From 7d7bfd09c1bdbe753899265ef15212b0e4682c32 Mon Sep 17 00:00:00 2001 From: Pascal Mugnier Date: Wed, 19 Sep 2018 14:03:27 +0200 Subject: MMF-1420 Ease management of Embedded Docs navigation (#699) --- server/sonar-docs/src/EmbedDocsSuggestions.json | 58 ++-- .../src/__tests__/BrokenLinkSafetyNet.test.js | 178 +++++++++++ .../src/layouts/components/CategoryLink.js | 84 +++-- .../src/layouts/components/ExternalLink.js | 34 +++ server/sonar-docs/src/layouts/components/Footer.js | 8 +- .../src/layouts/components/HeadingAnchor.js | 35 +++ .../src/layouts/components/HeadingsLink.js | 30 +- server/sonar-docs/src/layouts/components/Search.js | 25 +- .../src/layouts/components/SearchEntryResult.js | 2 +- .../sonar-docs/src/layouts/components/Sidebar.js | 101 ++++-- .../src/layouts/components/icons/DetachIcon.js | 32 ++ server/sonar-docs/src/layouts/index.js | 11 +- server/sonar-docs/src/layouts/utils.js | 30 +- server/sonar-docs/src/pages/404.md | 8 + .../src/pages/analysis/background-tasks.md | 1 + .../sonar-docs/src/pages/analysis/generic-issue.md | 86 ++++++ .../sonar-docs/src/pages/analysis/generic-test.md | 97 ++++++ .../sonar-docs/src/pages/analysis/generic_issue.md | 84 ----- .../sonar-docs/src/pages/analysis/generic_test.md | 96 ------ server/sonar-docs/src/pages/analysis/index.md | 50 --- server/sonar-docs/src/pages/analysis/overview.md | 51 ++++ .../sonar-docs/src/pages/analysis/pull-request.md | 3 +- .../src/pages/analysis/scm-integration.md | 16 + .../src/pages/analysis/scm_integration.md | 15 - server/sonar-docs/src/pages/analyze-a-project.md | 26 -- .../sonar-docs/src/pages/branches/branches-faq.md | 38 +-- server/sonar-docs/src/pages/branches/index.md | 81 ----- .../src/pages/branches/long-lived-branches.md | 1 + server/sonar-docs/src/pages/branches/overview.md | 82 +++++ .../src/pages/branches/short-lived-branches.md | 1 + server/sonar-docs/src/pages/custom-measures.md | 15 - .../sonar-docs/src/pages/fixing-the-water-leak.md | 36 --- server/sonar-docs/src/pages/housekeeping.md | 18 -- server/sonar-docs/src/pages/index.md | 15 +- .../instance-administration/custom-measures.md | 15 + .../pages/instance-administration/housekeeping.md | 19 ++ .../pages/instance-administration/look-and-feel.md | 13 + .../instance-administration/quality-profiles.md | 80 +++++ .../src/pages/integrations/bitbucketcloud.md | 79 ----- server/sonar-docs/src/pages/integrations/github.md | 34 --- server/sonar-docs/src/pages/integrations/index.md | 10 - server/sonar-docs/src/pages/integrations/vsts.md | 38 --- server/sonar-docs/src/pages/keyboard-shortcuts.md | 45 --- server/sonar-docs/src/pages/look-and-feel.md | 13 - server/sonar-docs/src/pages/metric-definitions.md | 336 -------------------- server/sonar-docs/src/pages/organizations/index.md | 23 -- .../src/pages/organizations/manage-team.md | 34 --- .../pages/organizations/organization-visibility.md | 44 --- server/sonar-docs/src/pages/privacy.md | 36 --- .../src/pages/project-administration/webhooks.md | 119 ++++++++ server/sonar-docs/src/pages/quality-gates.md | 73 ----- server/sonar-docs/src/pages/quality-profiles.md | 79 ----- server/sonar-docs/src/pages/security-reports.md | 39 --- server/sonar-docs/src/pages/security.md | 61 ---- server/sonar-docs/src/pages/sonarcloud-pricing.md | 89 ------ .../src/pages/sonarcloud/analyze-a-project.md | 26 ++ .../sonarcloud/integrations/bitbucketcloud.md | 79 +++++ .../src/pages/sonarcloud/integrations/github.md | 34 +++ .../src/pages/sonarcloud/integrations/vsts.md | 38 +++ .../src/pages/sonarcloud/organizations/index.md | 23 ++ .../pages/sonarcloud/organizations/manage-team.md | 34 +++ .../organizations/organization-visibility.md | 44 +++ server/sonar-docs/src/pages/sonarcloud/privacy.md | 36 +++ server/sonar-docs/src/pages/sonarcloud/security.md | 61 ++++ .../src/pages/sonarcloud/sonarcloud-pricing.md | 89 ++++++ server/sonar-docs/src/pages/user-account.md | 19 -- .../src/pages/user-guide/fixing-the-water-leak.md | 37 +++ .../src/pages/user-guide/keyboard-shortcuts.md | 45 +++ .../src/pages/user-guide/metric-definitions.md | 337 +++++++++++++++++++++ .../src/pages/user-guide/quality-gates.md | 74 +++++ .../src/pages/user-guide/security-reports.md | 40 +++ .../src/pages/user-guide/user-account.md | 20 ++ server/sonar-docs/src/pages/webhooks.md | 118 -------- server/sonar-docs/src/templates/page.js | 13 +- 74 files changed, 2132 insertions(+), 1762 deletions(-) create mode 100644 server/sonar-docs/src/__tests__/BrokenLinkSafetyNet.test.js create mode 100644 server/sonar-docs/src/layouts/components/ExternalLink.js create mode 100644 server/sonar-docs/src/layouts/components/HeadingAnchor.js create mode 100644 server/sonar-docs/src/layouts/components/icons/DetachIcon.js create mode 100644 server/sonar-docs/src/pages/404.md create mode 100644 server/sonar-docs/src/pages/analysis/generic-issue.md create mode 100644 server/sonar-docs/src/pages/analysis/generic-test.md delete mode 100644 server/sonar-docs/src/pages/analysis/generic_issue.md delete mode 100644 server/sonar-docs/src/pages/analysis/generic_test.md delete mode 100644 server/sonar-docs/src/pages/analysis/index.md create mode 100644 server/sonar-docs/src/pages/analysis/overview.md create mode 100644 server/sonar-docs/src/pages/analysis/scm-integration.md delete mode 100644 server/sonar-docs/src/pages/analysis/scm_integration.md delete mode 100644 server/sonar-docs/src/pages/analyze-a-project.md delete mode 100644 server/sonar-docs/src/pages/branches/index.md create mode 100644 server/sonar-docs/src/pages/branches/overview.md delete mode 100644 server/sonar-docs/src/pages/custom-measures.md delete mode 100644 server/sonar-docs/src/pages/fixing-the-water-leak.md delete mode 100644 server/sonar-docs/src/pages/housekeeping.md create mode 100644 server/sonar-docs/src/pages/instance-administration/custom-measures.md create mode 100644 server/sonar-docs/src/pages/instance-administration/housekeeping.md create mode 100644 server/sonar-docs/src/pages/instance-administration/look-and-feel.md create mode 100644 server/sonar-docs/src/pages/instance-administration/quality-profiles.md delete mode 100644 server/sonar-docs/src/pages/integrations/bitbucketcloud.md delete mode 100644 server/sonar-docs/src/pages/integrations/github.md delete mode 100644 server/sonar-docs/src/pages/integrations/index.md delete mode 100644 server/sonar-docs/src/pages/integrations/vsts.md delete mode 100644 server/sonar-docs/src/pages/keyboard-shortcuts.md delete mode 100644 server/sonar-docs/src/pages/look-and-feel.md delete mode 100644 server/sonar-docs/src/pages/metric-definitions.md delete mode 100644 server/sonar-docs/src/pages/organizations/index.md delete mode 100644 server/sonar-docs/src/pages/organizations/manage-team.md delete mode 100644 server/sonar-docs/src/pages/organizations/organization-visibility.md delete mode 100644 server/sonar-docs/src/pages/privacy.md create mode 100644 server/sonar-docs/src/pages/project-administration/webhooks.md delete mode 100644 server/sonar-docs/src/pages/quality-gates.md delete mode 100644 server/sonar-docs/src/pages/quality-profiles.md delete mode 100644 server/sonar-docs/src/pages/security-reports.md delete mode 100644 server/sonar-docs/src/pages/security.md delete mode 100644 server/sonar-docs/src/pages/sonarcloud-pricing.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/analyze-a-project.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/integrations/bitbucketcloud.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/integrations/github.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/integrations/vsts.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/organizations/index.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/organizations/manage-team.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/organizations/organization-visibility.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/privacy.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/security.md create mode 100644 server/sonar-docs/src/pages/sonarcloud/sonarcloud-pricing.md delete mode 100644 server/sonar-docs/src/pages/user-account.md create mode 100644 server/sonar-docs/src/pages/user-guide/fixing-the-water-leak.md create mode 100644 server/sonar-docs/src/pages/user-guide/keyboard-shortcuts.md create mode 100644 server/sonar-docs/src/pages/user-guide/metric-definitions.md create mode 100644 server/sonar-docs/src/pages/user-guide/quality-gates.md create mode 100644 server/sonar-docs/src/pages/user-guide/security-reports.md create mode 100644 server/sonar-docs/src/pages/user-guide/user-account.md delete mode 100644 server/sonar-docs/src/pages/webhooks.md (limited to 'server/sonar-docs/src') diff --git a/server/sonar-docs/src/EmbedDocsSuggestions.json b/server/sonar-docs/src/EmbedDocsSuggestions.json index 996ecb4c49b..45beba34d09 100644 --- a/server/sonar-docs/src/EmbedDocsSuggestions.json +++ b/server/sonar-docs/src/EmbedDocsSuggestions.json @@ -3,152 +3,152 @@ "api_documentation": [], "background_tasks": [ { - "link": "/documentation/analysis/background-tasks", + "link": "/documentation/analysis/background-tasks/", "text": "About Background Tasks" } ], "code": [], "coding_rules": [ { - "link": "/documentation/quality-profiles", + "link": "/documentation/quality-profiles/", "text": "Quality Profiles" }, { - "link": "/documentation/keyboard-shortcuts", + "link": "/documentation/keyboard-shortcuts/", "text": "Keyboard Shortcuts" } ], "component_measures": [ { - "link": "/documentation/fixing-the-water-leak", + "link": "/documentation/fixing-the-water-leak/", "text": "Fixing the Water Leak" }, { - "link":"/documentation/metric-definitions", - "text":"Metric Definitions" + "link": "/documentation/metric-definitions/", + "text": "Metric Definitions" }, { - "link": "/documentation/keyboard-shortcuts", + "link": "/documentation/keyboard-shortcuts/", "text": "Keyboard Shortcuts" } ], "custom_measures": [ { - "link": "/documentation/custom-measures", + "link": "/documentation/custom-measures/", "text": "About Custom Measures" } ], "custom_metrics": [ { - "link": "/documentation/custom-measures", + "link": "/documentation/custom-measures/", "text": "Custom Measures" } ], "extension_billing": [ { - "link": "/documentation/sonarcloud-pricing", + "link": "/documentation/sonarcloud-pricing/", "text": "Pricing", "scope": "sonarcloud" } ], "global_permissions": [ { - "link": "/documentation/organizations/manage-team", + "link": "/documentation/organizations/manage-team/", "text": "Manage a Team", "scope": "sonarcloud" } ], "issues": [ { - "link": "/documentation/keyboard-shortcuts", + "link": "/documentation/keyboard-shortcuts/", "text": "Keyboard Shortcuts" } ], "marketplace": [], "organization_members": [ { - "link": "/documentation/organizations/manage-team", + "link": "/documentation/organizations/manage-team/", "text": "Manage a Team", "scope": "sonarcloud" } ], "organization_projects": [ { - "link": "/documentation/organizations/manage-team", + "link": "/documentation/organizations/manage-team/", "text": "Manage a Team", "scope": "sonarcloud" } ], "organization_space": [ { - "link": "/documentation/organizations/index", + "link": "/documentation/organizations/index/", "text": "Organizations", "scope": "sonarcloud" } ], "overview": [ { - "link": "/documentation/fixing-the-water-leak", + "link": "/documentation/fixing-the-water-leak/", "text": "Fixing the Water Leak" }, { - "link": "/documentation/branches/index", + "link": "/documentation/branches/index/", "text": "Branches Overview" }, { - "link": "/documentation/analysis/pull-request", + "link": "/documentation/analysis/pull-request/", "text": "Analyzing Pull Requests" } ], "permission_templates": [], - "profiles": [ + "profiles": [ { - "link": "/documentation/quality-profiles", + "link": "/documentation/quality-profiles/", "text": "Quality Profiles" } ], "project_activity": [], "project_quality_gate": [ { - "link": "/documentation/fixing-the-water-leak", + "link": "/documentation/fixing-the-water-leak/", "text": "Fixing the Water Leak" } ], "project_quality_profiles": [ { - "link": "/documentation/quality-profiles", + "link": "/documentation/quality-profiles/", "text": "About Quality Profiles" } ], "projects_management": [ { - "link": "/documentation/analyze-a-project", + "link": "/documentation/analyze-a-project/", "text": "Analyze a Project", "scope": "sonarcloud" } ], "projects": [ { - "link": "/documentation/analyze-a-project", + "link": "/documentation/analyze-a-project/", "text": "Analyze a Project", "scope": "sonarcloud" } ], "quality_gates": [ { - "link": "/documentation/fixing-the-water-leak", + "link": "/documentation/fixing-the-water-leak/", "text": "Fixing the Water Leak" } ], "quality_profiles": [ { - "link": "/documentation/quality-profiles", + "link": "/documentation/quality-profiles/", "text": "Quality Profiles" } ], "security_reports": [ { - "link": "/documentation/security-reports", + "link": "/documentation/security-reports/", "text": "About Security Reports" } ], @@ -156,7 +156,7 @@ "system_info": [], "user_groups": [ { - "link": "/documentation/organizations/manage-team", + "link": "/documentation/organizations/manage-team/", "text": "Manage a Team", "scope": "sonarcloud" } @@ -164,7 +164,7 @@ "users": [], "webhooks": [ { - "link": "/documentation/webhooks", + "link": "/documentation/webhooks/", "text": "About Webhooks" } ] diff --git a/server/sonar-docs/src/__tests__/BrokenLinkSafetyNet.test.js b/server/sonar-docs/src/__tests__/BrokenLinkSafetyNet.test.js new file mode 100644 index 00000000000..5eafbfa7178 --- /dev/null +++ b/server/sonar-docs/src/__tests__/BrokenLinkSafetyNet.test.js @@ -0,0 +1,178 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +const remark = require('remark'); +const fs = require('fs'); +const path = require('path'); +const glob = require('glob-promise'); +const visit = require('unist-util-visit'); + +it('should not have any broken link', async () => { + const root = path.resolve(__dirname + '/..'); + const files = await glob(root + '/pages/**/*.md') + .then(files => files.map(file => file.substr(root.length + 1))) + .then(files => + files.map(file => ({ + path: file.slice(0, -3), + content: handleIncludes(fs.readFileSync(root + '/' + file, 'utf8'), root) + })) + ); + + const parsedFiles = files.map(file => { + return { ...separateFrontMatter(file.content), path: file.path }; + }); + + const trees = [ + 'SonarCloudNavigationTree.json', + 'SonarQubeNavigationTree.json', + 'StaticNavigationTree.json' + ]; + trees.forEach(file => { + const tree = JSON.parse(fs.readFileSync(root + '/../static/' + file, 'utf8')); + tree.forEach(leaf => { + if (typeof leaf === 'object') { + if (leaf.children) { + leaf.children.forEach(child => { + // Check children markdown file path validity + const result = urlExists(parsedFiles, child); + if (!result) { + // Display custom error message + console.log('[', child, '] is not a valid link, in ', file); + } + expect(result).toBeTruthy(); + }); + } + } else { + // Check markdown file path validity + const result = urlExists(parsedFiles, leaf); + if (!result) { + console.log('[', leaf, '] is not a valid link, in ', file); + } + expect(result).toBeTruthy(); + } + }); + }); + + // Check if all url tag in frontmatter are valid and uniques + let urlLists = []; + parsedFiles.map(file => { + let result = file.frontmatter.url; + if (!result) { + console.log('[', file.path, '] has no url metadata'); + } + expect(result).toBeTruthy(); + + result = file.frontmatter.url.startsWith('/'); + if (!result) { + console.log('[', file.path, '] should starts with a slash ', file.frontmatter.url); + } + expect(result).toBeTruthy(); + + result = file.frontmatter.url.endsWith('/'); + if (!result) { + console.log('[', file.path, '] should ends with a slash ', file.frontmatter.url); + } + expect(result).toBeTruthy(); + + result = !urlLists.includes(file.frontmatter.url); + if (!result) { + console.log('[', file.path, '] has an url that is not unique ', file.frontmatter.url); + } + expect(result).toBeTruthy(); + + urlLists = [...urlLists, file.frontmatter.url]; + }); + + parsedFiles.map(file => { + const ast = remark().parse(file.content); + visit(ast, node => { + if (node.type === 'image' && !node.url.startsWith('http')) { + // Check image path validity + const result = fs.existsSync(root + '/' + node.url); + if (!result) { + console.log('[', node.url, '] is not a valid image path, in ', file.path + '.md'); + } + expect(result).toBeTruthy(); + } else if ( + node.type === 'link' && + !node.url.startsWith('http') && + !node.url.startsWith('/#') + ) { + // Check markdown file path validity + const result = urlExists(parsedFiles, node.url); + if (!result) { + console.log('[', node.url, '] is not a valid link, in ', file.path + '.md'); + } + expect(result).toBeTruthy(); + } + }); + }); + expect(true).toBeTruthy(); +}); + +function urlExists(files, url) { + return files.find(f => f.frontmatter.url === url) !== undefined; +} + +function handleIncludes(content, root) { + return content.replace(/@include (.+)/, (match, p) => { + const filePath = path.join(root, '..', `${p}.md`); + return fs.readFileSync(filePath, 'utf8'); + }); +} + +function getFrontMatterPosition(lines) { + let firstLine; + let lastLine; + for (let i = 0; i < lines.length; i++) { + const line = lines[i]; + if (line.trim() === '---') { + if (firstLine === undefined) { + firstLine = i; + } else { + lastLine = i; + break; + } + } + } + return lastLine !== undefined ? { firstLine, lastLine } : undefined; +} + +function parseFrontMatter(lines) { + const data = {}; + for (let i = 0; i < lines.length; i++) { + const tokens = lines[i].split(':').map(x => x.trim()); + if (tokens.length === 2) { + data[tokens[0]] = tokens[1]; + } + } + return data; +} + +function separateFrontMatter(content) { + const lines = content.split('\n'); + const position = getFrontMatterPosition(lines); + if (position) { + const frontmatter = parseFrontMatter(lines.slice(position.firstLine + 1, position.lastLine)); + const content = lines.slice(position.lastLine + 1).join('\n'); + return { frontmatter, content }; + } else { + return { frontmatter: {}, content }; + } +} diff --git a/server/sonar-docs/src/layouts/components/CategoryLink.js b/server/sonar-docs/src/layouts/components/CategoryLink.js index 2cfc743b1ec..12e51b570ae 100644 --- a/server/sonar-docs/src/layouts/components/CategoryLink.js +++ b/server/sonar-docs/src/layouts/components/CategoryLink.js @@ -21,39 +21,59 @@ import * as React from 'react'; import Link from 'gatsby-link'; import SubpageLink from './SubpageLink'; import HeadingsLink from './HeadingsLink'; -import { sortNodes } from '../utils'; import ChevronDownIcon from './icons/ChevronDownIcon'; import ChevronUpIcon from './icons/ChevronUpIcon'; -export default function CategoryLink({ node, location, headers, onToggle }) { - const hasChild = node.pages && node.pages.length > 0; - const prefix = process.env.GATSBY_USE_PREFIX === '1' ? '/' + process.env.GATSBY_DOCS_VERSION : ''; - const { slug } = node.fields; - const isCurrentPage = location.pathname === prefix + slug; - const open = location.pathname.startsWith(prefix + slug); - return ( -
-

- - {hasChild && open && } - {hasChild && !open && } - {node.frontmatter.title} - -

- {isCurrentPage && } - {hasChild && - open && ( -
- {sortNodes(node.pages).map(page => ( - - ))} -
- )} -
- ); +export default class CategoryLink extends React.PureComponent { + constructor(props) { + super(props); + this.state = { open: props.open }; + } + + toggle = event => { + event.preventDefault(); + event.stopPropagation(); + this.props.onToggle(this.props.title); + }; + + render() { + const { node, location, headers, children, title, open } = this.props; + const prefix = + process.env.GATSBY_USE_PREFIX === '1' ? '/' + process.env.GATSBY_DOCS_VERSION : ''; + const url = node ? node.frontmatter.url || node.fields.slug : ''; + const isCurrentPage = location.pathname === prefix + url; + return ( +
+

+ {node ? ( + + {node.frontmatter.title} + + ) : ( + + {open ? : } + {title} + + )} +

+ {isCurrentPage && } + {children && + open && ( +
+ {children.map(page => { + const url = page.frontmatter.url || page.fields.slug; + return ( + + ); + })} +
+ )} +
+ ); + } } diff --git a/server/sonar-docs/src/layouts/components/ExternalLink.js b/server/sonar-docs/src/layouts/components/ExternalLink.js new file mode 100644 index 00000000000..516f1d05951 --- /dev/null +++ b/server/sonar-docs/src/layouts/components/ExternalLink.js @@ -0,0 +1,34 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +import * as React from 'react'; +import DetachIcon from './icons/DetachIcon'; + +export function ExternalLink({ external, title }) { + return ( +
+

+ + + {title} + +

+
+ ); +} diff --git a/server/sonar-docs/src/layouts/components/Footer.js b/server/sonar-docs/src/layouts/components/Footer.js index e807022e79b..83e72f5c56f 100644 --- a/server/sonar-docs/src/layouts/components/Footer.js +++ b/server/sonar-docs/src/layouts/components/Footer.js @@ -23,10 +23,10 @@ export default function Footer() { return (
+ title="Creative Commons License"> Creative Commons License + target="_blank"> Creative Commons Attribution-NonCommercial 3.0 United States License. {' '} SONARQUBE is a trademark of SonarSource SA. All other trademarks and copyrights are the diff --git a/server/sonar-docs/src/layouts/components/HeadingAnchor.js b/server/sonar-docs/src/layouts/components/HeadingAnchor.js new file mode 100644 index 00000000000..a831007fa0a --- /dev/null +++ b/server/sonar-docs/src/layouts/components/HeadingAnchor.js @@ -0,0 +1,35 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +import * as React from 'react'; + +export default function HeadingAnchor(props) { + const onClick = event => { + event.stopPropagation(); + event.preventDefault(); + props.clickHandler(props.index); + }; + return ( +
  • + + {props.value} + +
  • + ); +} diff --git a/server/sonar-docs/src/layouts/components/HeadingsLink.js b/server/sonar-docs/src/layouts/components/HeadingsLink.js index 6abd72ceee3..a012a04a78f 100644 --- a/server/sonar-docs/src/layouts/components/HeadingsLink.js +++ b/server/sonar-docs/src/layouts/components/HeadingsLink.js @@ -18,6 +18,7 @@ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ import * as React from 'react'; +import HeadingAnchor from './HeadingAnchor'; export default class HeadingsLink extends React.Component { skipScrollingHandler = false; @@ -51,7 +52,7 @@ export default class HeadingsLink extends React.Component { highlightHeading = scrollTop => { let headingIndex = 0; for (let i = 0; i < this.state.headers.length; i++) { - if (document.querySelector('#header-' + (i + 1)).offsetTop > scrollTop + 40) { + if (document.querySelector('#header-' + (i + 1)).offsetTop > scrollTop + 200) { break; } headingIndex = i; @@ -71,8 +72,8 @@ export default class HeadingsLink extends React.Component { node.classList.add('targetted-heading'); if (scrollTo) { this.skipScrollingHandler = true; - window.scrollTo(0, node.offsetTop - 30); - this.highlightHeading(node.offsetTop - 30); + window.scrollTo(0, node.offsetTop - 200); + this.highlightHeading(node.offsetTop - 200); } } }; @@ -87,12 +88,8 @@ export default class HeadingsLink extends React.Component { this.highlightHeading(scrollTop); }; - clickHandler = target => { - return event => { - event.stopPropagation(); - event.preventDefault(); - this.markH2(target, true); - }; + clickHandler = index => { + this.markH2(index, true); }; render() { @@ -106,14 +103,13 @@ export default class HeadingsLink extends React.Component { diff --git a/server/sonar-docs/src/layouts/components/Search.js b/server/sonar-docs/src/layouts/components/Search.js index 05b31278f4e..1562ff0484e 100644 --- a/server/sonar-docs/src/layouts/components/Search.js +++ b/server/sonar-docs/src/layouts/components/Search.js @@ -18,8 +18,9 @@ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ import React, { Component } from 'react'; -import lunr, { LunrIndex } from 'lunr'; +import lunr from 'lunr'; import ClearIcon from './icons/ClearIcon'; +import { getUrlsList } from '../utils'; // Search component export default class Search extends Component { @@ -36,13 +37,17 @@ export default class Search extends Component { this.metadataWhitelist = ['position']; - props.pages.forEach(page => - this.add({ - id: page.id, - title: page.frontmatter.title, - text: page.html.replace(/<(?:.|\n)*?>/gm, '').replace(/<(?:.|\n)*?>/gm, '') - }) - ); + props.pages + .filter(page => + getUrlsList(props.navigation).includes(page.frontmatter.url || page.fields.slug) + ) + .forEach(page => + this.add({ + id: page.id, + text: page.html.replace(/<(?:.|\n)*?>/gm, '').replace(/<(?:.|\n)*?>/gm, ''), + title: page.frontmatter.title + }) + ); }); } @@ -67,9 +72,9 @@ export default class Search extends Component { return { page: { id: page.id, - slug: page.fields.slug, + text: page.html.replace(/<(?:.|\n)*?>/gm, '').replace(/<(?:.|\n)*?>/gm, ''), title: page.frontmatter.title, - text: page.html.replace(/<(?:.|\n)*?>/gm, '').replace(/<(?:.|\n)*?>/gm, '') + url: page.frontmatter.url || page.fields.slug }, highlights, longestTerm diff --git a/server/sonar-docs/src/layouts/components/SearchEntryResult.js b/server/sonar-docs/src/layouts/components/SearchEntryResult.js index bfd0daba0ca..c1456691674 100644 --- a/server/sonar-docs/src/layouts/components/SearchEntryResult.js +++ b/server/sonar-docs/src/layouts/components/SearchEntryResult.js @@ -23,7 +23,7 @@ import { highlightMarks, cutWords } from '../utils'; export default function SearchResultEntry({ active, result }) { return ( - + diff --git a/server/sonar-docs/src/layouts/components/Sidebar.js b/server/sonar-docs/src/layouts/components/Sidebar.js index a9cf8668d29..e6a7fa1408e 100644 --- a/server/sonar-docs/src/layouts/components/Sidebar.js +++ b/server/sonar-docs/src/layouts/components/Sidebar.js @@ -19,20 +19,46 @@ */ import React from 'react'; import Link from 'gatsby-link'; -import { fromPairs } from 'lodash'; -import { sortNodes } from '../utils'; import CategoryLink from './CategoryLink'; import VersionSelect from './VersionSelect'; import Search from './Search'; import SearchEntryResult from './SearchEntryResult'; +import NavigationTree from '../../../static/StaticNavigationTree.json'; +import { ExternalLink } from './ExternalLink'; export default class Sidebar extends React.PureComponent { - state = { loaded: false, query: '', results: [], versions: [] }; + constructor(props) { + super(props); + this.state = { + loaded: false, + openBlockTitle: this.getOpenBlockFromLocation(this.props.location), + query: '', + results: [], + versions: [] + }; + } componentDidMount() { this.loadVersions(); } + componentDidUpdate(prevProps) { + if (this.props.location.pathname !== prevProps.location.pathname) { + this.setState({ openBlockTitle: this.getOpenBlockFromLocation(this.props.location) }); + } + } + + // A block is opened if the current page is set to one of his children + getOpenBlockFromLocation({ pathname }) { + const element = NavigationTree.find( + item => + typeof item === 'object' && + item.children && + item.children.some(child => pathname.endsWith(child)) + ); + return element ? element.title : ''; + } + loadVersions() { fetch('/DocsVersions.json').then(response => response.json().then(json => { @@ -41,21 +67,43 @@ export default class Sidebar extends React.PureComponent { ); } - getPagesHierarchy() { - const categories = sortNodes( - this.props.pages.filter(p => p.fields.slug.split('/').length === 3) - ); - const pages = this.props.pages.filter(p => p.fields.slug.split('/').length > 3); - const categoriesObject = fromPairs(categories.map(c => [c.fields.slug, { ...c, pages: [] }])); - pages.forEach(page => { - const parentSlug = page.fields.slug - .split('/') - .slice(0, 2) - .join('/'); - categoriesObject[parentSlug + '/'].pages.push(page); + getNodeFromUrl = url => { + return this.props.pages.find(p => p.fields.slug === url + '/' || p.frontmatter.url === url); + }; + + handleToggle = title => { + this.setState(state => ({ openBlockTitle: state.openBlockTitle === title ? '' : title })); + }; + + renderCategories = tree => { + return tree.map(item => { + if (typeof item === 'object') { + if (item.children) { + return ( + this.getNodeFromUrl(child))} + headers={this.props.headers} + key={item.title} + location={this.props.location} + onToggle={this.handleToggle} + open={item.title === this.state.openBlockTitle} + title={item.title} + /> + ); + } else { + return ; + } + } + return ( + + ); }); - return categoriesObject; - } + }; renderResults = () => { return ( @@ -79,7 +127,6 @@ export default class Sidebar extends React.PureComponent { }; render() { - const nodes = this.getPagesHierarchy(); const isOnCurrentVersion = this.state.versions.find(v => v.value === this.props.version) !== undefined; return ( @@ -89,9 +136,9 @@ export default class Sidebar extends React.PureComponent { Continuous Code Quality
