sonar-sql-plugin

SQL language (T-SQL, MySQL, PostgreSQL and Vertica SQL dialects) plugin for SonarQube

Donating

You can support this project and others via Paypal

Description

Currently plug-in supports:

• Several SQL dialects by using ANTLR4 grammars:
  • TSQL
  • MySQL
  • PostgreSQL
  • VSQL
• Reporting of issues found by:
  • SQLCodeGuard
  • MSBuild
  • SQLCheck
  • Custom rules reported by plugin
• Reporting of code coverage calculated by SQLCover
• Lines and comment lines measures reporting
• Cognitive and cyclomatic complexity metrics reporting
• Custom user rules. Configuration can be found at here

Tutorials

Tutorials:

• Integrating Redgate SQL Code Guard with SonarQube

Requirements

Different plugin versions supports the following:

• 1.0.0 - Sonarqube 7.4+versions
• 1.2.0 - Sonarqube 9+versions

Installation

1. Download and install SonarQube
2. Download plugin from the releases and copy it to sonarqube's extensions\plugins directory
3. Start SonarQube and enable rules
4. [TSQL] (Optional) Install SQLCodeGuard into your build machine where you plan to run sonar scanner
5. [TSQL, MySQL, PotsgreSQL] (Optional) - Install SQLCheck into your build machine where you plan to run sonar scanner
6. [TSQL] (Optional) Setup SQLCover reorting. You can check tsql example at here for full setup.

Getting started

Please see examples on how to use different dialects.

T-SQL

Sonar settings for tsql. You can check example at here

sonar.projectKey=examples.sql.mysql.project
sonar.projectName=examples.sql.mysql.project
sonar.projectVersion=1.1
sonar.sources=src
# optional
sonar.language=sql
# optional as plugin defaults to tsql
sonar.sql.dialect=tsql

PostgreSQL

Sonar settings for pssql. You can check example at here

sonar.projectKey=examples.sql.mysql.project
sonar.projectName=examples.sql.mysql.project
sonar.projectVersion=1.1
sonar.sources=src
# optional
sonar.language=sql
sonar.sql.dialect=pssql

MySQL

Sonar settings for mysql. You can check example at here

sonar.projectKey=examples.sql.mysql.project
sonar.projectName=examples.sql.mysql.project
sonar.projectVersion=1.1
sonar.sources=src
# optional
sonar.language=sql
sonar.sql.dialect=mysql

VSQL

Sonar settings for vsql (Vertica SQL). You can check example at here

sonar.projectKey=examples.sql.vsql.project
sonar.projectName=examples.sql.vsql.project
sonar.projectVersion=1.1
sonar.sources=src
# optional
sonar.language=sql
sonar.sql.dialect=vsql

Plugin configuration

The following options are available for configuration:

• sonar.sql.dialect - SQL dialect for analysis. Defaults to tsql. Supported values are : tsql, mysql, pssql
• sonar.sql.rules.path - path to custome rules, can be directory or absolute file. Defaults to .. Multiple values are supported.
• sonar.sql.rules.suffix - custom rules suffix
• sonar.sql.tsql.ms.report - suffix to search path directories for MSBuild report. Defaults to staticcodeanalysis.results.xml. Can be absolute or relative
• sonar.sql.sqlcheck.path - Path to SQLCheck tool. Defaults to /usr/bin/sqlcheck
• sonar.sql.tsql.cg.path - Path to CodeGuard tool. Defaults to C:\Program Files\SQLCodeGuardCmdLine\SqlCodeGuard30.Cmd.exe
• sonar.sql.tsql.sqlcover.report - path to SQLCover report. Can be absolute or suffix to search in base dir. Defaults to Coverage.opencoverxml.
• sonar.sql.file.suffixes - file suffixes which will be reported belonging to SQL langauge. Defaults to .sql
• sonar.sql.sca.timeout - timeout value for static code analysis done by plugin in seconds. Defaults to 3600
• sonar.sql.sca.maxfilesize - limit in bytes for files to be analyzed by plugin. Defaults to 2097152
• sonar.sql.rules.skip - comma separated list of repoKey:ruleId pairs to select rules which will not be reported by the plugin, i.e. tsql-cg:ST008

Using together with PLSQL plugin

Please configure additional properties:

• When you want PLSQL plugin execution ( this will disable execution sql plugin): sonar.lang.patterns.sql=na

• When you want SQL plugin execution ( this will disable pssql plugin): sonar.lang.patterns.plsqlopen=na

Contributing

Added container definitions for easy development with VSCode. Download the remote containers extension and let it figure out the maven targets.

1. Then you can lifecycle > package target to build the plugin. The .jar file will end up in the sonar-sql-plugin/src/sonar-sql-plugin/target/ folder.
2. Copy the jar to the plugins folder of your sonarqube instance

cp ~/workspace/sonar-sql-plugin/src/sonar-sql-plugin/target/sonar-sql-plugin-1.1.0.jar ~/workspace/sonarqube/extensions/plugins

3. Start sonarqube

• first time create the container

docker run -i --name sonarqube \
  -p 9000:9000 \
  -v ~/workspace/sonarqube/conf:/opt/sonarqube/conf \
  -v ~/workspace/sonarqube/extensions:/opt/sonarqube/extensions \
  -v ~/workspace/sonarqube/logs:/opt/sonarqube/logs \
  -v ~/workspace/sonarqube/data:/opt/sonarqube/data \
  sonarqube:8.9.0-community

• next time only start the container

docker start sonarqube

4. Scan your code (I use a docker scanner)

docker run \
    --rm \
    -e SONAR_HOST_URL="http://127.0.0.1:9000" \
    -e SONAR_LOGIN="YOUR_ADMIN_TOKEN_HERE" \
    --network="host" \
    -v "FOLDER_WITH_THE_CODE:/usr/src" \
    sonarsource/sonar-scanner-cli -X

5. (optional) Stop sonarqube
6. Rinse - repeat