rules using the .cdproj file path located under the SonarQube Administration Tab.
-
You have to log in as an admin and activate the CppDepend rules in the profile you want.
-
Here is the SonarQube documentation concerning runnig Sonar-Scanner from the command line argument.
The cppdepend project file parameter is mandatory -D sonar.cpp.cppdepend.projectPath={the path of cdproj}.
>sonar-scanner -D sonar.cpp.cppdepend.projectPath={the path of cdproj}Don't use any environment variable in paths and if the path contains a space character, surround it with double quotes -D sonar.cpp.cppdepend.projectPath="C:\work with space\project.cdproj"
Run Sonar-Scanner
Plugin features
- Multi Module analysis: a CppDepend project could contain many C/C++ projects.
After the analysis, CppDepend does not put all the code in the same SonarQube module. However, it creates a multi module sonarqube project to isolate each project into a separate module which makes the code navigation very easy.
- Issues: CppDepend provides by default more than 250 rules, which you can easily customize completely.
CppDepend provides a powerful way to compute the technical debt of the issues. The CppDepend technical debt and the issue severity are given to SonarQube.
- Standard metrics: the plugin calculates all the standard SonarQube metrics.
- Code duplication: The duplications are detected by the CPD tool embedded in SonarQube.
- Coverage: The plugin loads the coverage result from Cobertura and Microsoft Visual Studio XML result files.
However, you have to set the path where the xml coverage files exist.