    - + {this.state.query !== '' && this.renderResults()} - {this.state.query === '' && - Object.keys(nodes).map(key => ( - - ))} + {this.state.query === '' && this.renderCategories(NavigationTree)}
    ); diff --git a/server/sonar-docs/src/layouts/components/icons/DetachIcon.js b/server/sonar-docs/src/layouts/components/icons/DetachIcon.js new file mode 100644 index 00000000000..a48571957a4 --- /dev/null +++ b/server/sonar-docs/src/layouts/components/icons/DetachIcon.js @@ -0,0 +1,32 @@ +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +import * as React from 'react'; +import Icon from './Icon'; + +export default function DetachIcon({ className, fill = 'currentColor', size }) { + return ( + + + + ); +} diff --git a/server/sonar-docs/src/layouts/index.js b/server/sonar-docs/src/layouts/index.js index 2fc755141ce..824955d0ae5 100644 --- a/server/sonar-docs/src/layouts/index.js +++ b/server/sonar-docs/src/layouts/index.js @@ -38,13 +38,7 @@ export default function Layout(props) { location={props.location} pages={props.data.allMarkdownRemark.edges .map(e => e.node) - .filter(n => !n.fields.slug.startsWith('/tooltips')) - .filter( - n => - !n.frontmatter.scope || - n.frontmatter.scope === 'sonarqube' || - n.frontmatter.scope === 'static' - )} + .filter(n => !n.fields.slug.startsWith('/tooltips'))} searchIndex={props.data.siteSearchIndex} version={version} /> @@ -95,8 +89,7 @@ export const query = graphql` } frontmatter { title - order - scope + url } fields { slug diff --git a/server/sonar-docs/src/layouts/utils.js b/server/sonar-docs/src/layouts/utils.js index 9fdae25b2fd..40c2c59da23 100644 --- a/server/sonar-docs/src/layouts/utils.js +++ b/server/sonar-docs/src/layouts/utils.js @@ -1,12 +1,26 @@ -import { sortBy } from 'lodash'; +/* + * SonarQube + * Copyright (C) 2009-2018 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +import { sortBy, flatten } from 'lodash'; -export function sortNodes(nodes) { - return nodes.sort((a, b) => { - if (a.frontmatter.order) { - return b.frontmatter.order ? a.frontmatter.order - b.frontmatter.order : 1; - } - return a.frontmatter.title < b.frontmatter.title ? -1 : 1; - }); +export function getUrlsList(navigation) { + return flatten(navigation.map(item => item.children || [item])); } const WORDS = 6; diff --git a/server/sonar-docs/src/pages/404.md b/server/sonar-docs/src/pages/404.md new file mode 100644 index 00000000000..d6a0f85fd7e --- /dev/null +++ b/server/sonar-docs/src/pages/404.md @@ -0,0 +1,8 @@ +--- +title: Page not found +url: /404/ +--- + +# Error + +This page does not exist diff --git a/server/sonar-docs/src/pages/analysis/background-tasks.md b/server/sonar-docs/src/pages/analysis/background-tasks.md index 62157db41da..c12fcfde131 100644 --- a/server/sonar-docs/src/pages/analysis/background-tasks.md +++ b/server/sonar-docs/src/pages/analysis/background-tasks.md @@ -1,5 +1,6 @@ --- title: Background Tasks +url: /analysis/background-tasks/ --- A Background Task can be: diff --git a/server/sonar-docs/src/pages/analysis/generic-issue.md b/server/sonar-docs/src/pages/analysis/generic-issue.md new file mode 100644 index 00000000000..27ef5577131 --- /dev/null +++ b/server/sonar-docs/src/pages/analysis/generic-issue.md @@ -0,0 +1,86 @@ +--- +title: Generic Issue Data +url: /analysis/generic-issue/ +--- + +SonarQube supports a generic import format for raising "external" issues in code. It is intended to allow you to import the issues from your favorite linter even if no plugin exists for it. + +External issues suffer from two important limitations: + +* they cannot be managed within SonarQube; for instance, there is no ability to mark them False Positive. +* the activation of the rules that raise these issues cannot be managed within SonarQube. In fact, external rules are not visible in the Rules page or reflected in any Quality Profile. + +External issues and the rules that raise them must be managed in the configuration of your linter. + +## Import +The analysis parameter `sonar.externalIssuesReportPaths` accepts a comma-delimited list of paths to reports. + +Each report must contain, at top-level, an array of `Issue` objects named `issues`. + +#### Issue fields: + +* `engineId` - string +* `ruleId` - string +* `primaryLocation` - Location object +* `type` - string. One of BUG, VULNERABILITY, CODE_SMELL +* `severity` - string. One of BLOCKER, CRITICAL, MAJOR, MINOR, INFO +* `effortMinutes` - integer, optional. Defaults to 0 +* `secondaryLocations` - array of Location objects, optional + +#### Location fields: + +* `message` - string +* `filePath` - string +* `textRange` - TextRange object, optional for secondary locations only + +#### TextRange fields: + +* `startLine` - integer. 1-indexed +* `endLine` - integer, optional. 1-indexed +* `startColumn` - integer, optional. 0-indexed +* `endColumn` - integer, optional. 0-indexed + +## Example +Here is an example of the expected format: + + { "issues": [ + { + "engineId": "test", + "ruleId": "rule1", + "severity":"BLOCKER", + "type":"CODE_SMELL", + "primaryLocation": { + "message": "fully-fleshed issue", + "filePath": "sources/A.java", + "textRange": { + "startLine": 30, + "endLine": 30, + "startColumn": 9, + "endColumn": 14 + } + }, + "effortMinutes": 90, + "secondaryLocations": [ + { + "message": "cross-file 2ndary location", + "filePath": "sources/B.java", + "textRange": { + "startLine": 10, + "endLine": 10, + "startColumn": 6, + "endColumn": 38 + } + } + ] + }, + { + "engineId": "test", + "ruleId": "rule2", + "severity": "INFO", + "type": "BUG", + "primaryLocation": { + "message": "minimal issue raised at file level", + "filePath": "sources/Measure.java" + } + } + ]} diff --git a/server/sonar-docs/src/pages/analysis/generic-test.md b/server/sonar-docs/src/pages/analysis/generic-test.md new file mode 100644 index 00000000000..d7fa694f7d9 --- /dev/null +++ b/server/sonar-docs/src/pages/analysis/generic-test.md @@ -0,0 +1,97 @@ +--- +title: Generic Test Data +url: /analysis/generic-test/ +--- + +Out of the box, SonarQube supports generic formats for test coverage and test execution import. If your coverage engines' native output formats aren't supported by your language plugins, simply covert them to these formats. + +## Generic Coverage +Report paths should be passed in a comma-delimited list to: + + * `sonar.coverageReportPaths` + +The supported format is described by the `sonar-generic-coverage.xsd`: + + + + + + + + + + + + + + + + + + + + + + + + + + +and looks like this: + + + + + + + + + + + +The root node should be named `coverage`. Its version attribute should be set to `1`. + +Insert a `file` element for each file which can be covered by tests. Its `path` attribute can be either absolute or relative to the root of the module. +Inside a `file` element, insert a `lineToCover` for each line which can be covered by unit tests. It can have the following attributes: +* `lineNumber` (mandatory) +* `covered` (mandatory): boolean value indicating whether tests actually hit that line +* `branchesToCover` (optional): number of branches which can be covered +* `coveredBranches` (optional): number of branches which are actually covered by tests + +## Generic Execution +Report paths should be passed in a comma-delimited list to: + +* `sonar.testExecutionReportPaths` + +The supported format looks like this: + + + + + + other + + + stacktrace + + + stacktrace + + + + +The root node should be named `testExecutions`. Its version attribute should be set to `1`. + +Insert a `file` element for each test file. Its `path` attribute can be either absolute or relative to the root of the module. + +**Note** unlike for coverage reports, the files present in the report must be test file names, not source code files covered by tests. + +Inside a `file` element, insert a `testCase` for each test run by unit tests. It can have the following attributes/children: + +* `testCase` (mandatory) + * `name` (mandatory): name of the test case + * `duration` (mandatory): long value in milliseconds + + * `failure|error|skipped` (optional): if the test is not OK, report the cause with a message and a long description + * `message` (mandatory): short message describing the cause + * `stacktrace` (optional): long message containing details about `failure|error|skipped` status diff --git a/server/sonar-docs/src/pages/analysis/generic_issue.md b/server/sonar-docs/src/pages/analysis/generic_issue.md deleted file mode 100644 index 33c3ff456f6..00000000000 --- a/server/sonar-docs/src/pages/analysis/generic_issue.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Generic Issue Data ---- - -SonarQube supports a generic import format for raising "external" issues in code. It is intended to allow you to import the issues from your favorite linter even if no plugin exists for it. - -External issues suffer from two important limitations: - -* they cannot be managed within SonarQube; for instance, there is no ability to mark them False Positive. -* the activation of the rules that raise these issues cannot be managed within SonarQube. In fact, external rules are not visible in the Rules page or reflected in any Quality Profile. - -External issues and the rules that raise them must be managed in the configuration of your linter. - -## Import -The analysis parameter `sonar.externalIssuesReportPaths` accepts a comma-delimited list of paths to reports. - -Each report must contain, at top-level, an array of `Issue` objects named `issues`. - -#### Issue fields: - -* `engineId` - string -* `ruleId` - string -* `primaryLocation` - Location object -* `type` - string. One of BUG, VULNERABILITY, CODE_SMELL -* `severity` - string. One of BLOCKER, CRITICAL, MAJOR, MINOR, INFO -* `effortMinutes` - integer, optional. Defaults to 0 -* `secondaryLocations` - array of Location objects, optional - -#### Location fields: - -* `message` - string -* `filePath` - string -* `textRange` - TextRange object, optional for secondary locations only - -#### TextRange fields: - -* `startLine` - integer. 1-indexed -* `endLine` - integer, optional. 1-indexed -* `startColumn` - integer, optional. 0-indexed -* `endColumn` - integer, optional. 0-indexed - -Here is an example of the expected format: - - { "issues": [ - { - "engineId": "test", - "ruleId": "rule1", - "severity":"BLOCKER", - "type":"CODE_SMELL", - "primaryLocation": { - "message": "fully-fleshed issue", - "filePath": "sources/A.java", - "textRange": { - "startLine": 30, - "endLine": 30, - "startColumn": 9, - "endColumn": 14 - } - }, - "effortMinutes": 90, - "secondaryLocations": [ - { - "message": "cross-file 2ndary location", - "filePath": "sources/B.java", - "textRange": { - "startLine": 10, - "endLine": 10, - "startColumn": 6, - "endColumn": 38 - } - } - ] - }, - { - "engineId": "test", - "ruleId": "rule2", - "severity": "INFO", - "type": "BUG", - "primaryLocation": { - "message": "minimal issue raised at file level", - "filePath": "sources/Measure.java" - } - } - ]} diff --git a/server/sonar-docs/src/pages/analysis/generic_test.md b/server/sonar-docs/src/pages/analysis/generic_test.md deleted file mode 100644 index 47a5850076e..00000000000 --- a/server/sonar-docs/src/pages/analysis/generic_test.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Generic Test Data ---- - -Out of the box, SonarQube supports generic formats for test coverage and test execution import. If your coverage engines' native output formats aren't supported by your language plugins, simply covert them to these formats. - -## Generic Coverage -Report paths should be passed in a comma-delimited list to: - - * `sonar.coverageReportPaths` - -The supported format is described by the `sonar-generic-coverage.xsd`: - - - - - - - - - - - - - - - - - - - - - - - - - - -and looks like this: - - - - - - - - - - - -The root node should be named `coverage`. Its version attribute should be set to `1`. - -Insert a `file` element for each file which can be covered by tests. Its `path` attribute can be either absolute or relative to the root of the module. -Inside a `file` element, insert a `lineToCover` for each line which can be covered by unit tests. It can have the following attributes: -* `lineNumber` (mandatory) -* `covered` (mandatory): boolean value indicating whether tests actually hit that line -* `branchesToCover` (optional): number of branches which can be covered -* `coveredBranches` (optional): number of branches which are actually covered by tests - -## Generic Execution -Report paths should be passed in a comma-delimited list to: - -* `sonar.testExecutionReportPaths` - -The supported format looks like this: - - - - - - other - - - stacktrace - - - stacktrace - - - - -The root node should be named `testExecutions`. Its version attribute should be set to `1`. - -Insert a `file` element for each test file. Its `path` attribute can be either absolute or relative to the root of the module. - -**Note** unlike for coverage reports, the files present in the report must be test file names, not source code files covered by tests. - -Inside a `file` element, insert a `testCase` for each test run by unit tests. It can have the following attributes/children: - -* `testCase` (mandatory) - * `name` (mandatory): name of the test case - * `duration` (mandatory): long value in milliseconds - - * `failure|error|skipped` (optional): if the test is not OK, report the cause with a message and a long description - * `message` (mandatory): short message describing the cause - * `stacktrace` (optional): long message containing details about `failure|error|skipped` status diff --git a/server/sonar-docs/src/pages/analysis/index.md b/server/sonar-docs/src/pages/analysis/index.md deleted file mode 100644 index e6603fe0a8c..00000000000 --- a/server/sonar-docs/src/pages/analysis/index.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Analyzing Source Code ---- - -Once the SonarQube platform has been installed, you're ready to install an analyzer and begin creating projects. To do that, you must install and configure the scanner that is most appropriate for your needs. Do you build with: - - -* TravisCI for SonarCloud - [SonarCloud Travis addon](https://docs.travis-ci.com/user/sonarcloud/) - -* Gradle - [SonarQube Scanner for Gradle](https://redirect.sonarsource.com/doc/gradle.html) -* MSBuild - [SonarQube Scanner for MSBuild](https://redirect.sonarsource.com/doc/install-configure-scanner-msbuild.html) -* Maven - use the [SonarQube Scanner for Maven](https://redirect.sonarsource.com/doc/install-configure-scanner-maven.html) -* Jenkins - [SonarQube Scanner for Jenkins](https://redirect.sonarsource.com/plugins/jenkins.html) -* VSTS / TFS - [SonarQube Extension for VSTS-TFS](https://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html) -* Ant - [SonarQube Scanner for Ant](https://redirect.sonarsource.com/doc/install-configure-scanner-ant.html) -* anything else (CLI) - [SonarQube Scanner](https://redirect.sonarsource.com/doc/install-configure-scanner.html) - -**Note** that we do not recommend running an antivirus scanner on the machine where a SonarQube analysis runs, it could result in unpredictable behavior. - - -A project is created in the platform automatically on its first analysis. However, if you need to set some configuration on your project before its first analysis, you have the option of provisioning it via Administration options. - -## What does analysis produce? -SonarQube can perform analysis on 20+ different languages. The outcome of this analysis will be quality measures and issues (instances where coding rules were broken). However, what gets analyzed will vary depending on the language: - -* On all languages, "blame" data will automatically be imported from supported SCM providers. Git and SVN are supported automatically. Other providers require additional plugins. -* On all languages, a static analysis of source code is performed (Java files, COBOL programs, etc.) -* A static analysis of compiled code can be performed for certain languages (.class files in Java, .dll files in C#, etc.) -* A dynamic analysis of code can be performed on certain languages. - -## Will all files be analyzed? -By default, only files that are recognized by a language analyzer are loaded into the project during analysis. For example if your SonarQube instance had only SonarJava SonarJS on board, all .java and .js files would be loaded, but .xml files would be ignored. - -## What happens during analysis? -During analysis, data is requested from the server, the files provided to the analysis are analyzed, and the resulting data is sent back to the server at the end in the form of a report, which is then analyzed asynchronously server-side. - -Analysis reports are queued, and processed sequentially, so it is quite possible that for a brief period after your analysis log shows completion, the updated values are not visible in your SonarQube project. However, you will be able to tell what's going on because an icon will be added on the project homepage to the right of the project name. Mouse over it for more detail (and links if you're logged in with the proper permissions). - -![background task processing in progress.](/images/backgroundTaskProcessingInProgress.jpeg) - - -The icon goes away once processing is complete, but if analysis report processing fails for some reason, the icon changes: - -![background task processing failed.](/images/backgroundTaskProcessingFailedIcon.jpeg) - - -## F.A.Q. - -**Q.** Analysis errors out with `java.lang.OutOfMemoryError: GC overhead limit exceeded`. What do I do? -**A.** This means your project is too large or too intricate for the scanner to analyze with the default memory allocation. To fix this you'll want to allocate a larger heap (using `-Xmx[numeric value here]`) to the process running the analysis. Some CI engines may give you an input to specify the necessary values, for instance if you're using a Maven Build Step in a Jenkins job to run analysis. Otherwise, use Java Options to set a higher value. Note that details of setting Java Options are omitted here because they vary depending on the environment. diff --git a/server/sonar-docs/src/pages/analysis/overview.md b/server/sonar-docs/src/pages/analysis/overview.md new file mode 100644 index 00000000000..1dc4166abed --- /dev/null +++ b/server/sonar-docs/src/pages/analysis/overview.md @@ -0,0 +1,51 @@ +--- +title: Overview +url: /analysis/overview/ +--- + +Once the SonarQube platform has been installed, you're ready to install an analyzer and begin creating projects. To do that, you must install and configure the scanner that is most appropriate for your needs. Do you build with: + + +* TravisCI for SonarCloud - [SonarCloud Travis addon](https://docs.travis-ci.com/user/sonarcloud/) + +* Gradle - [SonarQube Scanner for Gradle](https://redirect.sonarsource.com/doc/gradle.html) +* MSBuild - [SonarQube Scanner for MSBuild](https://redirect.sonarsource.com/doc/install-configure-scanner-msbuild.html) +* Maven - use the [SonarQube Scanner for Maven](https://redirect.sonarsource.com/doc/install-configure-scanner-maven.html) +* Jenkins - [SonarQube Scanner for Jenkins](https://redirect.sonarsource.com/plugins/jenkins.html) +* VSTS / TFS - [SonarQube Extension for VSTS-TFS](https://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html) +* Ant - [SonarQube Scanner for Ant](https://redirect.sonarsource.com/doc/install-configure-scanner-ant.html) +* anything else (CLI) - [SonarQube Scanner](https://redirect.sonarsource.com/doc/install-configure-scanner.html) + +**Note** that we do not recommend running an antivirus scanner on the machine where a SonarQube analysis runs, it could result in unpredictable behavior. + + +A project is created in the platform automatically on its first analysis. However, if you need to set some configuration on your project before its first analysis, you have the option of provisioning it via Administration options. + +## What does analysis produce? +SonarQube can perform analysis on 20+ different languages. The outcome of this analysis will be quality measures and issues (instances where coding rules were broken). However, what gets analyzed will vary depending on the language: + +* On all languages, "blame" data will automatically be imported from supported SCM providers. Git and SVN are supported automatically. Other providers require additional plugins. +* On all languages, a static analysis of source code is performed (Java files, COBOL programs, etc.) +* A static analysis of compiled code can be performed for certain languages (.class files in Java, .dll files in C#, etc.) +* A dynamic analysis of code can be performed on certain languages. + +## Will all files be analyzed? +By default, only files that are recognized by a language analyzer are loaded into the project during analysis. For example if your SonarQube instance had only SonarJava SonarJS on board, all .java and .js files would be loaded, but .xml files would be ignored. + +## What happens during analysis? +During analysis, data is requested from the server, the files provided to the analysis are analyzed, and the resulting data is sent back to the server at the end in the form of a report, which is then analyzed asynchronously server-side. + +Analysis reports are queued, and processed sequentially, so it is quite possible that for a brief period after your analysis log shows completion, the updated values are not visible in your SonarQube project. However, you will be able to tell what's going on because an icon will be added on the project homepage to the right of the project name. Mouse over it for more detail (and links if you're logged in with the proper permissions). + +![background task processing in progress.](/images/backgroundTaskProcessingInProgress.jpeg) + + +The icon goes away once processing is complete, but if analysis report processing fails for some reason, the icon changes: + +![background task processing failed.](/images/backgroundTaskProcessingFailedIcon.jpeg) + + +## F.A.Q. + +**Q.** Analysis errors out with `java.lang.OutOfMemoryError: GC overhead limit exceeded`. What do I do? +**A.