Scan Report Files
The cxx plugin supports the reading of a variety of report files from C++ tools. The reports generated by the tool can be read in without conversion.
For code analysis tools, the rules are already preconfigured and central administration via a Quality Profile is possible.
The reading in of source files (indexing) is a prerequisite for the subsequent reading in and visualisation of reports of external tools.
(1) Create report files
The first thing to do is to create a report using the external tools. Typically, this is part of the build automation.
Hints:
- It is important to understand that the cxx plugin itself does not execute any external tools, it only imports their report files via the SonarScanner.
- When executing the tool, it must be ensured that the paths in the report match the later project base directory. Usually the easiest way to do this is to start the tool on the same computer in the project base directory.
- Do not put the report files in the same directory as your source code. When scanning later, this can lead to reports themselves also being verified as source files (e.g. XML files).
Sample:
cppcheck --xml-version=2 . 2> report.xml(2) Scan your project
After the reports are created, the project can be scanned as usual. In addition, the sensor to be used for reading the report must be added to the configuration. The sensor-specific settings are documented in the section for the respective sensor.
Sample:
# must be unique in a given SonarQube instance
sonar.projectKey=my:project
# mandatory: files to be handled by the cxx plugin
sonar.cxx.file.suffixes=.h,.cpp
# cppcheck sensor configuration
sonar.cxx.cppcheck.reportPaths=report.xml
The cxx plugin itself is able to read in C and C++ code. Code read in this way is displayed in SonarQube as the CXX programming language (language key=cxx). In addition, the CXX report sensors also support SonarCFamily for C/C++. Here C++ (language key=cpp) and C (language key=c) are supported.
Both plugins can be run in parallel on one server (see hints below).
| Language | SonarQube UI | API key | plugin |
|---|---|---|---|
| C / C++ | CXX | cxx | cxx plugin |
| C++ | C++ | cpp | SonarCFamily for C/C++ |
| C | C | c | SonarCFamily for C/C++ |
Hints:
- You have to decide which plugin you want to use for indexing the source code. In SonarQube, each file extension must be uniquely assigned to one programming language. When operating several C/C++ plugins in parallel, this must be taken into account during configuration (sonar.cxx.file.suffixes).
- Only one programming language sensor can read in a source file!
- Language keys must be unique within SonarQube, therefore each programming language sensor must define its own key, even if it is the same programming language.
The list contains the tools supported by the cxx plugin, sorted by their field of application. The link will take you to the detailed description.
Code Analysis
- sonar.cxx.clangsa.reportPaths
- sonar.cxx.clangtidy.reportPaths
- sonar.cxx.cppcheck.reportPaths
- sonar.cxx.drmemory.reportPaths
- sonar.cxx.gcc.reportPaths
- sonar.cxx.infer.reportPaths
- sonar.cxx.pclint.reportPaths
- sonar.cxx.rats.reportPaths
- sonar.cxx.valgrind.reportPaths
- sonar.cxx.vc.reportPaths
- sonar.cxx.vera.reportPaths
Coverage
- sonar.cxx.bullseye.reportPaths
- sonar.cxx.cobertura.reportPaths
- sonar.cxx.ctctxt.reportPaths
- sonar.cxx.vscoveragexml.reportPaths
Unit Test
- sonar.cxx.nunit.reportPaths
- sonar.cxx.vstest.reportPaths
- sonar.cxx.vstest.reportPaths
- sonar.cxx.xunit.reportPaths
expandable
- If scanning is failing, check items listed under Troubleshooting Configuration.
- If no issues are displayed for your source code in SonarQube, check the items listed under Troubleshooting Reports.
- In the case of incomplete scans, Detect and fix parsing errors gives advice on how to fix this.