** This means your project is too large or too intricate for the scanner to analyze with the default memory allocation. To fix this you'll want to allocate a larger heap (using `-Xmx[numeric value here]`) to the process running the analysis. Some CI engines may give you an input to specify the necessary values, for instance if you're using a Maven Build Step in a Jenkins job to run analysis. Otherwise, use Java Options to set a higher value. Note that details of setting Java Options are omitted here because they vary depending on the environment. diff --git a/server/sonar-docs/src/pages/analysis/pull-request.md b/server/sonar-docs/src/pages/analysis/pull-request.md index 497b5ffb830..4e17d90c01d 100644 --- a/server/sonar-docs/src/pages/analysis/pull-request.md +++ b/server/sonar-docs/src/pages/analysis/pull-request.md @@ -1,5 +1,6 @@ --- title: Pull Request Analysis +url: /analysis/pull-request/ --- @@ -24,7 +25,7 @@ PR analyses on SonarQube are deleted automatically after 30 days with no analysi ## Integrations for GitHub, Bitbucket Cloud and VSTS -If your repositories are hosted on GitHub, Bitbucket Cloud or VSTS, check out first the dedicated ["Integrations" pages](/integrations/index). Chances are that you do not need to read this page further since those integrations handle the configuration and analysis parameters for you. +If your repositories are hosted on GitHub, Bitbucket Cloud or VSTS, check out first the dedicated Integrations for: [BitBucketCloud](/integrations/bitbucketcloud/), [GitHub](/integrations/github/), and [VSTS](/integrations/vsts/). Chances are that you do not need to read this page further since those integrations handle the configuration and analysis parameters for you. ## Analysis Parameters diff --git a/server/sonar-docs/src/pages/analysis/scm-integration.md b/server/sonar-docs/src/pages/analysis/scm-integration.md new file mode 100644 index 00000000000..78a498f9c81 --- /dev/null +++ b/server/sonar-docs/src/pages/analysis/scm-integration.md @@ -0,0 +1,16 @@ +--- +title: SCM Integration +url: /analysis/scm-integration/ +--- + +Collecting SCM data during code analysis can unlock a number of SonarQube features: + +* Automatic Issue Assignment +* code annotation (blame data) in the Code Viewer +* SCM-driven detection of new code (to help with [Fixing the Water Leak](/user-guide/fixing-the-water-leak/)). Without SCM data, SonarQube determines new code using analysis dates (to timestamp modification of lines). + +### Turning it on/off +SCM integration requires support for your individual SCM provider. Git and SVN are supported by default. For other SCM providers, see the Marketplace. + +If need be, you can toggle it off at global/project level via administration settings. + diff --git a/server/sonar-docs/src/pages/analysis/scm_integration.md b/server/sonar-docs/src/pages/analysis/scm_integration.md deleted file mode 100644 index 8771b78b2f1..00000000000 --- a/server/sonar-docs/src/pages/analysis/scm_integration.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: SCM Integration ---- - -Collecting SCM data during code analysis can unlock a number of SonarQube features: - -* Automatic Issue Assignment -* code annotation (blame data) in the Code Viewer -* SCM-driven detection of new code (to help with [Fixing the Water Leak](/fixing-the-water-leak)). Without SCM data, SonarQube determines new code using analysis dates (to timestamp modification of lines). - -### Turning it on/off -SCM integration requires support for your individual SCM provider. Git and SVN are supported by default. For other SCM providers, see the Marketplace. - -If need be, you can toggle it off at global/project level via administration settings. - diff --git a/server/sonar-docs/src/pages/analyze-a-project.md b/server/sonar-docs/src/pages/analyze-a-project.md deleted file mode 100644 index 07f425a9740..00000000000 --- a/server/sonar-docs/src/pages/analyze-a-project.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Analyze a Project -scope: sonarcloud ---- - -## Prepare your organization - -A project must belong to an [organization](/organizations/index). Create one if you intend to collaborate with your team mates, or use your personal organization for test purposes. - -[[info]] -| ** Important note for private code:** Newly created organizations and personal organizations are under a free plan by default. This means projects analyzed on these organizations are public by default: the code will be browsable by anyone. If you want private projects, you should [upgrade your organization to a paid plan](/sonarcloud-pricing) in the "Administration > Billing" page of your organization. - -Find the key of your organization, you will need it at later stages. It can be found on the top right corner of your organization's header. - -## Run analysis - -SonarCloud currently does not trigger analyses automatically - this feature will come in a near future. Currently, it's up to you to launch them inside your -existing CI scripts. - -Depending on which cloud solution you are using for your developments, you can rely on dedicated integrations to help you: - -* VSTS: [read our dedicated documentation](/integrations/vsts) -* Bitbucket Cloud: [read our dedicated documentation](/integrations/bitbucketcloud) -* GitHub: [read our dedicated documentation](/integrations/github) - -If you are not using those solutions, you will have to find out what command to execute to run the analysis. Our [tutorial](/#sonarcloud#/onboarding) will help you on this. diff --git a/server/sonar-docs/src/pages/branches/branches-faq.md b/server/sonar-docs/src/pages/branches/branches-faq.md index e5925192786..304db0a2fdd 100644 --- a/server/sonar-docs/src/pages/branches/branches-faq.md +++ b/server/sonar-docs/src/pages/branches/branches-faq.md @@ -1,6 +1,6 @@ --- title: Frequently Asked Branches Questions -order: 99 +url: /branches/branches-faq/ --- @@ -10,32 +10,32 @@ _Branch analysis is available as part of [Developer Edition](https://redirect.so -**Q:** How long are branches retained? -**A:** Long-lived branches are retained until you delete them manually (**Administration > Branches**). +## How long are branches retained? +Long-lived branches are retained until you delete them manually (**Administration > Branches**). Short-lived branches are deleted automatically after 30 days with no analysis. This can be updated in **Configuration > General > Number of days before purging inactive short living branches**. -**Q:** Do I need to have my project stored in an SCM such as Git or SVN to use this feature? -**A:** No, you don't need to be connected to a SCM. But if you use Git or SVN we can better track the new files on short-lived branches and so better report new issues on the files that really changed during the life of the short-lived branch. +## Does my project need to be stored in an SCM like Git or SVN? +No, you don't need to be connected to a SCM. But if you use Git or SVN we can better track the new files on short-lived branches and so better report new issues on the files that really changed during the life of the short-lived branch. -**Q:** If I flag an Issue as "Won't Fix" or "False-Positive", will it be replicated as such when merging my short-lived branch into the Master? -**A:** Yes. Each time there is an analysis of a long-lived branch, we look at the issues on the short-lived branches and try to synchronize them with the newly raised issues on the long-lived branch. In case you made some changes on the issues (false-positive, won't fix), these changes will be reported on the long-lived branch. +## What if I mark an Issue "Won't Fix" or "False-Positive" in a branch? +It be replicated as such when merging my short-lived branch into the Master. Each time there is an analysis of a long-lived branch, we look at the issues on the short-lived branches and try to synchronize them with the newly raised issues on the long-lived branch. In case you made some changes on the issues (false-positive, won't fix), these changes will be reported on the long-lived branch. -**Q:** Can I still use `sonar.branch`? -**A:** `sonar.branch` is deprecated. You can still use it but it will behave the same way it always has: a separate project will be created. We encourage you to smoothly migrate your users to the new parameter `sonar.branch.name`. +## Can I still use 'sonar.branch'? +`sonar.branch` is deprecated. You can still use it but it will behave the same way it always has: a separate project will be created. We encourage you to smoothly migrate your users to the new parameter `sonar.branch.name`. Please note you cannot use `sonar.branch` together with `sonar.branch.name`. -**Q:** Can I manually delete a branch? -**A:** This can be achieved by going into the Administration menu at Project's level, then Branches. +## Can I manually delete a branch? +This can be achieved by going into the Administration menu at Project's level, then Branches. -**Q:** How do I control the lifespan of a short-lived branch? -**A:** As a global admin, you can set the parameter sonar.dbcleaner.daysBeforeDeletingInactiveShortLivingBranches to control how many days you want to keep an inactive short-lived branch. +## How do I control the lifespan of a short-lived branch? +As a global admin, you can set the parameter `sonar.dbcleaner.daysBeforeDeletingInactiveShortLivingBranches` to control how many days you want to keep an inactive short-lived branch. -**Q:** Does the payload of the Webhook contain extra information related to Branches? -**A:** Yes, an extra node called "branch" is added to the payload. +## Does the payload of the Webhook include branch information? +Yes, an extra node called "branch" is added to the payload. -**Q:** When are Webhooks called? -**A:** When the computation of the background task is done for a given branch but also when an issue is updated on a short-lived branch. +## When are Webhooks called? +When the computation of the background task is done for a given branch but also when an issue is updated on a short-lived branch. -**Q:** What is the impact on my LOCs consumption vs my license? -**A:** The LOC of your largest branch are counted toward your license limit. All other branches are ignored. +## What is the impact on my LOCs consumption vs my license? +The LOC of your largest branch are counted toward your license limit. All other branches are ignored. diff --git a/server/sonar-docs/src/pages/branches/index.md b/server/sonar-docs/src/pages/branches/index.md deleted file mode 100644 index ffe24b02b98..00000000000 --- a/server/sonar-docs/src/pages/branches/index.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Branches ---- - - -_Branch analysis is available as part of [Developer Edition](https://redirect.sonarsource.com/editions/developer.html)_ - - -## Table of Contents - - -Branch analysis allows you to - -* analyze long-lived branches -* analyze short-lived branches -* notify external systems when the status of a short-lived branch is impacted - -## Branch Types - -### Short-lived - -Short-Lived -This corresponds to Pull/Merge Requests or Feature Branches. This kind of branch: - -* will disappear quickly -* will be merged rapidly to prevent integration issues -* is developed for a given version, so the version does not change, - and there is no way to set the New Code period; everything that has been changed in the branch is new code -* tracks all the new issues related to the code that changed on it. - -![conceptual illustration of short-lived branches.](/images/short-lived-branch-concept.png) - -For more, see [Short-lived Branches](/branches/short-lived-branches) - -### Long-lived - -This corresponds to "Maintenance" Branches that will house several release versions. -This kind of branch will: - -* last for a long time -* inevitably diverge more and more from the other branches -* house several release versions, each of which must pass the quality gate - to go to production not be expected to be merged into another branch - -![conceptual illustration of long-lived branches.](/images/long-lived-branch-concept.png) - -For more, see [Long-lived Branches](/branches/long-lived-branches) - -### Master / Main Branch - -This is the default, and typically corresponds to what's being developed for -your next release. This is usually known within a development team as -"master" or "head", and is what is analyzed when no specific branch parameters -are provided. It is labeled "Main Branch" and defaults to the name "master", -but can be renamed from within the interface. When you are not using Developer Edition, this is the only branch you see. - -## Analysis - -A branch is created when the `sonar.branch.name` parameter is passed during analysis. - -| Parameter Name | Description | -| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `sonar.branch.name` | Name of the branch (visible in the UI) | -| `sonar.branch.target` | Name of the branch where you intend to merge your short-lived branch at the end of its life. If left blank, this defaults to the master branch. It can also be used while initializing a long-lived branch to sync the issues from a branch other than the Main Branch. | - -### Git History - -By default, TravisCI only fetches the last 50 git commits. You must use `git fetch --unshallow` to get the full history. If you don't, new issues may not be assigned to the correct developer. - -### Configuring the Branch type - -A regular expression is used to determine whether a branch is treated as long-lived or short-lived. By default, branches that have names starting with either "branch" or "release" will be treated as long-lived. - -This can be updated globally in **Configuration > General > Detection** of long-lived branches or at project's level in the **Admininstration > Branches**. - -Once a branch type has been set, it cannot be changed. Explicitly, you cannot transform a long-lived to short-lived branch, or vice-versa. - -## See also -* [Short-lived Branches](short-lived-branches) -* [Long-lived Branches](long-lived-branches) -* [Frequently Asked Questions](branches-faq) diff --git a/server/sonar-docs/src/pages/branches/long-lived-branches.md b/server/sonar-docs/src/pages/branches/long-lived-branches.md index b806d2b6a21..1d0aae67c47 100644 --- a/server/sonar-docs/src/pages/branches/long-lived-branches.md +++ b/server/sonar-docs/src/pages/branches/long-lived-branches.md @@ -1,5 +1,6 @@ --- title: Long-lived Branches +url: /branches/long-lived-branches/ --- diff --git a/server/sonar-docs/src/pages/branches/overview.md b/server/sonar-docs/src/pages/branches/overview.md new file mode 100644 index 00000000000..c73cb5fc3c8 --- /dev/null +++ b/server/sonar-docs/src/pages/branches/overview.md @@ -0,0 +1,82 @@ +--- +title: Overview +url: /branches/overview/ +--- + + +_Branch analysis is available as part of [Developer Edition](https://redirect.sonarsource.com/editions/developer.html)_ + + +## Table of Contents + + +Branch analysis allows you to + +* analyze long-lived branches +* analyze short-lived branches +* notify external systems when the status of a short-lived branch is impacted + +## Branch Types + +### Short-lived + +Short-Lived +This corresponds to Pull/Merge Requests or Feature Branches. This kind of branch: + +* will disappear quickly +* will be merged rapidly to prevent integration issues +* is developed for a given version, so the version does not change, + and there is no way to set the New Code period; everything that has been changed in the branch is new code +* tracks all the new issues related to the code that changed on it. + +![conceptual illustration of short-lived branches.](/images/short-lived-branch-concept.png) + +For more, see [Short-lived Branches](/branches/short-lived-branches/) + +### Long-lived + +This corresponds to "Maintenance" Branches that will house several release versions. +This kind of branch will: + +* last for a long time +* inevitably diverge more and more from the other branches +* house several release versions, each of which must pass the quality gate + to go to production not be expected to be merged into another branch + +![conceptual illustration of long-lived branches.](/images/long-lived-branch-concept.png) + +For more, see [Long-lived Branches](/branches/long-lived-branches/) + +### Master / Main Branch + +This is the default, and typically corresponds to what's being developed for +your next release. This is usually known within a development team as +"master" or "head", and is what is analyzed when no specific branch parameters +are provided. It is labeled "Main Branch" and defaults to the name "master", +but can be renamed from within the interface. When you are not using Developer Edition, this is the only branch you see. + +## Analysis + +A branch is created when the `sonar.branch.name` parameter is passed during analysis. + +| Parameter Name | Description | +| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `sonar.branch.name` | Name of the branch (visible in the UI) | +| `sonar.branch.target` | Name of the branch where you intend to merge your short-lived branch at the end of its life. If left blank, this defaults to the master branch. It can also be used while initializing a long-lived branch to sync the issues from a branch other than the Main Branch. | + +### Git History + +By default, TravisCI only fetches the last 50 git commits. You must use `git fetch --unshallow` to get the full history. If you don't, new issues may not be assigned to the correct developer. + +### Configuring the Branch type + +A regular expression is used to determine whether a branch is treated as long-lived or short-lived. By default, branches that have names starting with either "branch" or "release" will be treated as long-lived. + +This can be updated globally in **Configuration > General > Detection** of long-lived branches or at project's level in the **Admininstration > Branches**. + +Once a branch type has been set, it cannot be changed. Explicitly, you cannot transform a long-lived to short-lived branch, or vice-versa. + +## See also +* [Short-lived Branches](/branches/short-lived-branches/) +* [Long-lived Branches](/branches/long-lived-branches/) +* [Frequently Asked Questions](/branches/branches-faq/) diff --git a/server/sonar-docs/src/pages/branches/short-lived-branches.md b/server/sonar-docs/src/pages/branches/short-lived-branches.md index 8a937009f64..53e27a263b6 100644 --- a/server/sonar-docs/src/pages/branches/short-lived-branches.md +++ b/server/sonar-docs/src/pages/branches/short-lived-branches.md @@ -1,5 +1,6 @@ --- title: Short-lived Branches +url: /branches/short-lived-branches/ --- diff --git a/server/sonar-docs/src/pages/custom-measures.md b/server/sonar-docs/src/pages/custom-measures.md deleted file mode 100644 index 2c3979b283f..00000000000 --- a/server/sonar-docs/src/pages/custom-measures.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: Custom Measures -scope: sonarqube ---- - -SonarQube collects a maximum of measures in an automated manner but there are some measures for which this is not possible, such as when: the information is not available for collection, the measure is computed by a human, and so on. Whatever the reason, SonarQube provides a service to inject those measures manually and allow you to benefit from other services: the Manual Measures service. The manual measures entered will be picked during the next analysis of the project and thereafter treated as "normal" measures. - -## Managing Custom Metrics -As with measures that are collected automatically, manual measures are the values collected in each analsis for manual metrics. Therefore, the first thing to do is create the metric you want to save your measure against. In order to do so, log in as a system administrator and go to **[Administration > Configuration > Custom Metrics](/#sonarqube-admin#/admin/custom_metrics)**, where the interface will guide you in creating the Metric you need. - -## Managing Custom Measures -Custom measures can be entered at project level. To add a measure, sign in as a project administrator, navigate to the desired project and choose **Administration > Custom Measures**, where you will find a table with the latest measure value entered for each metric. - -Values entered in this interface are "Pending", and will not be visible outside this administrative interface until the next analysis. - diff --git a/server/sonar-docs/src/pages/fixing-the-water-leak.md b/server/sonar-docs/src/pages/fixing-the-water-leak.md deleted file mode 100644 index 6158b2ff23c..00000000000 --- a/server/sonar-docs/src/pages/fixing-the-water-leak.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Fixing the Water Leak ---- - -## What is the Water Leak - -Imagine you come home one day to find a puddle of water on the kitchen floor. As you watch, the puddle slowly gets larger. - -Do you reach for the mop? Or do you try to find the source and fix it? The choice is obvious, right? You find the source of the leak! - -So why do anything different with code quality? When you analyze an application with SonarQubeSonarCloud and realize that it has a lot of technical debt, the knee-jerk reaction is generally to start remediating – either that or put together a remediation plan. This is like mopping the floor once a day while ignoring the source of the water. - -Typically in this traditional approach, just before release a periodic code quality audit result in findings the developers should act on before releasing. This approach might work in the short term, especially with strong management backing, but it consistently fails in the mid to long run, because: - -* The code review comes too late in the process, and no stakeholder is keen to get the problems fixed; everyone wants the new version to ship. -* Developers typically push back on the recommendations made by an external team that doesn't know the context of the project. And by the way the code under review is obsolete already. -* There is a clear lack of ownership for code quality with this approach. Who owns quality? No one! -* What gets reviewed is the entire application before it goes to production and it is obviously not possible to apply the same criteria to all applications. A negotiation will happen for each project, which will drain all credibility from the process - -Instead, why not apply the same simple logic you use at home to the way you manage code quality? Fixing the leak means putting the focus on the “new” code, i.e. the code that was added or changed since the last release. Then things get much easier: - -* The [Quality Gate](/quality-gates) can be run every day, and passing it is achievable. There are no surprises at release time. -* It's pretty difficult for developers to push back on problems they introduced the previous day. Instead, they're generally happy to fix the problems while the code is still fresh. -* There is a clear ownership of code quality -* The criteria for go/no-go are consistent across applications, and are shared among teams. Indeed new code is new code, regardless of which application it is done in -* The cost is insignificant because it is part of the development process - -As a bonus, the code that gets changed the most has the highest maintainability, and the code that doesn't get changed has the lowest, which makes a lot of sense. Because of the nature of software, and the fact that we keep making changes to it, the debt will naturally be reduced. Where it isn’t is where it doesn't need to be. - -## How to do it - -SonarQubeSonarCloud offers two main tools to help you find your leaks: - -* New Code metrics show the variance in your measures between the current code and a specific point you choose in its history, typically the `previous_version` -* New Code is primarily detected based on SCM "blame" data starting from the first analysis within your New Code Period (formerly the "Leak Period"), with fallback mechanisms when needed. See [SCM integration](/analysis/scm-integration) for more details. -* [Quality Gates](/quality-gates) allow you to set boolean thresholds against which your code is measured. Use them with differential metrics to ensure that your code quality moves in the right direction over time. diff --git a/server/sonar-docs/src/pages/housekeeping.md b/server/sonar-docs/src/pages/housekeeping.md deleted file mode 100644 index e2b333382d5..00000000000 --- a/server/sonar-docs/src/pages/housekeeping.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: Housekeeping ---- - -When you run a new analysis of your project, some data that was previously available is cleaned out of the database. For example the source code of the previous analysis, measures at directory and file levels, and so on are automatically removed at the end of a new analysis. Additionally, some old analysis snapshots are also removed. - -Why? Well, it's useful to analyze a project frequently to see how its quality evolves. It is also useful to be able to see the trends over weeks, months, years. But when you look back in time, you don't really need the same level of detail as you do for the project's current state. To save space and to improve overall performance, the Database Cleaner deletes some rows in the database. Here is its default configuration: - -* For each project: - * only one snapshot per day is kept after 1 day. Snapshots marked by an event are not deleted. - * only one snapshot per week is kept after 1 month. Snapshots marked by an event are not deleted. - * only one snapshot per month is kept after 1 year. Snapshots marked by an event are not deleted. - * only snapshots with version events are kept after 2 years. Snapshots without events or with only other event types are deleted. - * **all snapshots** older than 5 years are deleted, including snapshots marked by an event. -* All closed issues more than 30 days old are deleted -* History at package/directory level is removed - -These settings can be changed at [Administration > General > Database Cleaner](/#sonarqube-admin#/admin/settings). diff --git a/server/sonar-docs/src/pages/index.md b/server/sonar-docs/src/pages/index.md index cfaf315e74d..240e76889da 100644 --- a/server/sonar-docs/src/pages/index.md +++ b/server/sonar-docs/src/pages/index.md @@ -1,18 +1,23 @@ --- title: Documentation +url: / --- + + [SonarQube](http://www.sonarqube.org/)® software (previously called Sonar) is an open source quality management platform, dedicated to continuously analyze and measure technical quality, from project portfolio to method. If you wish to extend the SonarQube platform with open source plugins, have a look at our [plugin library](https://docs.sonarqube.org/display/PLUG/Plugin+Library). ## I write code -* [Fixing the Water Leak](/fixing-the-water-leak) -* [Quality Gates](/quality-gates) -* [Quality Profiles](/quality-profiles) - +* [Fixing the Water Leak](/user-guide/fixing-the-water-leak/) +* [Quality Gates](/user-guide/quality-gates/) +* [Quality Profiles](/instance-administration/quality-profiles/) + + SonarCloud is the leading product for Continuous Code Quality online, totally free for open-source projects. It supports all major programming languages, including Java, C#, JavaScript, TypeScript, C/C++ and many more. If your code is closed source, SonarCloud also offers a paid plan to run private analyses. -SonarCloud offers end-to-end integrations for teams leveraging [GitHub](/integrations/github), [VSTS](/integrations/vsts), or [Bitbucket Cloud](/integrations/bitbucketcloud) in their development processes. +SonarCloud offers end-to-end integrations for teams leveraging [GitHub](/integrations/github/), [VSTS](/integrations/vsts/), or [Bitbucket Cloud](/integrations/bitbucketcloud/) in their development processes. + diff --git a/server/sonar-docs/src/pages/instance-administration/custom-measures.md b/server/sonar-docs/src/pages/instance-administration/custom-measures.md new file mode 100644 index 00000000000..8867f060670 --- /dev/null +++ b/server/sonar-docs/src/pages/instance-administration/custom-measures.md @@ -0,0 +1,15 @@ +--- +title: Custom Measures +url: /instance-administration/custom-measures/ +--- + +SonarQube collects a maximum of measures in an automated manner but there are some measures for which this is not possible, such as when: the information is not available for collection, the measure is computed by a human, and so on. Whatever the reason, SonarQube provides a service to inject those measures manually and allow you to benefit from other services: the Manual Measures service. The manual measures entered will be picked during the next analysis of the project and thereafter treated as "normal" measures. + +## Managing Custom Metrics +As with measures that are collected automatically, manual measures are the values collected in each analsis for manual metrics. Therefore, the first thing to do is create the metric you want to save your measure against. In order to do so, log in as a system administrator and go to **[Administration > Configuration > Custom Metrics](/#sonarqube-admin#/admin/custom_metrics)**, where the interface will guide you in creating the Metric you need. + +## Managing Custom Measures +Custom measures can be entered at project level. To add a measure, sign in as a project administrator, navigate to the desired project and choose **Administration > Custom Measures**, where you will find a table with the latest measure value entered for each metric. + +Values entered in this interface are "Pending", and will not be visible outside this administrative interface until the next analysis. + diff --git a/server/sonar-docs/src/pages/instance-administration/housekeeping.md b/server/sonar-docs/src/pages/instance-administration/housekeeping.md new file mode 100644 index 00000000000..bd11f3fd403 --- /dev/null +++ b/server/sonar-docs/src/pages/instance-administration/housekeeping.md @@ -0,0 +1,19 @@ +--- +title: Housekeeping +url: /instance-administration/housekeeping/ +--- + +When you run a new analysis of your project, some data that was previously available is cleaned out of the database. For example the source code of the previous analysis, measures at directory and file levels, and so on are automatically removed at the end of a new analysis. Additionally, some old analysis snapshots are also removed. + +Why? Well, it's useful to analyze a project frequently to see how its quality evolves. It is also useful to be able to see the trends over weeks, months, years. But when you look back in time, you don't really need the same level of detail as you do for the project's current state. To save space and to improve overall performance, the Database Cleaner deletes some rows in the database. Here is its default configuration: + +* For each project: + * only one snapshot per day is kept after 1 day. Snapshots marked by an event are not deleted. + * only one snapshot per week is kept after 1 month. Snapshots marked by an event are not deleted. + * only one snapshot per month is kept after 1 year. Snapshots marked by an event are not deleted. + * only snapshots with version events are kept after 2 years. Snapshots without events or with only other event types are deleted. + * **all snapshots** older than 5 years are deleted, including snapshots marked by an event. +* All closed issues more than 30 days old are deleted +* History at package/directory level is removed + +These settings can be changed at [Administration > General > Database Cleaner](/#sonarqube-admin#/admin/settings). diff --git a/server/sonar-docs/src/pages/instance-administration/look-and-feel.md b/server/sonar-docs/src/pages/instance-administration/look-and-feel.md new file mode 100644 index 00000000000..1008e54d7ec --- /dev/null +++ b/server/sonar-docs/src/pages/instance-administration/look-and-feel.md @@ -0,0 +1,13 @@ +--- +title: Look and Feel +url: /instance-administration/look-and-feel/ +--- + +## Home logo +You can set your own "home" logo in **[Administration > General > Look & Feel](/#sonarqube-admin#/admin/settings)**. Simply provide an image URL and width. Ideally, the width will scale the height to 30 pixels. This logo will be used in both the menu bar and on the About page. + +## Content of the "About" page +You also have the ability to add content to the About page, which anonymous users land on by default: **[Administration > General > Look & Feel](/#sonarqube-admin#/admin/settings)**. + +## Gravatar +Gravatar support is enabled by default, using gravatar.com. You can configure a different server or disable the feature altogether. When enabled, gravatars show up next to most uses of the user name. diff --git a/server/sonar-docs/src/pages/instance-administration/quality-profiles.md b/server/sonar-docs/src/pages/instance-administration/quality-profiles.md new file mode 100644 index 00000000000..db513e758ac --- /dev/null +++ b/server/sonar-docs/src/pages/instance-administration/quality-profiles.md @@ -0,0 +1,80 @@ +--- +title: Quality Profiles +url: /instance-administration/quality-profiles/ +--- + +## Overview + +The Quality Profiles service is central to SonarQube, since it is where you define your requirements by defining sets of **rules** (ex: Methods should not have a Cognitive Complexity greater than 15). + +Ideally, all projects will be measured with the same profile for any given language, but that's not always practical. For instance, you may find that: + +* The technological implementation differs from one application to another (for example, different coding rules may apply when building threaded or non-threaded Java applications). +* You want to ensure stronger requirements on some of your applications (internal frameworks for example). +* Etc. + +Which is why you can define as many quality profiles as you wish even though it is recommended to have as few Quality Profiles as possible to ensure consistency across the projects in your company. To manage quality profiles, go to [**Quality Profiles**](/#sonarqube#/profiles)**Quality Profiles** page of your organization, where you'll find profiles grouped by language. + +Each language plugin comes with a predefined, built-in profile (usually called "Sonar way") so that you can get started very quickly with SonarQube analyses. This is why as soon as you install a new language plugin, at least one quality profile will be available for you. Each language must have a default profile (marked with the Default tag). Projects that are not explicitly associated with a specific profile will be analyzed using the language's default profile. + +When starting from a new installation, it's tempting to use Sonar way as your default profile because it contains all the rules that are generally applicable to most projects. But as a best practice, you should create a new profile (you can populate it by copying the contents of Sonar way) and use it instead. Why? First because Sonar way profiles aren't editable, so you won't be able to customize it to your needs. Also, that lets you treat Sonar way as a baseline against which you can track your own profile as you make changes to it (and you will). Plus, Sonar way is typically updated with each new version of the plugin to add rules and sometimes adjust rule severities. Any profile that inherits from the built-in Sonar Way will de-facto be automatically updated at the same time. + +## How do I... + +### Delegate the management of Quality Profiles to someone else? + +By default, only users with the "Administer Quality Profiles" permission can edit Quality Profiles. But in large organizations, it may not be desirable to grant permissions to change all the Quality Profiles without distinction. That's why you can also grant users/groups the permission to edit an individual Quality Profile so that, for instance, the management of the Swift profile can be delegated to a group of Swift experts, and the same for COBOL, ... + +This delegation of permission can only be performed by someone who already has the "Administer Quality Profiles" permission or individual edit rights on the profile to which additional permissions should be granted. The interface to grant individual permissions is available on the profile detail page. + +### Copy the rules from one profile to another? + +Many times people want to work from a profile that's based on a built-in profile without actually using the built-in profile. The easiest thing to do in this case is to go to the original profile, we'll call it _Source_, in **Quality Profiles**. From there, click through on the total number of rules in _Source_ to land on the **Rules** page at a pre-narrowed search of _Source_'s rules. Use **Bulk Activate** to turn Source's rules on in your target profile. + +### Know what's changed in a profile? + +When SonarQube notices that an analysis was performed with a profile that is different in some way from the previous analysis, a Quality Profile event is added to the project's event log. To see the changes in a profile, navigate to the profile (**Quality Profiles > [ Profile Name ]**), and choose **Changelog**. This may help you understand how profile changes impact the issues raised in an analysis. + +Additionally, users with Quality Profile administration privileges are notified by email each time a built-in profile (one that is provided directly by an analyzer) is updated. These updates can only be caused by analyzer updates. + +### Copy a profile from one SonarQube instance to another? + +Use the **Back up** feature on the source instance to export the profile to an XML file. Use the **Restore Profile** feature on the target instance to import the file. Note that some [limitations](https://jira.sonarsource.com/browse/SONAR-5366) on this feature exist. + +![Restore Quality Profile](/images/restore-quality-profile.jpeg) + +### Apply a core set of rules plus additional rules to a project? + +Let's say your company has a minimum set of coding rules that all teams must follow, but you want to add rules that are specific to the in use technology in your project. Those rules are good for your team, but irrelevant or even misleading for others. This situation calls for inheritance. Set up a base profile, we'll call it _Root_ with your core set of rules. Then create a child profile, we'll call it _Sprout_. Once it's created, you can **Change parent** to inherit from _Root_, then add your missing rules. + +### Make sure my non-default profile is used on a project? + +One profile for each language is marked the default. Barring any other intervention, all projects that use that language will be analyzed with that profile. To have a project analyzed by a non-default profile instead, start from **Quality Profiles**, and click through on your target profile, then use the Projects part of the interface to manage which projects are explicitly assigned to the profile. + +### Make sure I've got all the relevant new rules in my profile? + +Each time a language plugin update is released, new rules are added, but they won't appear automatically in your profile unless you're using a built-in profile such as _Sonar way_. + +If you're not using a built-in profile, you can compare your profile to the built-in profile to see what new on-by-default rules you're missing. + +Another option is to go to the **Rules** space, and use the **Available Since** search facet to see what rules have been added to the platform since the day you upgraded the relevant plugin. + +And finally, the profile interface itself will help you be aware of rules added in a new plugin version in the **Latest New Rules** section on the right of the interface. + +### Compare two profiles? + +Starting from the **Quality Profiles** page, click through on one of the profiles you'd like to compare, then use the **Actions > Compare** interface to select the second profile and see the differences. + +### Make sure I don't have any deprecated rules in my profile? + +The **Deprecated Rules** section of the rules interface itself is your first warning that a profile contains deprecated rules. This pink-background section gives the total number of instances of deprecated rules that are currently active in profiles, and a breakdown of deprecated count per profile. A click-through here takes you to the **Rules** page to edit the profile in question. + +Alternately, you can perform a **Rules** search for the rules in a profile (either manually or by clicking-through from **Quality Profiles** page) and use the **Status** rule search facet to narrow the list to the ones that need attention. + +## Security + +The Quality Profiles service can be accessed by any user (even anonymous users). All users can view every aspect of a profile. That means anyone can see which rules are included in a profile, and which ones have been left out, see how a profile has changed over time, and compare the rules in any two profiles. + +To make rule profile changes (create, edit or delete) users must be granted the **Administer Quality Profiles and Gates** permission. + +A **project administrator** can choose which profiles his project is associated with. See Project Settings for more. diff --git a/server/sonar-docs/src/pages/integrations/bitbucketcloud.md b/server/sonar-docs/src/pages/integrations/bitbucketcloud.md deleted file mode 100644 index d547c0db84a..00000000000 --- a/server/sonar-docs/src/pages/integrations/bitbucketcloud.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Integration with Bitbucket Cloud -scope: sonarcloud ---- - -## Authentication - -You can connect to SonarCloud using your Bitbucket Cloud account. On the [login page](/#sonarcloud#/sessions/new), just click on the "Log in with Bitbucket" button. - -## Install SonarCloud add-on for Bitbucket Cloud - -Our Bitbucket Cloud application allows users to automate the SonarCloud analysis with Pipelines. It also allows users to view their SonarCloud metrics directly on Bitbucket Cloud via our Code Quality widget and the decoration of pull-requests. - -In Bitbucket Cloud, go to your team's "Settings > Find integrations" page, search for "SonarCloud" in the "Code Quality" category and click on "Add" to install the application. - -## Analyzing with Pipelines - -SonarCloud integrates with Bitbucket Pipelines to make it easier to trigger analyses. Follow the steps: - -1. On SonarCloud, once your project is created, follow the tutorial on the dashboard of the project. You can copy-paste the command line displayed at the end. - -2. On Bitbucket Cloud, go to the "Settings > Pipelines > Environment variables" page of your team, and add a new SONAR_TOKEN variable that contains the value of the SonarCloud token (something like `9ad01c85336b265406fa6554a9a681a4b281135f`) which you created during the tutorial (and which is available inside the command line that you copy-pasted). **Make sure that you click on the "Lock" icon to encrypt and hide this token.** - -3. Inside the `bitbucket-pipelines.yml` file of your repository, copy the command line provided by the tutorial and replace the actual token by its variable name. For example, for a Java Maven-based project, you should have something like: - -``` -script: - -mvn sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=my-team-org -Dsonar.login=$SONAR_TOKEN -``` - -When this change on `bitbucket-pipelines.yml` is committed and pushed, Pipelines should automatically run a new build and therefore trigger the analysis of the repository. Shortly after, your project will appear on SonarCloud in your organization. - -4. Once you see your project in SonarCloud, go to the Bitbucket Cloud "Settings > SonarCloud" page. If the dropdown is empty, find your project in the select box to link it. - -From now on, everytime Pipelines triggers a build, SonarCloud will: - -* Analyze every new branch that contains the change on the `bitbucket-pipelines.yml` file. -* Analyze and decorate every pull request based on such a branch. - -## Quality widget - -SonarCloud provides a widget that shows the current quality metrics of your project directly on the repository's Overview page on Bitbucket Cloud. - -If you have configured the analysis with Pipelines as described above, you will see this widget on the "Overview" page of your repository. - -If you haven't configured the analysis with Pipelines (maybe because you are using another CI tool), follow these few steps: - -1. Go to the repository where you want to display the widget. On the "Overview" page, you should see an empty SonarCloud widget. Click on the link inside the empty widget or just go directly to your repository's "Settings > SonarCloud Settings". - -2. If you're not already logged in on SonarCloud, do it by using the options provided there. You can log in with Bitbucket Cloud by clicking on the blue button, or click on "More options" to log in with GitHub or VSTS. - -3. Once you're logged in on SonarCloud, you should see a dropdown allowing you to choose one of the projects you administer. Just choose the one you want to link to this Bitbucket repository and click "Save". - -4. You can now go back to your repository's Overview page on Bitbucket and see the widget with all current SonarCloud metrics displayed. - -If you want to hide this widget (e.g. because your repository is not analyzed on SonarCloud), you can go to the "Settings > SonarCloud" page of your repository and check "Hide repository overview widget". - -## FAQ - -**Do you have a sample project on Bitbucket Cloud?** -For the time being, you can take a look at this very simple JS project: [Sample project analysed on SonarCloud](https://bitbucket.org/bellingard/fab) - -**Pipelines can't find sonar-scanner** -If you want to analyze a non-Java project (JS, TS, PHP, Python, Go, ...), you will need to download and install the [Scanner CLI](https://redirect.sonarsource.com/doc/install-configure-scanner.html) during the execution of your build prior to the actual code scan. You have two options: - -* You can download it (with curl for instance) from the links available on the documentation page and unpack it (preferably in a cached folder for later reuse). -* On Node environments, you can rely on a [community NPM module](https://www.npmjs.com/package/sonarqube-scanner) to install it globally and therefore make it available in the PATH. - -**I don't see the any quality information whereas I configured everything** -Make sure that your browser is not using some extensions like AdBlocks. They tend to break the integration of third-party applications in BitBucket Cloud. - -## Upcoming features and improvements - -There are various areas in which you can expect new features and improvements: - -* Tighter integration with Pipelines (less parameters to pass on the CLI, availability of the scanner, ...) -* Pull request decoration with inline comments to show the issues within the PR -* Better and easier team onboarding -* Automatic analysis (i.e. no need to configure anything from Pipelines) diff --git a/server/sonar-docs/src/pages/integrations/github.md b/server/sonar-docs/src/pages/integrations/github.md deleted file mode 100644 index 12034296f7e..00000000000 --- a/server/sonar-docs/src/pages/integrations/github.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Integration with GitHub -scope: sonarcloud ---- - -## Authentication - -You can connect to SonarCloud using your GitHub account. On the [login page](/#sonarcloud#/sessions/new), just click on the "Log in with GitHub" button. - -## Trigger analyses - -SonarCloud currently does not trigger analyses automatically. It's up to you to launch them inside your -existing CI scripts. Please follow the [tutorial](/#sonarcloud#/onboarding) to get started. - -### Using Travis CI? - -If you are using Travis CI, the SonarCloud Travis Add-on will make it easier to activate analyses: -* Read the [guide to integrate with Travis CI](https://docs.travis-ci.com/user/sonarcloud/) -* Check out the [various sample projects](https://github.com/SonarSource/sonarcloud_examples) (Java, TypeScript, C/C++, Go, ... etc) that are analyzed on SonarCloud on a frequent basis - -## Activating pull request decoration - -To have your pull requests decorated by SonarCloud in GitHub, you need to [install the SonarCloud application](https://github.com/apps/sonarcloud) on your GitHub organization(s). - -Once installed, there is nothing more to do if you are using the Travis Add-on. In any other case, you will need -to pass the following properties in your script during the analysis: - -``` -sonar.pullrequest.base=master -sonar.pullrequest.branch=feature/my-new-feature -sonar.pullrequest.key=5 -sonar.pullrequest.provider=GitHub -sonar.pullrequest.github.repository=my-company/my-repo -``` diff --git a/server/sonar-docs/src/pages/integrations/index.md b/server/sonar-docs/src/pages/integrations/index.md deleted file mode 100644 index 01fcb49fe8f..00000000000 --- a/server/sonar-docs/src/pages/integrations/index.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: Integrations -scope: sonarcloud ---- - -SonarCloud integrates with the following cloud services to help developers get the most out of their code: - -* [Integration with GitHub](/integrations/github) -* [Integration with Bitbucket Cloud](/integrations/bitbucketcloud) -* [Integration with VSTS](/integrations/vsts) diff --git a/server/sonar-docs/src/pages/integrations/vsts.md b/server/sonar-docs/src/pages/integrations/vsts.md deleted file mode 100644 index de94cd73ad1..00000000000 --- a/server/sonar-docs/src/pages/integrations/vsts.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Integration with VSTS -scope: sonarcloud ---- - - -## Authentication - -You can connect to SonarCloud using your VSTS account. On the [login page](/#sonarcloud#/sessions/new), just click on the "Log in with VSTS" button. - -[[warning]] -| Only work and school VSTS accounts are authorized to login on SonarCloud. - -## Install the SonarCloud VSTS extension - -The SonarCloud VSTS extension brings everything you need to have your projects analyzed on SonarCloud -very quickly: -* Integration with the Build definitions to easily trigger the analysis -* Pull request decoration to get quick feedback on the code changes -* Widget to have the overview quality of your projects inside VSTS dashboards - -Install [SonarCloud extension for VSTS](https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarcloud)by clicking on the "Get it free" button. - -Then follow the comprehensive [Microsoft lab on how to integrate VSTS with SonarCloud](https://aka.ms/sonarcloudlab). - -## Quality Gate Status widget - -You can monitor the Quality Gate status of your projects directly in your VSTS dashboard. Follow these simple steps to configure your widget: - -1. Once the VSTS extension is installed and your project has been successfully analyzed, go to one of your VSTS dashboards (or create one). Click on the pen icon in the bottom right corner of the screen, and then on the "+" icon to add a widget. - -2. In the list of widgets, select the "Code Quality" one and then click on the "Add" button. An empty widget is added to your dashboard. - -3. You can then click on the widget's cogwheel icon to configure it. - - * **For public projects:** you can simply select your project from the dropdown. A searchbar inside the dropdown will help you find it easily. Just select it and click on the "Save" button. - - * **For private projects:** you'll have to log in using the links provided under the dropdown. Once logged in, your private projects will appear in the dropdown. Select the one you are interested in, and click on "Save". diff --git a/server/sonar-docs/src/pages/keyboard-shortcuts.md b/server/sonar-docs/src/pages/keyboard-shortcuts.md deleted file mode 100644 index 178ccff0999..00000000000 --- a/server/sonar-docs/src/pages/keyboard-shortcuts.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Keyboard Shortcuts -order: 99 ---- - -## Global - -| Shortcut | Action | -| -------- | --------------- | -| `s` | open search bar | -| `?` | open help | - -## Issues Page - -| Shortcut | Action | -| ---------------- | --------------------------------------------- | -| `↑` `↓` | navigate between issues | -| `→` | go from the list of issues to the source code | -| `←` | return back to the list | -| `alt` + `↑` `↓` | to navigate issue locations | -| `alt` + `←` `→` | to switch flows | -| `f` | do an issue transition | -| `a` | assign issue | -| `m` | assign issue to the current user | -| `i` | change severity of issue | -| `c` | comment issue | -| `ctrl` + `enter` | submit comment | -| `t` | change tags of issue | - -## Measures Page - -| Shortcut | Action | -| -------- | --------------------------------------------- | -| `↑` `↓` | select files | -| `→` | open file | -| `←` | return back to the list | -| `j` `k` | switch between files | - -## Rules Page - -| Shortcut | Action | -| -------- | --------------------------------------------- | -| `↑` `↓` | navigate between rules | -| `→` | go from the list of rules to the rule details | -| `←` | return back to the list | diff --git a/server/sonar-docs/src/pages/look-and-feel.md b/server/sonar-docs/src/pages/look-and-feel.md deleted file mode 100644 index d74542fd730..00000000000 --- a/server/sonar-docs/src/pages/look-and-feel.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: Look and Feel -scope: sonarqube ---- - -## Home logo -You can set your own "home" logo in **[Administration > General > Look & Feel](/#sonarqube-admin#/admin/settings)**. Simply provide an image URL and width. Ideally, the width will scale the height to 30 pixels. This logo will be used in both the menu bar and on the About page. - -## Content of the "About" page -You also have the ability to add content to the About page, which anonymous users land on by default: **[Administration > General > Look & Feel](/#sonarqube-admin#/admin/settings)**. - -## Gravatar -Gravatar support is enabled by default, using gravatar.com. You can configure a different server or disable the feature altogether. When enabled, gravatars show up next to most uses of the user name. diff --git a/server/sonar-docs/src/pages/metric-definitions.md b/server/sonar-docs/src/pages/metric-definitions.md deleted file mode 100644 index 737b3e656db..00000000000 --- a/server/sonar-docs/src/pages/metric-definitions.md +++ /dev/null @@ -1,336 +0,0 @@ ---- -title: Metric Definitions ---- - -## Table of Contents - - -## Complexity -**Complexity** (`complexity`) -It is the Cyclomatic Complexity calculated based on the number of paths through the code. Whenever the control flow of a function splits, the complexity counter gets incremented by one. Each function has a minimum complexity of 1. This calculation varies slightly by language because keywords and functionalities do. - -[[collapse]] -| ## Language-specific details -| Language | Notes -| ---|--- -| ABAP | The following keywords increase the complexity by one: `AND`, `CATCH`, `CONTINUE`, `DO`, `ELSEIF`, `IF`, `LOOP`, `LOOPAT`, `OR`, `PROVIDE`, `SELECT…ENDSELECT`, `TRY`, `WHEN`, `WHILE` -| C/C++/Objective-C | The complexity gets incremented by one for: function definitions, `while`, `do while`, `for`, `throw` statements, `switch`, `case`, `default`, `&&` operator, `||` operator, `?` ternary operator, `catch`, `break`, `continue`, `goto`. -| COBOL | The following commands increase the complexity by one (except when they are used in a copybook): `ALSO`, `ALTER`, `AND`, `DEPENDING`, `END_OF_PAGE`, `ENTRY`, `EOP`, `EXCEPTION`, `EXIT`, `GOBACK`, `CONTINUE`, `IF`, `INVALID`, `OR`, `OVERFLOW`, `SIZE`, `STOP`, `TIMES`, `UNTIL`, `USE`, `VARYING`, `WHEN`, `EXEC CICS HANDLE`, `EXEC CICS LINK`, `EXEC CICS XCTL`, `EXEC CICS RETURN` -| Java | Keywords incrementing the complexity: `if`, `for`, `while`, `case`, `catch`, `throw`, `&&`, `||`, `?` -| JavaScript, PHP | Complexity is incremented by one for each: function (i.e non-abstract and non-anonymous constructors, functions, procedures or methods), `if`, short-circuit (AKA lazy) logical conjunction (`&&`), short-circuit (AKA lazy) logical disjunction (`||`), ternary conditional expressions, loop, `case` clause of a `switch` statement, `throw` and `catch` statement, `go to` statement (only for PHP) -| PL/I | The following keywords increase the complexity by one: `PROC`, `PROCEDURE`, `GOTO`, `GO TO`, `DO`, `IF`, `WHEN`, `|`, `!`, `|=`, `!=`, `&`, `&=` -| PL/SQL | The complexity gets incremented by one for: the main PL/SQL anonymous block (not inner ones), create procedure, create trigger, procedure_definition, basic loop statement, when_clause_statement (the “when” of simple_case_statement and searched_case_statement), continue_statement, cursor_for_loop_statement, continue_exit_when_clause (The “WHEN” part of the continue and exit statements), exception_handler (every individual “WHEN”), exit_statement, for_loop_statement, forall_statement, if_statement, elsif_clause, raise_statement, return_statement, while_loop_statement, and_expression (“and” reserved word used within PL/SQL expressions), or_expression (“or” reserved word used within PL/SQL expressions), when_clause_expression (the “when” of simple_case_expression and searched_case_expression) -| VB.NET | The complexity gets incremented by one for: method or constructor declaration (Sub, Function), `AndAlso`, `Case`, `Continue`, `End`, `Error`, `Exit`, `If`, `Loop`, `On Error`, `GoTo`, `OrElse`, `Resume`, `Stop`, `Throw`, `Try`. - -**Cognitive Complexity** (`cognitive_complexity`) -How hard it is to understand the code's control flow. See [the Cognitive Complexity White Paper](https://www.sonarsource.com/resources/white-papers/cognitive-complexity.html) for a complete description of the mathematical model applied to compute this measure. - ---- -## Duplications -**Duplicated blocks** (`duplicated_blocks`) -Number of duplicated blocks of lines. - -[[collapse]] -| ## Language-specific details -| For a block of code to be considered as duplicated: -| -| Non-Java projects: -| * There should be at least 100 successive and duplicated tokens. -| * Those tokens should be spread at least on: -| * 30 lines of code for COBOL -| * 20 lines of code for ABAP -| * 10 lines of code for other languages -| -|Java projects: -| There should be at least 10 successive and duplicated statements whatever the number of tokens and lines. Differences in indentation and in string literals are ignored while detecting duplications. - -**Duplicated files** (`duplicated_files`) -Number of files involved in duplications. - -**Duplicated lines** (`duplicated_lines`) -Number of lines involved in duplications. - -**Duplicated lines (%)** (`duplicated_lines_density`) -= `duplicated_lines` / `lines` * 100 - ---- -## Issues -**New issues** (`new_violations`) -Number of issues raised for the first time in the New Code period. - -**New xxx issues** (`new_xxx_violations`) -Number of issues of the specified severity raised for the first time in the New Code period, where xxx is one of: `blocker`, `critical`, `major`, `minor`, `info`. - -**Issues** (`violations`) -Total count of issues in all states. - -**xxx issues** (`xxx_issues`) -Total count of issues of the specified severity, where xxx is one of: `blocker`, `critical`, `major`, `minor`, `info`. - -**False positive issues** (`false_positive_issues`) -Total count of issues marked False Positive - -**Open issues** (`open_issues`) -Total count of issues in the Open state. - -**Confirmed issues** (`confirmed_issues`) -Total count of issues in the Confirmed state. - -**Reopened issues** (`reopened_issues`) -Total count of issues in the Reopened state - ---- -## Maintainability -**Code Smells** (`code_smells`) -Total count of Code Smell issues. - -**New Code Smells** (`new_code_smells`) -Total count of Code Smell issues raised for the first time in the New Code period. - -**Maintainability Rating** (`sqale_rating`) -(Formerly the SQALE rating.) -Rating given to your project related to the value of your Technical Debt Ratio. The default Maintainability Rating grid is: - -A=0-0.05, B=0.06-0.1, C=0.11-0.20, D=0.21-0.5, E=0.51-1 - -The Maintainability Rating scale can be alternately stated by saying that if the outstanding remediation cost is: - -* <=5% of the time that has already gone into the application, the rating is A -* between 6 to 10% the rating is a B -* between 11 to 20% the rating is a C -* between 21 to 50% the rating is a D -* anything over 50% is an E - -**Technical Debt** (`sqale_index`) -Effort to fix all Code Smells. The measure is stored in minutes in the database. An 8-hour day is assumed when values are shown in days. - -**Technical Debt on New Code** (`new_technical_debt`) -Effort to fix all Code Smells raised for the first time in the New Code period. - -**Technical Debt Ratio** (`sqale_debt_ratio`) -Ratio between the cost to develop the software and the cost to fix it. The Technical Debt Ratio formula is: - `Remediation cost / Development cost` -Which can be restated as: - `Remediation cost / (Cost to develop 1 line of code * Number of lines of code)` -The value of the cost to develop a line of code is 0.06 days. - -**Technical Debt Ratio on New Code** (`new_sqale_debt_ratio`) -Ratio between the cost to develop the code changed in the New Code period and the cost of the issues linked to it. - ---- -## Quality Gates -**Quality Gate Status** (`alert_status`) -State of the Quality Gate associated to your Project. Possible values are : `ERROR`, `WARN`, `OK` - -**Quality Gate Details** (`quality_gate_details`) -For all the conditions of your Quality Gate, you know which condition is failing and which is not. - ---- -## Reliability -**Bugs** (`bugs`) -Number of bug issues. - -**New Bugs** (`new_bugs`) -Number of new bug issues. - -**Reliability Rating** (`reliability_rating`) -A = 0 Bugs -B = at least 1 Minor Bug -C = at least 1 Major Bug -D = at least 1 Critical Bug -E = at least 1 Blocker Bug - -**Reliability remediation effort** (`reliability_remediation_effort`) -Effort to fix all bug issues. The measure is stored in minutes in the DB. An 8-hour day is assumed when values are shown in days. - -**Reliability remediation effort on new code** (`new_reliability_remediation_effort`) -Same as _Reliability remediation effort_ but on the code changed in the New Code period. - ---- -## Security -**Vulnerabilities** (`vulnerabilities`) -Number of vulnerability issues. - -**New Vulnerabilities** (`new_vulnerabilities`) -Number of new vulnerability issues. - -**Security Rating** (`security_rating`) -A = 0 Vulnerabilities -B = at least 1 Minor Vulnerability -C = at least 1 Major Vulnerability -D = at least 1 Critical Vulnerability -E = at least 1 Blocker Vulnerability - -**Security remediation effort** (`security_remediation_effort`) -Effort to fix all vulnerability issues. The measure is stored in minutes in the DB. An 8-hour day is assumed when values are shown in days. - -**Security remedation effort on new code** (`new_security_remediation_effort`) -Same as _Security remediation effort_ but on the code changed in the New Code period. - ---- -## Size -**Classes** (`classes`) -Number of classes (including nested classes, interfaces, enums and annotations). - -**Comment lines** (`comment_lines`) -Number of lines containing either comment or commented-out code. - -Non-significant comment lines (empty comment lines, comment lines containing only special characters, etc.) do not increase the number of comment lines. - -The following piece of code contains 9 comment lines: -``` -/** +0 => empty comment line - * +0 => empty comment line - * This is my documentation +1 => significant comment - * although I don't +1 => significant comment - * have much +1 => significant comment - * to say +1 => significant comment - * +0 => empty comment line - *************************** +0 => non-significant comment - * +0 => empty comment line - * blabla... +1 => significant comment - */ +0 => empty comment line - -/** +0 => empty comment line - * public String foo() { +1 => commented-out code - * System.out.println(message); +1 => commented-out code - * return message; +1 => commented-out code - * } +1 => commented-out code - */ +0 => empty comment line - ``` -[[collapse]] -| ## Language-specific details -| Language | Note -| ---|--- -| COBOL | Lines containing the following instructions are counted both as comments and lines of code: `AUTHOR`, `INSTALLATION`, `DATE-COMPILED`, `DATE-WRITTEN`, `SECURITY`. -| Java | File headers are not counted as comment lines (becuase they usually define the license). - -**Comments (%)** (`comment_lines_density`) -Density of comment lines = Comment lines / (Lines of code + Comment lines) * 100 - -With such a formula: -* 50% means that the number of lines of code equals the number of comment lines -* 100% means that the file only contains comment lines - -**Directories** (`directories`) -Number of directories. - -**Files** (`files`) -Number of files. - -**Lines** (`lines`) -Number of physical lines (number of carriage returns). - -**Lines of code** (`ncloc`) -Number of physical lines that contain at least one character which is neither a whitespace nor a tabulation nor part of a comment. -[[collapse]] -| ## Language-specific details -| Language | Note -| --- | --- -| COBOL | Generated lines of code and pre-processing instructions (`SKIP1`, `SKIP2`, `SKIP3`, `COPY`, `EJECT`, `REPLACE`) are not counted as lines of code. - -**Lines of code per language** (`ncloc_language_distribution`) -Non Commenting Lines of Code Distributed By Language - -**Functions** (`functions`) -Number of functions. Depending on the language, a function is either a function or a method or a paragraph. -[[collapse]] -| ## Language-specific details -| Language | Note -| ---|--- -| COBOL | It is the number of paragraphs. -| Java | Methods in anonymous classes are ignored. -| VB.NET | Accesors are not considered to be methods. - -**Projects** (`projects`) -Number of projects in a Portfolio. - -**Statements** (`statements`) -Number of statements. - ---- -## Tests -**Condition coverage** (`branch_coverage`) -On each line of code containing some boolean expressions, the condition coverage simply answers the following question: 'Has each boolean expression been evaluated both to true and false?'. This is the density of possible conditions in flow control structures that have been followed during unit tests execution. - -`Condition coverage = (CT + CF) / (2*B)` -where -* CT = conditions that have been evaluated to 'true' at least once -* CF = conditions that have been evaluated to 'false' at least once -* B = total number of conditions - -**Condition coverage on new code** (`new_branch_coverage`) -Identical to Condition coverage but restricted to new / updated source code. - -**Condition coverage hits** (`branch_coverage_hits_data`) -List of covered conditions. - -**Conditions by line** (`conditions_by_line`) -Number of conditions by line. - -**Covered conditions by line** (`covered_conditions_by_line`) -Number of covered conditions by line. - -**Coverage** (`coverage`) -It is a mix of Line coverage and Condition coverage. Its goal is to provide an even more accurate answer to the following question: How much of the source code has been covered by the unit tests? - -`Coverage = (CT + CF + LC)/(2*B + EL)` -where -* CT = conditions that have been evaluated to 'true' at least once -* CF = conditions that have been evaluated to 'false' at least once -* LC = covered lines = lines_to_cover - uncovered_lines -* B = total number of conditions -* EL = total number of executable lines (`lines_to_cover`) - -**Coverage on new code** (`new_coverage`) -Identical to Coverage but restricted to new / updated source code. - -**Line coverage (`line_coverage`) -On a given line of code, Line coverage simply answers the following question: Has this line of code been executed during the execution of the unit tests?. It is the density of covered lines by unit tests: - -`Line coverage = LC / EL` -where -* LC = covered lines (`lines_to_cover` - `uncovered_lines`) -* EL = total number of executable lines (`lines_to_cover`) - -**Line coverage on new code** (`new_line_coverage`) -Identical to Line coverage but restricted to new / updated source code. - -**Line coverage hits** (`coverage_line_hits_data`) -List of covered lines. - -**Lines to cover** (`lines_to_cover`) -Number of lines of code which could be covered by unit tests (for example, blank lines or full comments lines are not considered as lines to cover). - -**Lines to cover on new code** (`new_lines_to_cover`) -Identical to Lines to cover but restricted to new / updated source code. - -**Skipped unit tests** (`skipped_tests`) -Number of skipped unit tests. - -**Uncovered conditions** (`uncovered_conditions`) -Number of conditions which are not covered by unit tests. - -**Uncovered conditions on new code** (`new_uncovered_conditions`) -Identical to Uncovered conditions but restricted to new / updated source code. - -**Uncovered lines** (`uncovered_lines`) -Number of lines of code which are not covered by unit tests. - -**Uncovered lines on new code** (`new_uncovered_lines`) -Identical to Uncovered lines but restricted to new / updated source code. - -**Unit tests** (`tests`) -Number of unit tests. - -**Unit tests duration** (`test_execution_time`) -Time required to execute all the unit tests. - -**Unit test errors** (`test_errors`) -Number of unit tests that have failed. - -**Unit test failures** (`test_failures`) -Number of unit tests that have failed with an unexpected exception. - -**Unit test success density (%)** (`test_success_density`) -`Test success density = (Unit tests - (Unit test errors + Unit test failures)) / Unit tests * 100` diff --git a/server/sonar-docs/src/pages/organizations/index.md b/server/sonar-docs/src/pages/organizations/index.md deleted file mode 100644 index 7ddec3f8abe..00000000000 --- a/server/sonar-docs/src/pages/organizations/index.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Organizations -scope: sonarcloud ---- - -## Overview - -An organization is a space where a team or a whole company can collaborate across many projects. - -An organization consists of: -* Projects, on which users collaborate -* [Members](/organizations/manage-team), who can have different persmissions on the projects -* [Quality Profiles](/quality-profiles) and [Quality Gates](/quality-gates), which can be customized and shared accross projects - -There are 2 kind of organizations: -* **Personal organizations**. Each account has a personal organization linked to it. This is typically where open-source developers host their personal projects. It is not possible to delete this kind of organization. -* **Standard organization**. This is the kind of organization that users want to create for their companies or for their open-source communities. As soon as you want to collaborate, it is a good idea to create such an organization. - -Organizations can be on: -* **Free plan**. This is the default plan. Every project in an organization on the free plan is public. -* **Paid plan**. This plan unlocks the ability to have private projects. Go to the "Billing" page of your organization to upgrade it to the paid plan. - -Depending on which plan the organization is in, its [visibility](/organizations/organization-visibility) will change. diff --git a/server/sonar-docs/src/pages/organizations/manage-team.md b/server/sonar-docs/src/pages/organizations/manage-team.md deleted file mode 100644 index 53d650f3746..00000000000 --- a/server/sonar-docs/src/pages/organizations/manage-team.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Manage a Team -scope: sonarcloud ---- - -Members can collaborate on the projects in the organizations to which they belong. Depending on their permisssions within the organization, members can: -* Analyse projects -* Manage project settings (permissions, visibility, quality profiles, ...) -* Update issues -* Manage quality gates and quality profiles -* Administer the organization itself - -## Adding Members - -Adding members is done on the "Members" page of the organization, and this can be done only by an administrator of -the organization. - -Adding a user as a member is possible only if that user has already signed up on SonarCloud. If the user never authenticated to -the system, the administrator will simply not be able to find the user in the search modal window. - -## Granting permissions - -Once added, a user can be granted permissions to perform various operations in the organization. It is up to the -administrator who added the user to make sure that she gets the relevant permissions. - -Organization admins will prefer to create groups to manage permissions, and add new users to those -groups through the "Members" page. With such an approach, they won't have to manage individal permissions at -project level for instance. - -## Future evolutions - -Future versions of SonarCloud will make this onboarding process easier thanks to better integrations with GitHub, -Bitbucket Cloud and VSTS: users won't have to sign up prior to joining an organization, and their permissions will -be retrieved at best from the ones existing on the other systems. diff --git a/server/sonar-docs/src/pages/organizations/organization-visibility.md b/server/sonar-docs/src/pages/organizations/organization-visibility.md deleted file mode 100644 index c9e746dfa51..00000000000 --- a/server/sonar-docs/src/pages/organizations/organization-visibility.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Organization Visibility -scope: sonarcloud ---- - -## Free plan organization - -Free plan organizations are public. This means that almost everything is visible to any user - even anonymous ones: - -* Projects -* Issues -* Quality Profiles -* Quality Gates -* Rules - -The following pages are restricted: - -* Members: to members of the organization -* Administration pages: to administrators of the organization - -## Paid plan organization - -Paid plan organizations are private. This means that nothing is visible to non-members of the organization. In other words, you need to be a member of the organization to see: - -* Projects - which are private by default -* Issues -* Quality Profiles -* Quality Gates -* Rules -* Members - -The administration pages are obviously also restricted to administrators of the organization. - -### Want to make one project public? - -If you are on a paid plan organization but want to make a project public (for instance because you are developing an open-source library), this is possible. You will have to manually make the project public in its "Administration > Permissions" page. Once done, you will notice the "Public" badge on the project. - -As soon as you have one public project, the following pages will become visible to any user: - -* Projects -* Issues -* Rules - -"Quality Profiles" and "Quality Gates" pages will remain restricted to members only - since you might not want to unveil some information used by your private projects. diff --git a/server/sonar-docs/src/pages/privacy.md b/server/sonar-docs/src/pages/privacy.md deleted file mode 100644 index 3e122cf5c6a..00000000000 --- a/server/sonar-docs/src/pages/privacy.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Privacy -scope: sonarcloud ---- - -The privacy policy specifies how data collected on this website is used. Thank you for visiting our website and your interest in our services and products. As the protection of your personal data is an important concern for us, we will explain below what information we collect during your visit to our website, as they are processed and whether or how these may be used. - -## PERSONAL DATA - -Personal information is information about personal or material circumstances of an identified or identifiable natural person. This includes information such as your first and last name, your postal or residential address, telephone numbers and date of birth. Information that can not be directly related to your real identity – such as your favorite websites or the number of users of a page – are not considered as personal data. - -## COLLECTION AND PROCESSING OF PERSONAL DATA - -As the operator and creator of the website, we do not store personal data itself automatically. If you go to our website, the provider – where the web server is hosted – may temporarily store data for the purpose of system security such as the connection of the computer, the web pages you visit, the date and duration of the visit, data about the used browser software and operating system and the web page from which you visit us. In addition to that, personal information such as your name, address, phone number or e-mail will only be stored, if you have provided this information voluntarily, eg. as part of a registration, a survey, a contest, to carry out an order or contract or an information request. - -## USE AND DISCLOSURE OF PERSONAL DATA - -Personal data you provided may be used solely for the purpose of technical website administration and to fulfill your wishes and requirements, thus primarily to processing the order with you or to respond to your request. Only if you have previously given your consent or – if stipulated by legal regulations – you entered no objection, we use this data for product surveys and marketing purposes. We don’t share, sell or transfer your personal data to third parties, unless this is necessary for the purpose of the contract or unless you have explicitly consented. For example it may be necessary, that in case of an product order we share your address and order with our suppliers. - -## USE OF WEB ANALYSIS SOFTWARE - -To improve the structure and the data we offer on our website, we might use open source or proprietary web analysis software. Our evaluations will be based on summary or averaged information amalgamated for the large numbers of people visiting the vebsite. The data provided by won’t be matched with any individual’s data from other sources. - -Data collected might include IP, time and duration of the visit, what pages are visited, used browser and add-ons/plugins, search-engines and referrer. While statistic tools might use a “cookie” to distinguish between individual visitors, the collected data doesn’t allow to identify individuals. - -## SECURITY - -We take all the necessary technical and organisational security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment that is not accessible to the public. If you communicate with us via e-mail, please note that the confidentiality of the information is not guaranteed. The contents of e-mails can be intercepted by third parties. In case of doubt we therefore recommend to send confidential information only by snail mail. - -## RIGHT OF ACCESS TO PERSONAL DATA - -Upon written request you will be informed by us what information we stored about you (such as name or address). - -## CONTACT - -If you have questions regarding the processing of personal data or in case of requests for information, suggestions or complaints, please [contact us](/#sonarcloud#/about/contact) directly. diff --git a/server/sonar-docs/src/pages/project-administration/webhooks.md b/server/sonar-docs/src/pages/project-administration/webhooks.md new file mode 100644 index 00000000000..96050491720 --- /dev/null +++ b/server/sonar-docs/src/pages/project-administration/webhooks.md @@ -0,0 +1,119 @@ +--- +title: Webhooks +url: /project-administration/webhooks/ +--- + +Webhooks notify external services when a project analysis is complete. An HTTP POST request including a JSON payload is sent to each URL. URLs may be specified at both the project and global levels. Project-level specification does not replace global-level webhooks. All hooks at both levels are called. +Plugins + +The HTTP(S) call: + +* is made regardless of the status of the Background Task +* includes a JSON document as payload, using the POST method +* has a content type of "application/json", with UTF-8 encoding + +## Configuration + +You can configure up to 10 webhooks in in **Administration > Webhooks**. + +An additional set of 10 webhooks can be configured at the global level in **Administration > Configuration > Webhooks**. + +If configured, all 20 will be executed. + +## Delivery and Payload + +### Delivery + +The Webhook administration console shows the result and timestamp of the most recent delivery of each webhook with the payload available via the list icon. Results and payloads of earlier deliveries are available from the tools menu to the right of each webhook + +Response records are purged after 30 days. + +The URL must respond within 10 seconds or the delivery is marked as failed. + +### Payload + +An HTTP header "X-SonarQube-Project" with the project key is sent to allow quick identification of the project involved + +The Payload is a JSON document which includes: + +* when the analysis was performed: see "analysedAt" +* the identification of the project analyzed: see "project" +* each Quality Gate criterion checked and its status: see "qualityGate" +* the Quality Gate status of the project: see "qualityGate.status" +* the status and the identifier of the Background Task : see "status" and "taskId" +* user-specified properties: see "properties" + +#### Example + +``` +{ + "analysedAt": "2016-11-18T10:46:28+0100", + "project": { + "key": "org.sonarqube:example", + "name": "Example" + }, + "properties": { + }, + "qualityGate": { + "conditions": [ + { + "errorThreshold": "1", + "metric": "new_security_rating", + "onLeakPeriod": true, + "operator": "GREATER_THAN", + "status": "OK", + "value": "1" + }, + { + "errorThreshold": "1", + "metric": "new_reliability_rating", + "onLeakPeriod": true, + "operator": "GREATER_THAN", + "status": "OK", + "value": "1" + }, + { + "errorThreshold": "1", + "metric": "new_maintainability_rating", + "onLeakPeriod": true, + "operator": "GREATER_THAN", + "status": "OK", + "value": "1" + }, + { + "errorThreshold": "80", + "metric": "new_coverage", + "onLeakPeriod": true, + "operator": "LESS_THAN", + "status": "NO_VALUE" + } + ], + "name": "SonarQube way", + "status": "OK" + }, + "serverUrl": "http://localhost:9000", + "status": "SUCCESS", + "taskId": "AVh21JS2JepAEhwQ-b3u" +} +``` + +## Additional parameters + +A basic authentication mechanism is supported by providing user/password in the URL of the Webhook such as `https://myLogin:myPassword@my_server/foo`. + +If you provide additional properties to your SonarQube Scanner using the pattern `sonar.analysis.*`, these properties will be automatically added to the section "properties" of the payload. + +For example these additional parameters: + +``` +sonar-scanner -Dsonar.analysis.scmRevision=628f5175ada0d685fd7164baa7c6382c1f25cab4 -Dsonar.analysis.buildNumber=12345 +``` + +Would add this to the payload: + +``` +"properties": { + "sonar.analysis.scmRevision": "628f5175ada0d685fd7164baa7c6382c1f25cab4", + "sonar.analysis.buildNumber": "12345" +} +``` diff --git a/server/sonar-docs/src/pages/quality-gates.md b/server/sonar-docs/src/pages/quality-gates.md deleted file mode 100644 index 9d1cdda2dc2..00000000000 --- a/server/sonar-docs/src/pages/quality-gates.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Quality Gates ---- - -## Overview - -A quality gate is the best way to enforce a quality policy in your organization. -It's there to answer ONE question: can I deliver my project to production today or not? - -In order to answer this question, you define a set of Boolean conditions based on measure thresholds against which projects are measured. For example: - -* No new blocker issues -* Code coverage on new code greater than 80% -* Etc. - -Ideally, all projects will be verified against the same quality gate, but that's not always practical. For instance, you may find that: - -* Technological implementation differs from one application to another (you might not require the same code coverage on new code for Web or Java applications). -* You want to ensure stronger requirements on some of your applications (internal frameworks for example). -* Etc. - -Which is why you can define as many quality gates as you wish. Quality Gates are defined and managed in the **[Quality Gates](/#sonarqube#/quality_gates)** page found in the top menu. - -## Use the Best Quality Gate Configuration - -The quality gate "Sonar way" is provided by SonarSource, activated by default and considered as built-in and so read-only. It represents our view of the best way to implement the [Fixing the Water Leak](/fixing-the-water-leak) concept. At each SonarQube release, we adjust automatically this default quality gate according to SonarQube's capabilities. - -Three metrics allow you to enforce a given Rating of Reliability, Security and Maintainability, not just overall but also on new code. These metrics are recommended and come as part of the default quality gate. We strongly advise you to adjust your own quality gates to use them to make feedback more clear to your developers looking at their quality gate on their project page. - -Don't forget also that quality gate conditions must use differential values. There is no point for example to check an absolute value such as : Number of Lines of Code is greater than 1000. - -### Recommended Quality Gate - -The `Sonar way` Built-in quality gate is recommended for most projects. If focuses on keeping new code clean, rather than spending a lot of effort remediating old code. Out of the box, it's already set as the default profile. - -## Quality Gate Status - -The current status is displayed prominently at the top of the Project Page: - -![Quality Gate Status](/images/quality-gate-status.jpeg) - -## Getting Notified When a Quality Gate Fails - -Thanks to the notification mechanism, users can be notified when a quality gate fails. To do so, subscribe to the **New quality gate status** notification either for all projects or a set of projects you're interested in. - -## Security - -Quality Gates can be accessed by any user (even anonymous users). All users can view every aspect of a quality gate. - -To make changes (create, edit or delete) users must be granted the **Administer Quality Profiles and Gates** permission. - -A **project administrator** can choose which quality gates his/her project is associated with. See Project Settings for more. - -## Defining Quality Gates - -To manage quality gates, go to **[Quality Gates](/#sonarqube#/quality_gates)** (top menu bar). - -Each Quality Gate condition is a combination of: - -* measure -* period: **Value** (to date) or **New Code** (differential value over the New Code period) -* comparison operator -* warning value (optional) -* error value (optional) - -For instance, a condition might be: - -* measure: Blocker issue -* period: Value -* comparison operator: > -* error value: 0 - -Which can be stated as: No blocker issues. diff --git a/server/sonar-docs/src/pages/quality-profiles.md b/server/sonar-docs/src/pages/quality-profiles.md deleted file mode 100644 index 1e9c03e95e6..00000000000 --- a/server/sonar-docs/src/pages/quality-profiles.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Quality Profiles ---- - -## Overview - -The Quality Profiles service is central to SonarQube, since it is where you define your requirements by defining sets of **rules** (ex: Methods should not have a Cognitive Complexity greater than 15). - -Ideally, all projects will be measured with the same profile for any given language, but that's not always practical. For instance, you may find that: - -* The technological implementation differs from one application to another (for example, different coding rules may apply when building threaded or non-threaded Java applications). -* You want to ensure stronger requirements on some of your applications (internal frameworks for example). -* Etc. - -Which is why you can define as many quality profiles as you wish even though it is recommended to have as few Quality Profiles as possible to ensure consistency across the projects in your company. To manage quality profiles, go to [**Quality Profiles**](/#sonarqube#/profiles)**Quality Profiles** page of your organization, where you'll find profiles grouped by language. - -Each language plugin comes with a predefined, built-in profile (usually called "Sonar way") so that you can get started very quickly with SonarQube analyses. This is why as soon as you install a new language plugin, at least one quality profile will be available for you. Each language must have a default profile (marked with the Default tag). Projects that are not explicitly associated with a specific profile will be analyzed using the language's default profile. - -When starting from a new installation, it's tempting to use Sonar way as your default profile because it contains all the rules that are generally applicable to most projects. But as a best practice, you should create a new profile (you can populate it by copying the contents of Sonar way) and use it instead. Why? First because Sonar way profiles aren't editable, so you won't be able to customize it to your needs. Also, that lets you treat Sonar way as a baseline against which you can track your own profile as you make changes to it (and you will). Plus, Sonar way is typically updated with each new version of the plugin to add rules and sometimes adjust rule severities. Any profile that inherits from the built-in Sonar Way will de-facto be automatically updated at the same time. - -## How do I... - -### Delegate the management of Quality Profiles to someone else? - -By default, only users with the "Administer Quality Profiles" permission can edit Quality Profiles. But in large organizations, it may not be desirable to grant permissions to change all the Quality Profiles without distinction. That's why you can also grant users/groups the permission to edit an individual Quality Profile so that, for instance, the management of the Swift profile can be delegated to a group of Swift experts, and the same for COBOL, ... - -This delegation of permission can only be performed by someone who already has the "Administer Quality Profiles" permission or individual edit rights on the profile to which additional permissions should be granted. The interface to grant individual permissions is available on the profile detail page. - -### Copy the rules from one profile to another? - -Many times people want to work from a profile that's based on a built-in profile without actually using the built-in profile. The easiest thing to do in this case is to go to the original profile, we'll call it _Source_, in **Quality Profiles**. From there, click through on the total number of rules in _Source_ to land on the **Rules** page at a pre-narrowed search of _Source_'s rules. Use **Bulk Activate** to turn Source's rules on in your target profile. - -### Know what's changed in a profile? - -When SonarQube notices that an analysis was performed with a profile that is different in some way from the previous analysis, a Quality Profile event is added to the project's event log. To see the changes in a profile, navigate to the profile (**Quality Profiles > [ Profile Name ]**), and choose **Changelog**. This may help you understand how profile changes impact the issues raised in an analysis. - -Additionally, users with Quality Profile administration privileges are notified by email each time a built-in profile (one that is provided directly by an analyzer) is updated. These updates can only be caused by analyzer updates. - -### Copy a profile from one SonarQube instance to another? - -Use the **Back up** feature on the source instance to export the profile to an XML file. Use the **Restore Profile** feature on the target instance to import the file. Note that some [limitations](https://jira.sonarsource.com/browse/SONAR-5366) on this feature exist. - -![Restore Quality Profile](/images/restore-quality-profile.jpeg) - -### Apply a core set of rules plus additional rules to a project? - -Let's say your company has a minimum set of coding rules that all teams must follow, but you want to add rules that are specific to the in use technology in your project. Those rules are good for your team, but irrelevant or even misleading for others. This situation calls for inheritance. Set up a base profile, we'll call it _Root_ with your core set of rules. Then create a child profile, we'll call it _Sprout_. Once it's created, you can **Change parent** to inherit from _Root_, then add your missing rules. - -### Make sure my non-default profile is used on a project? - -One profile for each language is marked the default. Barring any other intervention, all projects that use that language will be analyzed with that profile. To have a project analyzed by a non-default profile instead, start from **Quality Profiles**, and click through on your target profile, then use the Projects part of the interface to manage which projects are explicitly assigned to the profile. - -### Make sure I've got all the relevant new rules in my profile? - -Each time a language plugin update is released, new rules are added, but they won't appear automatically in your profile unless you're using a built-in profile such as _Sonar way_. - -If you're not using a built-in profile, you can compare your profile to the built-in profile to see what new on-by-default rules you're missing. - -Another option is to go to the **Rules** space, and use the **Available Since** search facet to see what rules have been added to the platform since the day you upgraded the relevant plugin. - -And finally, the profile interface itself will help you be aware of rules added in a new plugin version in the **Latest New Rules** section on the right of the interface. - -### Compare two profiles? - -Starting from the **Quality Profiles** page, click through on one of the profiles you'd like to compare, then use the **Actions > Compare** interface to select the second profile and see the differences. - -### Make sure I don't have any deprecated rules in my profile? - -The **Deprecated Rules** section of the rules interface itself is your first warning that a profile contains deprecated rules. This pink-background section gives the total number of instances of deprecated rules that are currently active in profiles, and a breakdown of deprecated count per profile. A click-through here takes you to the **Rules** page to edit the profile in question. - -Alternately, you can perform a **Rules** search for the rules in a profile (either manually or by clicking-through from **Quality Profiles** page) and use the **Status** rule search facet to narrow the list to the ones that need attention. - -## Security - -The Quality Profiles service can be accessed by any user (even anonymous users). All users can view every aspect of a profile. That means anyone can see which rules are included in a profile, and which ones have been left out, see how a profile has changed over time, and compare the rules in any two profiles. - -To make rule profile changes (create, edit or delete) users must be granted the **Administer Quality Profiles and Gates** permission. - -A **project administrator** can choose which profiles his project is associated with. See Project Settings for more. diff --git a/server/sonar-docs/src/pages/security-reports.md b/server/sonar-docs/src/pages/security-reports.md deleted file mode 100644 index 79d6372e5a4..00000000000 --- a/server/sonar-docs/src/pages/security-reports.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Security Reports ---- - -## What do the Security Reports show? -The Security Reports are designed to quickly give you the big picture on your application's security, with breakdowns of just where you stand in regard to each of the [OWASP Top 10](https://www.owasp.org/index.php/Top_10-2017_Top_10), and [SANS Top 25](https://www.sans.org/top25-software-errors) categories, and [CWE](http://cwe.mitre.org/)-specific details. -The Security Reports are fed by the analyzers, which rely on the rules activated in your quality profiles to raise security issues. If there are no rules corresponding to a given OWASP category activated in your Quality Profile, you will get no issues linked to that specific category and the rating displayed will be A. That won't mean you are safe for that category, but that you need to activate more rules (assuming some exist). - -## What's the difference between a Hotspot and a Vulnerability? -Vulnerabilities are points in the code which are open to attack. -Security Hotspots are security-sensitive pieces of code that should be carefully reviewed by someone with a security auditor hat. This person can be: -* a member of the development team who is more sensitive to security problems -* someone outside the development team contracted for the purpose of reviewing these Hotspots. - -The main goal of Security Hotspots is to help focus the efforts of the security auditors who manually review application source code. The second goal is to educate developers and to increase their security-awareness. -Having a Hotspot in your application does not mean there is a problem. What it does mean is that a human, preferably a security auditor/expert should look over the code to see if the sensitive piece of code is being used in the safest manner. - -## Why don't I see any Hotspots? -They are three reasons you might not see any Hotspots: -* it is possible you really have none of them because the code has been written without using any security-sensitive API. -* it is possible that Hotspot rules are available, but not yet activated in your Quality Profile, and so naturally no issues are raised -* it is more likely that the analyzer for the langauge you're using does not yet offer Hotspot rules, and so it doesn't raise any Hotspots regardless of the quality of how many are actually there, but this last option will disappear over time. - -## Why don't I see any Vulnerabilities? -You might not see any Vulnerabilities for more or less the same reasons as for Hotspots, but it may be more surprising for Vulnerabilities because you may see some Vulnerabilities reported in the Project homepage, while there are none in the Security Reports. This is because the language analyzer may not yet provide the "Security Standards" metadata required for issues to be visible on the Security Reports. This metadata is basically the link between a Rule (and its issues) and the "OWASP Top 10" or "SANS Top 25" categories. Without this link, there is no way to associate an already existing Vulnerability to the Security Standard categories and so to display security issues correctly in the reports. Every analyzer version released by SonarSource after July 2018 should feed the "Security Standards" and be compatible with the Hotspot issue type. - -## I'm a developer. Should I care about Hotspots? -Probably not. Hotspots, as such, aren't really actionable. They simply mark *potential* problems, so there's really nothing to do immediately on the code. That's why you don't receive notifications when Hotspot issues are raised, and why Hotspots aren't shown in the Issues page by default. - -## What if my Hotspot really marks a Vulnerability? -If you look at the code where a Hotspot is raised and realize that there really is a problem, click on the current status (probably `Open`) to register that you've *Detect*ed a Vulnerability at that point in the code. Once you do, it will be converted to a Vulnerability, and the developer who last touched the line will receive "new issue" notifications (if she's signed up to get them). - -## What happens after my Hotspot becomes a Vulnerability? -Once you've *Detect*ed that there really is a problem at a Hotspot location, it will be assigned to the appropriate developer, who will make a fix, and must then `Request Review` *via the UI*. That request moves the issue from Vulnerability back to Hotspot. From there, it's up to the security auditor to either `Accept` or `Reject` the fix. Accepting the fix will mark it `Won't Fix`, and rejecting it will turn it back into a Vulnerability, putting it back in the developer's queue. - -## What does it mean for a Hotspot to be marked "Won't Fix"? -The `Won't Fix` designation is used to indicate that a Hotspot has been reviewed and there is no way, as of now, to exploit this piece of code to create an attack. - - diff --git a/server/sonar-docs/src/pages/security.md b/server/sonar-docs/src/pages/security.md deleted file mode 100644 index 1ec4590eb9c..00000000000 --- a/server/sonar-docs/src/pages/security.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: SonarCloud Security -scope: sonarcloud ---- - -We know that your code is very important to you and your business. We also know that no one wants proven bugs or vulnerabilities found on their source code to be unveiled to third-parties. This is why we take security extremely seriously. - -## Hosting - -SonarCloud is hosted on Amazon AWS in Frankfurt. - -## System security - -We keep system up to date, OS packages are updated at least weekly. SonarCloud is on its own AWS VPC. We have firewall at VPC and VM level. - -Except the Operations team, no SonarSource employee has access to the system, especially the database which stores source code and analysis results. - -The Operations team has access to the system through secured channels (SSH) only. - -## Data security - -All the data is stored on a Postgres RDS instance which only the Operation has access to. - -Isolation of data per organization is ensured at software level, which secures access to source code to organization members only. - -The source code is not encrypted in the database, but the access to the database is restricted to SonarSource operations team and can be done only through a SSH tunnel. - -The DB is backed up everyday by Amazon RDS mechanism, with 7 days retention. - -## Software security - -The Web Application and Web APIs regularly pass penetration testing conducted by a an external company, specialized in cyber and application security, certified in accordance to ISO-27001 and which is also member of the OWASP. - -## Communications - -All communications are done over TLS 1.2: -* Navigating in the Web application -* Using WS APIs -* Running analysis (by the scanners) from CI services and pushing analysis reports to SonarCloud - -## SonarCloud Webhook IPs - -SonarCloud performs webhook calls from the following list of IPs: -``` -52.59.209.17 -52.59.246.1 -54.93.180.144 -18.194.44.125 -18.194.244.158 -18.195.64.198 -``` - -## Authentication - -Primary authentication on the system is available only through OAuth authentication with GitHub, Bitbucket Cloud and Microsoft VSTS. As a consequence, users don’t have a password on SonarCloud, and are as protected as what they expect (especially with 2FA activated on those systems). - -For WS API calls or source code analysis triggered from CI services, only revocable user tokens are accepted. - -## Payment - -When you subscribe to the paid plan on SonarCloud, your credit card information never transit through our system nor it gets stored on the server. It's handed off to [Braintree Payment Solutions](https://www.braintreepayments.com), a company dedicated to storing your sensitive data on [PCI-Compliant](http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard) servers. diff --git a/server/sonar-docs/src/pages/sonarcloud-pricing.md b/server/sonar-docs/src/pages/sonarcloud-pricing.md deleted file mode 100644 index e38c41a713a..00000000000 --- a/server/sonar-docs/src/pages/sonarcloud-pricing.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Pricing -scope: sonarcloud ---- - -Subscribing to a paid plan on SonarCloud allows you to analyze unlimited private projects. You can make your code visible by members of your organization only. - -## How is SonarCloud priced? - -SonarCloud is priced on a monthly basis per lines of code. You pay up front for a maximum number of lines of code to be analyzed in your organization. - -Find your max LOC below to see what it will cost you per month: - -| Up to lines of code | Price per month in € | -| ------------- |--------------:| -| 100k | 10 | -| 250k | 75 | -| 500k | 150 | -| 1M | 250 | -| 2M | 500 | -| 5M | 1'500 | -| 10M | 3'000 | -| 20M | 4'000 | - - -## What's the difference between the free and paid plans? - -2 options are available to start using SonarCloud: free and paid plans. Both plans let you benefit from all the features available on SonarCloud. - -*Free plan:* - -* For open source projects -* Anyone can see your projects -* You choose who can edit your projects -* Unlimited lines of code (LOCs) - -*Paid plan:* - -* If you need (some or all) private projects -* You choose who can see your private projects -* You choose who can edit your projects -* Priced by lines of private code - -## How do I activate the paid plan? - -You can activate the paid plan on the "Administration > Billing" page of your organization. - -## What payment options are available? - -Payment is done online by credit card and will happen automatically every month, based on the plan you choose. - -We also accept to receive a purchase order and a wire transfer payment, if ordering a yearly subscription for more than 1M LOCs. In this case, you need to contact us through the Contact form. - -## Can I try a private project on SonarCloud for free? - -Your first 14 days are on us. You just have to upgrade your organization to a paid plan, and fill your credit card information to get started. After your trial, if you love it you can continue using SonarCloud and you will be charged for the plan you selected when you first started your free trial. You can cancel anytime. - -## What is a Line of Code (LOC) on SonarCloud? - -LOCs are computed by summing up the LOCs of each project analyzed in SonarCloud. The LOCs used for a project are the LOCs found during the most recent analysis of this project. - - -## How are Lines of Code (LOCs) counted towards billing? - -Only LOC from your private projects are counted toward your maximum number of LOCs. If your project contains branches, the counted LOCs are the ones of the biggest branch. - -The count is not related to how frequently the source code is analyzed. If your private project has a 6K LOCs and you analyze it 100 times in the month, this will be counted as 6K for the billing. - -If you are getting close to the threshold you will be notified to either upgrade your plan or reduce the number of LOCs in your projects. - -## When will I be invoiced? - -You will be invoiced once a month, the day of the month after your trial ends. For example if you start your free trial on January 1st, it will last till January 14th and you will be first billed on January 15th for your upcoming month, aka January 15th to February 15th. - -## How do I get invoices? - -You can download PDF invoices for every payment from the "Administration > Billing" page of your organization. - -If you want to get those invoices by email, please [contact us](/#sonarcloud#/about/contact). - -## Can I stop using the service? - -Yes, you can stop using SonarCloud anytime you want. You simply need to downgrade your organization to the free plan. - -## Still have more questions? - -Contact us [here](https://about.sonarcloud.io/contact). - - diff --git a/server/sonar-docs/src/pages/sonarcloud/analyze-a-project.md b/server/sonar-docs/src/pages/sonarcloud/analyze-a-project.md new file mode 100644 index 00000000000..113f8d502e8 --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/analyze-a-project.md @@ -0,0 +1,26 @@ +--- +title: Analyze a Project +url: /analyze-a-project/ +--- + +## Prepare your organization + +A project must belong to an [organization](/organizations/overview/). Create one if you intend to collaborate with your team mates, or use your personal organization for test purposes. + +[[info]] +| ** Important note for private code:** Newly created organizations and personal organizations are under a free plan by default. This means projects analyzed on these organizations are public by default: the code will be browsable by anyone. If you want private projects, you should [upgrade your organization to a paid plan](/sonarcloud-pricing/) in the "Administration > Billing" page of your organization. + +Find the key of your organization, you will need it at later stages. It can be found on the top right corner of your organization's header. + +## Run analysis + +SonarCloud currently does not trigger analyses automatically - this feature will come in a near future. Currently, it's up to you to launch them inside your +existing CI scripts. + +Depending on which cloud solution you are using for your developments, you can rely on dedicated integrations to help you: + +* VSTS: [read our dedicated documentation](/integrations/vsts/) +* Bitbucket Cloud: [read our dedicated documentation](/integrations/bitbucketcloud/) +* GitHub: [read our dedicated documentation](/integrations/github/) + +If you are not using those solutions, you will have to find out what command to execute to run the analysis. Our [tutorial](/#sonarcloud#/onboarding) will help you on this. diff --git a/server/sonar-docs/src/pages/sonarcloud/integrations/bitbucketcloud.md b/server/sonar-docs/src/pages/sonarcloud/integrations/bitbucketcloud.md new file mode 100644 index 00000000000..6006edcf435 --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/integrations/bitbucketcloud.md @@ -0,0 +1,79 @@ +--- +title: Integration with Bitbucket Cloud +url: /integrations/bitbucketcloud/ +--- + +## Authentication + +You can connect to SonarCloud using your Bitbucket Cloud account. On the [login page](/#sonarcloud#/sessions/new), just click on the "Log in with Bitbucket" button. + +## Install SonarCloud add-on for Bitbucket Cloud + +Our Bitbucket Cloud application allows users to automate the SonarCloud analysis with Pipelines. It also allows users to view their SonarCloud metrics directly on Bitbucket Cloud via our Code Quality widget and the decoration of pull-requests. + +In Bitbucket Cloud, go to your team's "Settings > Find integrations" page, search for "SonarCloud" in the "Code Quality" category and click on "Add" to install the application. + +## Analyzing with Pipelines + +SonarCloud integrates with Bitbucket Pipelines to make it easier to trigger analyses. Follow the steps: + +1. On SonarCloud, once your project is created, follow the tutorial on the dashboard of the project. You can copy-paste the command line displayed at the end. + +2. On Bitbucket Cloud, go to the "Settings > Pipelines > Environment variables" page of your team, and add a new SONAR_TOKEN variable that contains the value of the SonarCloud token (something like `9ad01c85336b265406fa6554a9a681a4b281135f`) which you created during the tutorial (and which is available inside the command line that you copy-pasted). **Make sure that you click on the "Lock" icon to encrypt and hide this token.** + +3. Inside the `bitbucket-pipelines.yml` file of your repository, copy the command line provided by the tutorial and replace the actual token by its variable name. For example, for a Java Maven-based project, you should have something like: + +``` +script: + -mvn sonar:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=my-team-org -Dsonar.login=$SONAR_TOKEN +``` + +When this change on `bitbucket-pipelines.yml` is committed and pushed, Pipelines should automatically run a new build and therefore trigger the analysis of the repository. Shortly after, your project will appear on SonarCloud in your organization. + +4. Once you see your project in SonarCloud, go to the Bitbucket Cloud "Settings > SonarCloud" page. If the dropdown is empty, find your project in the select box to link it. + +From now on, everytime Pipelines triggers a build, SonarCloud will: + +* Analyze every new branch that contains the change on the `bitbucket-pipelines.yml` file. +* Analyze and decorate every pull request based on such a branch. + +## Quality widget + +SonarCloud provides a widget that shows the current quality metrics of your project directly on the repository's Overview page on Bitbucket Cloud. + +If you have configured the analysis with Pipelines as described above, you will see this widget on the "Overview" page of your repository. + +If you haven't configured the analysis with Pipelines (maybe because you are using another CI tool), follow these few steps: + +1. Go to the repository where you want to display the widget. On the "Overview" page, you should see an empty SonarCloud widget. Click on the link inside the empty widget or just go directly to your repository's "Settings > SonarCloud Settings". + +2. If you're not already logged in on SonarCloud, do it by using the options provided there. You can log in with Bitbucket Cloud by clicking on the blue button, or click on "More options" to log in with GitHub or VSTS. + +3. Once you're logged in on SonarCloud, you should see a dropdown allowing you to choose one of the projects you administer. Just choose the one you want to link to this Bitbucket repository and click "Save". + +4. You can now go back to your repository's Overview page on Bitbucket and see the widget with all current SonarCloud metrics displayed. + +If you want to hide this widget (e.g. because your repository is not analyzed on SonarCloud), you can go to the "Settings > SonarCloud" page of your repository and check "Hide repository overview widget". + +## FAQ + +**Do you have a sample project on Bitbucket Cloud?** +For the time being, you can take a look at this very simple JS project: [Sample project analysed on SonarCloud](https://bitbucket.org/bellingard/fab) + +**Pipelines can't find sonar-scanner** +If you want to analyze a non-Java project (JS, TS, PHP, Python, Go, ...), you will need to download and install the [Scanner CLI](https://redirect.sonarsource.com/doc/install-configure-scanner.html) during the execution of your build prior to the actual code scan. You have two options: + +* You can download it (with curl for instance) from the links available on the documentation page and unpack it (preferably in a cached folder for later reuse). +* On Node environments, you can rely on a [community NPM module](https://www.npmjs.com/package/sonarqube-scanner) to install it globally and therefore make it available in the PATH. + +**I don't see the any quality information whereas I configured everything** +Make sure that your browser is not using some extensions like AdBlocks. They tend to break the integration of third-party applications in BitBucket Cloud. + +## Upcoming features and improvements + +There are various areas in which you can expect new features and improvements: + +* Tighter integration with Pipelines (less parameters to pass on the CLI, availability of the scanner, ...) +* Pull request decoration with inline comments to show the issues within the PR +* Better and easier team onboarding +* Automatic analysis (i.e. no need to configure anything from Pipelines) diff --git a/server/sonar-docs/src/pages/sonarcloud/integrations/github.md b/server/sonar-docs/src/pages/sonarcloud/integrations/github.md new file mode 100644 index 00000000000..c283c9689c6 --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/integrations/github.md @@ -0,0 +1,34 @@ +--- +title: Integration with GitHub +url: /integrations/github/ +--- + +## Authentication + +You can connect to SonarCloud using your GitHub account. On the [login page](/#sonarcloud#/sessions/new), just click on the "Log in with GitHub" button. + +## Trigger analyses + +SonarCloud currently does not trigger analyses automatically. It's up to you to launch them inside your +existing CI scripts. Please follow the [tutorial](/#sonarcloud#/onboarding) to get started. + +### Using Travis CI? + +If you are using Travis CI, the SonarCloud Travis Add-on will make it easier to activate analyses: +* Read the [guide to integrate with Travis CI](https://docs.travis-ci.com/user/sonarcloud/) +* Check out the [various sample projects](https://github.com/SonarSource/sonarcloud_examples) (Java, TypeScript, C/C++, Go, ... etc) that are analyzed on SonarCloud on a frequent basis + +## Activating pull request decoration + +To have your pull requests decorated by SonarCloud in GitHub, you need to [install the SonarCloud application](https://github.com/apps/sonarcloud) on your GitHub organization(s). + +Once installed, there is nothing more to do if you are using the Travis Add-on. In any other case, you will need +to pass the following properties in your script during the analysis: + +``` +sonar.pullrequest.base=master +sonar.pullrequest.branch=feature/my-new-feature +sonar.pullrequest.key=5 +sonar.pullrequest.provider=GitHub +sonar.pullrequest.github.repository=my-company/my-repo +``` diff --git a/server/sonar-docs/src/pages/sonarcloud/integrations/vsts.md b/server/sonar-docs/src/pages/sonarcloud/integrations/vsts.md new file mode 100644 index 00000000000..448affcd709 --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/integrations/vsts.md @@ -0,0 +1,38 @@ +--- +title: Integration with VSTS +url: /integrations/vsts/ +--- + + +## Authentication + +You can connect to SonarCloud using your VSTS account. On the [login page](/#sonarcloud#/sessions/new), just click on the "Log in with VSTS" button. + +[[warning]] +| Only work and school VSTS accounts are authorized to login on SonarCloud. + +## Install the SonarCloud VSTS extension + +The SonarCloud VSTS extension brings everything you need to have your projects analyzed on SonarCloud +very quickly: +* Integration with the Build definitions to easily trigger the analysis +* Pull request decoration to get quick feedback on the code changes +* Widget to have the overview quality of your projects inside VSTS dashboards + +Install [SonarCloud extension for VSTS](https://marketplace.visualstudio.com/items?itemName=SonarSource.sonarcloud)by clicking on the "Get it free" button. + +Then follow the comprehensive [Microsoft lab on how to integrate VSTS with SonarCloud](https://aka.ms/sonarcloudlab). + +## Quality Gate Status widget + +You can monitor the Quality Gate status of your projects directly in your VSTS dashboard. Follow these simple steps to configure your widget: + +1. Once the VSTS extension is installed and your project has been successfully analyzed, go to one of your VSTS dashboards (or create one). Click on the pen icon in the bottom right corner of the screen, and then on the "+" icon to add a widget. + +2. In the list of widgets, select the "Code Quality" one and then click on the "Add" button. An empty widget is added to your dashboard. + +3. You can then click on the widget's cogwheel icon to configure it. + + * **For public projects:** you can simply select your project from the dropdown. A searchbar inside the dropdown will help you find it easily. Just select it and click on the "Save" button. + + * **For private projects:** you'll have to log in using the links provided under the dropdown. Once logged in, your private projects will appear in the dropdown. Select the one you are interested in, and click on "Save". diff --git a/server/sonar-docs/src/pages/sonarcloud/organizations/index.md b/server/sonar-docs/src/pages/sonarcloud/organizations/index.md new file mode 100644 index 00000000000..b872a83ac19 --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/organizations/index.md @@ -0,0 +1,23 @@ +--- +title: Organizations +url: /organizations/overview/ +--- + +## Overview + +An organization is a space where a team or a whole company can collaborate across many projects. + +An organization consists of: +* Projects, on which users collaborate +* [Members](/organizations/manage-team/), who can have different persmissions on the projects +* [Quality Profiles](/instance-administration/quality-profiles/) and [Quality Gates](/user-guide/quality-gates/), which can be customized and shared accross projects + +There are 2 kind of organizations: +* **Personal organizations**. Each account has a personal organization linked to it. This is typically where open-source developers host their personal projects. It is not possible to delete this kind of organization. +* **Standard organization**. This is the kind of organization that users want to create for their companies or for their open-source communities. As soon as you want to collaborate, it is a good idea to create such an organization. + +Organizations can be on: +* **Free plan**. This is the default plan. Every project in an organization on the free plan is public. +* **Paid plan**. This plan unlocks the ability to have private projects. Go to the "Billing" page of your organization to upgrade it to the paid plan. + +Depending on which plan the organization is in, its [visibility](/organizations/organization-visibility/) will change. diff --git a/server/sonar-docs/src/pages/sonarcloud/organizations/manage-team.md b/server/sonar-docs/src/pages/sonarcloud/organizations/manage-team.md new file mode 100644 index 00000000000..8cbb162bcc1 --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/organizations/manage-team.md @@ -0,0 +1,34 @@ +--- +title: Manage a Team +url: /organizations/manage-team/ +--- + +Members can collaborate on the projects in the organizations to which they belong. Depending on their permisssions within the organization, members can: +* Analyse projects +* Manage project settings (permissions, visibility, quality profiles, ...) +* Update issues +* Manage quality gates and quality profiles +* Administer the organization itself + +## Adding Members + +Adding members is done on the "Members" page of the organization, and this can be done only by an administrator of +the organization. + +Adding a user as a member is possible only if that user has already signed up on SonarCloud. If the user never authenticated to +the system, the administrator will simply not be able to find the user in the search modal window. + +## Granting permissions + +Once added, a user can be granted permissions to perform various operations in the organization. It is up to the +administrator who added the user to make sure that she gets the relevant permissions. + +Organization admins will prefer to create groups to manage permissions, and add new users to those +groups through the "Members" page. With such an approach, they won't have to manage individal permissions at +project level for instance. + +## Future evolutions + +Future versions of SonarCloud will make this onboarding process easier thanks to better integrations with GitHub, +Bitbucket Cloud and VSTS: users won't have to sign up prior to joining an organization, and their permissions will +be retrieved at best from the ones existing on the other systems. diff --git a/server/sonar-docs/src/pages/sonarcloud/organizations/organization-visibility.md b/server/sonar-docs/src/pages/sonarcloud/organizations/organization-visibility.md new file mode 100644 index 00000000000..94c560580a4 --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/organizations/organization-visibility.md @@ -0,0 +1,44 @@ +--- +title: Organization Visibility +url: /organizations/organization-visibility/ +--- + +## Free plan organization + +Free plan organizations are public. This means that almost everything is visible to any user - even anonymous ones: + +* Projects +* Issues +* Quality Profiles +* Quality Gates +* Rules + +The following pages are restricted: + +* Members: to members of the organization +* Administration pages: to administrators of the organization + +## Paid plan organization + +Paid plan organizations are private. This means that nothing is visible to non-members of the organization. In other words, you need to be a member of the organization to see: + +* Projects - which are private by default +* Issues +* Quality Profiles +* Quality Gates +* Rules +* Members + +The administration pages are obviously also restricted to administrators of the organization. + +### Want to make one project public? + +If you are on a paid plan organization but want to make a project public (for instance because you are developing an open-source library), this is possible. You will have to manually make the project public in its "Administration > Permissions" page. Once done, you will notice the "Public" badge on the project. + +As soon as you have one public project, the following pages will become visible to any user: + +* Projects +* Issues +* Rules + +"Quality Profiles" and "Quality Gates" pages will remain restricted to members only - since you might not want to unveil some information used by your private projects. diff --git a/server/sonar-docs/src/pages/sonarcloud/privacy.md b/server/sonar-docs/src/pages/sonarcloud/privacy.md new file mode 100644 index 00000000000..a92e13c100a --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/privacy.md @@ -0,0 +1,36 @@ +--- +title: Privacy +url: /privacy/ +--- + +The privacy policy specifies how data collected on this website is used. Thank you for visiting our website and your interest in our services and products. As the protection of your personal data is an important concern for us, we will explain below what information we collect during your visit to our website, as they are processed and whether or how these may be used. + +## PERSONAL DATA + +Personal information is information about personal or material circumstances of an identified or identifiable natural person. This includes information such as your first and last name, your postal or residential address, telephone numbers and date of birth. Information that can not be directly related to your real identity – such as your favorite websites or the number of users of a page – are not considered as personal data. + +## COLLECTION AND PROCESSING OF PERSONAL DATA + +As the operator and creator of the website, we do not store personal data itself automatically. If you go to our website, the provider – where the web server is hosted – may temporarily store data for the purpose of system security such as the connection of the computer, the web pages you visit, the date and duration of the visit, data about the used browser software and operating system and the web page from which you visit us. In addition to that, personal information such as your name, address, phone number or e-mail will only be stored, if you have provided this information voluntarily, eg. as part of a registration, a survey, a contest, to carry out an order or contract or an information request. + +## USE AND DISCLOSURE OF PERSONAL DATA + +Personal data you provided may be used solely for the purpose of technical website administration and to fulfill your wishes and requirements, thus primarily to processing the order with you or to respond to your request. Only if you have previously given your consent or – if stipulated by legal regulations – you entered no objection, we use this data for product surveys and marketing purposes. We don’t share, sell or transfer your personal data to third parties, unless this is necessary for the purpose of the contract or unless you have explicitly consented. For example it may be necessary, that in case of an product order we share your address and order with our suppliers. + +## USE OF WEB ANALYSIS SOFTWARE + +To improve the structure and the data we offer on our website, we might use open source or proprietary web analysis software. Our evaluations will be based on summary or averaged information amalgamated for the large numbers of people visiting the vebsite. The data provided by won’t be matched with any individual’s data from other sources. + +Data collected might include IP, time and duration of the visit, what pages are visited, used browser and add-ons/plugins, search-engines and referrer. While statistic tools might use a “cookie” to distinguish between individual visitors, the collected data doesn’t allow to identify individuals. + +## SECURITY + +We take all the necessary technical and organisational security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment that is not accessible to the public. If you communicate with us via e-mail, please note that the confidentiality of the information is not guaranteed. The contents of e-mails can be intercepted by third parties. In case of doubt we therefore recommend to send confidential information only by snail mail. + +## RIGHT OF ACCESS TO PERSONAL DATA + +Upon written request you will be informed by us what information we stored about you (such as name or address). + +## CONTACT + +If you have questions regarding the processing of personal data or in case of requests for information, suggestions or complaints, please [contact us](/#sonarcloud#/about/contact) directly. diff --git a/server/sonar-docs/src/pages/sonarcloud/security.md b/server/sonar-docs/src/pages/sonarcloud/security.md new file mode 100644 index 00000000000..89315038c6b --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/security.md @@ -0,0 +1,61 @@ +--- +title: SonarCloud Security +url: /security/ +--- + +We know that your code is very important to you and your business. We also know that no one wants proven bugs or vulnerabilities found on their source code to be unveiled to third-parties. This is why we take security extremely seriously. + +## Hosting + +SonarCloud is hosted on Amazon AWS in Frankfurt. + +## System security + +We keep system up to date, OS packages are updated at least weekly. SonarCloud is on its own AWS VPC. We have firewall at VPC and VM level. + +Except the Operations team, no SonarSource employee has access to the system, especially the database which stores source code and analysis results. + +The Operations team has access to the system through secured channels (SSH) only. + +## Data security + +All the data is stored on a Postgres RDS instance which only the Operation has access to. + +Isolation of data per organization is ensured at software level, which secures access to source code to organization members only. + +The source code is not encrypted in the database, but the access to the database is restricted to SonarSource operations team and can be done only through a SSH tunnel. + +The DB is backed up everyday by Amazon RDS mechanism, with 7 days retention. + +## Software security + +The Web Application and Web APIs regularly pass penetration testing conducted by a an external company, specialized in cyber and application security, certified in accordance to ISO-27001 and which is also member of the OWASP. + +## Communications + +All communications are done over TLS 1.2: +* Navigating in the Web application +* Using WS APIs +* Running analysis (by the scanners) from CI services and pushing analysis reports to SonarCloud + +## SonarCloud Webhook IPs + +SonarCloud performs webhook calls from the following list of IPs: +``` +52.59.209.17 +52.59.246.1 +54.93.180.144 +18.194.44.125 +18.194.244.158 +18.195.64.198 +``` + +## Authentication + +Primary authentication on the system is available only through OAuth authentication with GitHub, Bitbucket Cloud and Microsoft VSTS. As a consequence, users don’t have a password on SonarCloud, and are as protected as what they expect (especially with 2FA activated on those systems). + +For WS API calls or source code analysis triggered from CI services, only revocable user tokens are accepted. + +## Payment + +When you subscribe to the paid plan on SonarCloud, your credit card information never transit through our system nor it gets stored on the server. It's handed off to [Braintree Payment Solutions](https://www.braintreepayments.com), a company dedicated to storing your sensitive data on [PCI-Compliant](http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard) servers. diff --git a/server/sonar-docs/src/pages/sonarcloud/sonarcloud-pricing.md b/server/sonar-docs/src/pages/sonarcloud/sonarcloud-pricing.md new file mode 100644 index 00000000000..fd0567412f4 --- /dev/null +++ b/server/sonar-docs/src/pages/sonarcloud/sonarcloud-pricing.md @@ -0,0 +1,89 @@ +--- +title: Pricing +url: /sonarcloud-pricing/ +--- + +Subscribing to a paid plan on SonarCloud allows you to analyze unlimited private projects. You can make your code visible by members of your organization only. + +## How is SonarCloud priced? + +SonarCloud is priced on a monthly basis per lines of code. You pay up front for a maximum number of lines of code to be analyzed in your organization. + +Find your max LOC below to see what it will cost you per month: + +| Up to lines of code | Price per month in € | +| ------------- |--------------:| +| 100k | 10 | +| 250k | 75 | +| 500k | 150 | +| 1M | 250 | +| 2M | 500 | +| 5M | 1'500 | +| 10M | 3'000 | +| 20M | 4'000 | + + +## What's the difference between the free and paid plans? + +2 options are available to start using SonarCloud: free and paid plans. Both plans let you benefit from all the features available on SonarCloud. + +*Free plan:* + +* For open source projects +* Anyone can see your projects +* You choose who can edit your projects +* Unlimited lines of code (LOCs) + +*Paid plan:* + +* If you need (some or all) private projects +* You choose who can see your private projects +* You choose who can edit your projects +* Priced by lines of private code + +## How do I activate the paid plan? + +You can activate the paid plan on the "Administration > Billing" page of your organization. + +## What payment options are available? + +Payment is done online by credit card and will happen automatically every month, based on the plan you choose. + +We also accept to receive a purchase order and a wire transfer payment, if ordering a yearly subscription for more than 1M LOCs. In this case, you need to contact us through the Contact form. + +## Can I try a private project on SonarCloud for free? + +Your first 14 days are on us. You just have to upgrade your organization to a paid plan, and fill your credit card information to get started. After your trial, if you love it you can continue using SonarCloud and you will be charged for the plan you selected when you first started your free trial. You can cancel anytime. + +## What is a Line of Code (LOC) on SonarCloud? + +LOCs are computed by summing up the LOCs of each project analyzed in SonarCloud. The LOCs used for a project are the LOCs found during the most recent analysis of this project. + + +## How are Lines of Code (LOCs) counted towards billing? + +Only LOC from your private projects are counted toward your maximum number of LOCs. If your project contains branches, the counted LOCs are the ones of the biggest branch. + +The count is not related to how frequently the source code is analyzed. If your private project has a 6K LOCs and you analyze it 100 times in the month, this will be counted as 6K for the billing. + +If you are getting close to the threshold you will be notified to either upgrade your plan or reduce the number of LOCs in your projects. + +## When will I be invoiced? + +You will be invoiced once a month, the day of the month after your trial ends. For example if you start your free trial on January 1st, it will last till January 14th and you will be first billed on January 15th for your upcoming month, aka January 15th to February 15th. + +## How do I get invoices? + +You can download PDF invoices for every payment from the "Administration > Billing" page of your organization. + +If you want to get those invoices by email, please [contact us](/#sonarcloud#/about/contact). + +## Can I stop using the service? + +Yes, you can stop using SonarCloud anytime you want. You simply need to downgrade your organization to the free plan. + +## Still have more questions? + +Contact us [here](https://about.sonarcloud.io/contact). + + diff --git a/server/sonar-docs/src/pages/user-account.md b/server/sonar-docs/src/pages/user-account.md deleted file mode 100644 index 43feacfed3f..00000000000 --- a/server/sonar-docs/src/pages/user-account.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: User Account ---- - -As a SonarQubeSonarCloud user you have your own space where you can see the things that are relevant to you: - -## Home Page - -It gives you a summary of: - -* your Groups -* your SCM accounts - -## Security - -In addition to being able to change your password, if your instance is not using a 3rd party authentication mechanism such as LDAP or any OAuth provider (GitHub, Google Account, ...), you can manage your own [authentication tokens](/user-token). - -You can create as many Token as you want. Once a Token is created, you can use it to publish analysis to a project where you have the [execute analysis](/security/authorization) permission. - diff --git a/server/sonar-docs/src/pages/user-guide/fixing-the-water-leak.md b/server/sonar-docs/src/pages/user-guide/fixing-the-water-leak.md new file mode 100644 index 00000000000..be0a6b446fd --- /dev/null +++ b/server/sonar-docs/src/pages/user-guide/fixing-the-water-leak.md @@ -0,0 +1,37 @@ +--- +title: Fixing the Water Leak +url: /user-guide/fixing-the-water-leak/ +--- + +## What is the Water Leak + +Imagine you come home one day to find a puddle of water on the kitchen floor. As you watch, the puddle slowly gets larger. + +Do you reach for the mop? Or do you try to find the source and fix it? The choice is obvious, right? You find the source of the leak! + +So why do anything different with code quality? When you analyze an application with SonarQubeSonarCloud and realize that it has a lot of technical debt, the knee-jerk reaction is generally to start remediating – either that or put together a remediation plan. This is like mopping the floor once a day while ignoring the source of the water. + +Typically in this traditional approach, just before release a periodic code quality audit result in findings the developers should act on before releasing. This approach might work in the short term, especially with strong management backing, but it consistently fails in the mid to long run, because: + +* The code review comes too late in the process, and no stakeholder is keen to get the problems fixed; everyone wants the new version to ship. +* Developers typically push back on the recommendations made by an external team that doesn't know the context of the project. And by the way the code under review is obsolete already. +* There is a clear lack of ownership for code quality with this approach. Who owns quality? No one! +* What gets reviewed is the entire application before it goes to production and it is obviously not possible to apply the same criteria to all applications. A negotiation will happen for each project, which will drain all credibility from the process + +Instead, why not apply the same simple logic you use at home to the way you manage code quality? Fixing the leak means putting the focus on the “new” code, i.e. the code that was added or changed since the last release. Then things get much easier: + +* The [Quality Gate](/user-guide/quality-gates/) can be run every day, and passing it is achievable. There are no surprises at release time. +* It's pretty difficult for developers to push back on problems they introduced the previous day. Instead, they're generally happy to fix the problems while the code is still fresh. +* There is a clear ownership of code quality +* The criteria for go/no-go are consistent across applications, and are shared among teams. Indeed new code is new code, regardless of which application it is done in +* The cost is insignificant because it is part of the development process + +As a bonus, the code that gets changed the most has the highest maintainability, and the code that doesn't get changed has the lowest, which makes a lot of sense. Because of the nature of software, and the fact that we keep making changes to it, the debt will naturally be reduced. Where it isn’t is where it doesn't need to be. + +## How to do it + +SonarQubeSonarCloud offers two main tools to help you find your leaks: + +* New Code metrics show the variance in your measures between the current code and a specific point you choose in its history, typically the `previous_version` +* New Code is primarily detected based on SCM "blame" data starting from the first analysis within your New Code Period (formerly the "Leak Period"), with fallback mechanisms when needed. See [SCM integration](/analysis/scm-integration/) for more details. +* [Quality Gates](/user-guide/quality-gates/) allow you to set boolean thresholds against which your code is measured. Use them with differential metrics to ensure that your code quality moves in the right direction over time. diff --git a/server/sonar-docs/src/pages/user-guide/keyboard-shortcuts.md b/server/sonar-docs/src/pages/user-guide/keyboard-shortcuts.md new file mode 100644 index 00000000000..e6fa54758c4 --- /dev/null +++ b/server/sonar-docs/src/pages/user-guide/keyboard-shortcuts.md @@ -0,0 +1,45 @@ +--- +title: Keyboard Shortcuts +url: /user-guide/keyboard-shortcuts/ +--- + +## Global + +| Shortcut | Action | +| -------- | --------------- | +| `s` | open search bar | +| `?` | open help | + +## Issues Page + +| Shortcut | Action | +| ---------------- | --------------------------------------------- | +| `↑` `↓` | navigate between issues | +| `→` | go from the list of issues to the source code | +| `←` | return back to the list | +| `alt` + `↑` `↓` | to navigate issue locations | +| `alt` + `←` `→` | to switch flows | +| `f` | do an issue transition | +| `a` | assign issue | +| `m` | assign issue to the current user | +| `i` | change severity of issue | +| `c` | comment issue | +| `ctrl` + `enter` | submit comment | +| `t` | change tags of issue | + +## Measures Page + +| Shortcut | Action | +| -------- | --------------------------------------------- | +| `↑` `↓` | select files | +| `→` | open file | +| `←` | return back to the list | +| `j` `k` | switch between files | + +## Rules Page + +| Shortcut | Action | +| -------- | --------------------------------------------- | +| `↑` `↓` | navigate between rules | +| `→` | go from the list of rules to the rule details | +| `←` | return back to the list | diff --git a/server/sonar-docs/src/pages/user-guide/metric-definitions.md b/server/sonar-docs/src/pages/user-guide/metric-definitions.md new file mode 100644 index 00000000000..9507636dfe4 --- /dev/null +++ b/server/sonar-docs/src/pages/user-guide/metric-definitions.md @@ -0,0 +1,337 @@ +--- +title: Metric Definitions +url: /user-guide/metric-definitions/ +--- + +## Table of Contents + + +## Complexity +**Complexity** (`complexity`) +It is the Cyclomatic Complexity calculated based on the number of paths through the code. Whenever the control flow of a function splits, the complexity counter gets incremented by one. Each function has a minimum complexity of 1. This calculation varies slightly by language because keywords and functionalities do. + +[[collapse]] +| ## Language-specific details +| Language | Notes +| ---|--- +| ABAP | The following keywords increase the complexity by one: `AND`, `CATCH`, `CONTINUE`, `DO`, `ELSEIF`, `IF`, `LOOP`, `LOOPAT`, `OR`, `PROVIDE`, `SELECT…ENDSELECT`, `TRY`, `WHEN`, `WHILE` +| C/C++/Objective-C | The complexity gets incremented by one for: function definitions, `while`, `do while`, `for`, `throw` statements, `switch`, `case`, `default`, `&&` operator, `||` operator, `?` ternary operator, `catch`, `break`, `continue`, `goto`. +| COBOL | The following commands increase the complexity by one (except when they are used in a copybook): `ALSO`, `ALTER`, `AND`, `DEPENDING`, `END_OF_PAGE`, `ENTRY`, `EOP`, `EXCEPTION`, `EXIT`, `GOBACK`, `CONTINUE`, `IF`, `INVALID`, `OR`, `OVERFLOW`, `SIZE`, `STOP`, `TIMES`, `UNTIL`, `USE`, `VARYING`, `WHEN`, `EXEC CICS HANDLE`, `EXEC CICS LINK`, `EXEC CICS XCTL`, `EXEC CICS RETURN` +| Java | Keywords incrementing the complexity: `if`, `for`, `while`, `case`, `catch`, `throw`, `&&`, `||`, `?` +| JavaScript, PHP | Complexity is incremented by one for each: function (i.e non-abstract and non-anonymous constructors, functions, procedures or methods), `if`, short-circuit (AKA lazy) logical conjunction (`&&`), short-circuit (AKA lazy) logical disjunction (`||`), ternary conditional expressions, loop, `case` clause of a `switch` statement, `throw` and `catch` statement, `go to` statement (only for PHP) +| PL/I | The following keywords increase the complexity by one: `PROC`, `PROCEDURE`, `GOTO`, `GO TO`, `DO`, `IF`, `WHEN`, `|`, `!`, `|=`, `!=`, `&`, `&=` +| PL/SQL | The complexity gets incremented by one for: the main PL/SQL anonymous block (not inner ones), create procedure, create trigger, procedure_definition, basic loop statement, when_clause_statement (the “when” of simple_case_statement and searched_case_statement), continue_statement, cursor_for_loop_statement, continue_exit_when_clause (The “WHEN” part of the continue and exit statements), exception_handler (every individual “WHEN”), exit_statement, for_loop_statement, forall_statement, if_statement, elsif_clause, raise_statement, return_statement, while_loop_statement, and_expression (“and” reserved word used within PL/SQL expressions), or_expression (“or” reserved word used within PL/SQL expressions), when_clause_expression (the “when” of simple_case_expression and searched_case_expression) +| VB.NET | The complexity gets incremented by one for: method or constructor declaration (Sub, Function), `AndAlso`, `Case`, `Continue`, `End`, `Error`, `Exit`, `If`, `Loop`, `On Error`, `GoTo`, `OrElse`, `Resume`, `Stop`, `Throw`, `Try`. + +**Cognitive Complexity** (`cognitive_complexity`) +How hard it is to understand the code's control flow. See [the Cognitive Complexity White Paper](https://www.sonarsource.com/resources/white-papers/cognitive-complexity.html) for a complete description of the mathematical model applied to compute this measure. + +--- +## Duplications +**Duplicated blocks** (`duplicated_blocks`) +Number of duplicated blocks of lines. + +[[collapse]] +| ## Language-specific details +| For a block of code to be considered as duplicated: +| +| Non-Java projects: +| * There should be at least 100 successive and duplicated tokens. +| * Those tokens should be spread at least on: +| * 30 lines of code for COBOL +| * 20 lines of code for ABAP +| * 10 lines of code for other languages +| +|Java projects: +| There should be at least 10 successive and duplicated statements whatever the number of tokens and lines. Differences in indentation and in string literals are ignored while detecting duplications. + +**Duplicated files** (`duplicated_files`) +Number of files involved in duplications. + +**Duplicated lines** (`duplicated_lines`) +Number of lines involved in duplications. + +**Duplicated lines (%)** (`duplicated_lines_density`) += `duplicated_lines` / `lines` * 100 + +--- +## Issues +**New issues** (`new_violations`) +Number of issues raised for the first time in the New Code period. + +**New xxx issues** (`new_xxx_violations`) +Number of issues of the specified severity raised for the first time in the New Code period, where xxx is one of: `blocker`, `critical`, `major`, `minor`, `info`. + +**Issues** (`violations`) +Total count of issues in all states. + +**xxx issues** (`xxx_issues`) +Total count of issues of the specified severity, where xxx is one of: `blocker`, `critical`, `major`, `minor`, `info`. + +**False positive issues** (`false_positive_issues`) +Total count of issues marked False Positive + +**Open issues** (`open_issues`) +Total count of issues in the Open state. + +**Confirmed issues** (`confirmed_issues`) +Total count of issues in the Confirmed state. + +**Reopened issues** (`reopened_issues`) +Total count of issues in the Reopened state + +--- +## Maintainability +**Code Smells** (`code_smells`) +Total count of Code Smell issues. + +**New Code Smells** (`new_code_smells`) +Total count of Code Smell issues raised for the first time in the New Code period. + +**Maintainability Rating** (`sqale_rating`) +(Formerly the SQALE rating.) +Rating given to your project related to the value of your Technical Debt Ratio. The default Maintainability Rating grid is: + +A=0-0.05, B=0.06-0.1, C=0.11-0.20, D=0.21-0.5, E=0.51-1 + +The Maintainability Rating scale can be alternately stated by saying that if the outstanding remediation cost is: + +* <=5% of the time that has already gone into the application, the rating is A +* between 6 to 10% the rating is a B +* between 11 to 20% the rating is a C +* between 21 to 50% the rating is a D +* anything over 50% is an E + +**Technical Debt** (`sqale_index`) +Effort to fix all Code Smells. The measure is stored in minutes in the database. An 8-hour day is assumed when values are shown in days. + +**Technical Debt on New Code** (`new_technical_debt`) +Effort to fix all Code Smells raised for the first time in the New Code period. + +**Technical Debt Ratio** (`sqale_debt_ratio`) +Ratio between the cost to develop the software and the cost to fix it. The Technical Debt Ratio formula is: + `Remediation cost / Development cost` +Which can be restated as: + `Remediation cost / (Cost to develop 1 line of code * Number of lines of code)` +The value of the cost to develop a line of code is 0.06 days. + +**Technical Debt Ratio on New Code** (`new_sqale_debt_ratio`) +Ratio between the cost to develop the code changed in the New Code period and the cost of the issues linked to it. + +--- +## Quality Gates +**Quality Gate Status** (`alert_status`) +State of the Quality Gate associated to your Project. Possible values are : `ERROR`, `WARN`, `OK` + +**Quality Gate Details** (`quality_gate_details`) +For all the conditions of your Quality Gate, you know which condition is failing and which is not. + +--- +## Reliability +**Bugs** (`bugs`) +Number of bug issues. + +**New Bugs** (`new_bugs`) +Number of new bug issues. + +**Reliability Rating** (`reliability_rating`) +A = 0 Bugs +B = at least 1 Minor Bug +C = at least 1 Major Bug +D = at least 1 Critical Bug +E = at least 1 Blocker Bug + +**Reliability remediation effort** (`reliability_remediation_effort`) +Effort to fix all bug issues. The measure is stored in minutes in the DB. An 8-hour day is assumed when values are shown in days. + +**Reliability remediation effort on new code** (`new_reliability_remediation_effort`) +Same as _Reliability remediation effort_ but on the code changed in the New Code period. + +--- +## Security +**Vulnerabilities** (`vulnerabilities`) +Number of vulnerability issues. + +**New Vulnerabilities** (`new_vulnerabilities`) +Number of new vulnerability issues. + +**Security Rating** (`security_rating`) +A = 0 Vulnerabilities +B = at least 1 Minor Vulnerability +C = at least 1 Major Vulnerability +D = at least 1 Critical Vulnerability +E = at least 1 Blocker Vulnerability + +**Security remediation effort** (`security_remediation_effort`) +Effort to fix all vulnerability issues. The measure is stored in minutes in the DB. An 8-hour day is assumed when values are shown in days. + +**Security remedation effort on new code** (`new_security_remediation_effort`) +Same as _Security remediation effort_ but on the code changed in the New Code period. + +--- +## Size +**Classes** (`classes`) +Number of classes (including nested classes, interfaces, enums and annotations). + +**Comment lines** (`comment_lines`) +Number of lines containing either comment or commented-out code. + +Non-significant comment lines (empty comment lines, comment lines containing only special characters, etc.) do not increase the number of comment lines. + +The following piece of code contains 9 comment lines: +``` +/** +0 => empty comment line + * +0 => empty comment line + * This is my documentation +1 => significant comment + * although I don't +1 => significant comment + * have much +1 => significant comment + * to say +1 => significant comment + * +0 => empty comment line + *************************** +0 => non-significant comment + * +0 => empty comment line + * blabla... +1 => significant comment + */ +0 => empty comment line + +/** +0 => empty comment line + * public String foo() { +1 => commented-out code + * System.out.println(message); +1 => commented-out code + * return message; +1 => commented-out code + * } +1 => commented-out code + */ +0 => empty comment line + ``` +[[collapse]] +| ## Language-specific details +| Language | Note +| ---|--- +| COBOL | Lines containing the following instructions are counted both as comments and lines of code: `AUTHOR`, `INSTALLATION`, `DATE-COMPILED`, `DATE-WRITTEN`, `SECURITY`. +| Java | File headers are not counted as comment lines (becuase they usually define the license). + +**Comments (%)** (`comment_lines_density`) +Density of comment lines = Comment lines / (Lines of code + Comment lines) * 100 + +With such a formula: +* 50% means that the number of lines of code equals the number of comment lines +* 100% means that the file only contains comment lines + +**Directories** (`directories`) +Number of directories. + +**Files** (`files`) +Number of files. + +**Lines** (`lines`) +Number of physical lines (number of carriage returns). + +**Lines of code** (`ncloc`) +Number of physical lines that contain at least one character which is neither a whitespace nor a tabulation nor part of a comment. +[[collapse]] +| ## Language-specific details +| Language | Note +| --- | --- +| COBOL | Generated lines of code and pre-processing instructions (`SKIP1`, `SKIP2`, `SKIP3`, `COPY`, `EJECT`, `REPLACE`) are not counted as lines of code. + +**Lines of code per language** (`ncloc_language_distribution`) +Non Commenting Lines of Code Distributed By Language + +**Functions** (`functions`) +Number of functions. Depending on the language, a function is either a function or a method or a paragraph. +[[collapse]] +| ## Language-specific details +| Language | Note +| ---|--- +| COBOL | It is the number of paragraphs. +| Java | Methods in anonymous classes are ignored. +| VB.NET | Accesors are not considered to be methods. + +**Projects** (`projects`) +Number of projects in a Portfolio. + +**Statements** (`statements`) +Number of statements. + +--- +## Tests +**Condition coverage** (`branch_coverage`) +On each line of code containing some boolean expressions, the condition coverage simply answers the following question: 'Has each boolean expression been evaluated both to true and false?'. This is the density of possible conditions in flow control structures that have been followed during unit tests execution. + +`Condition coverage = (CT + CF) / (2*B)` +where +* CT = conditions that have been evaluated to 'true' at least once +* CF = conditions that have been evaluated to 'false' at least once +* B = total number of conditions + +**Condition coverage on new code** (`new_branch_coverage`) +Identical to Condition coverage but restricted to new / updated source code. + +**Condition coverage hits** (`branch_coverage_hits_data`) +List of covered conditions. + +**Conditions by line** (`conditions_by_line`) +Number of conditions by line. + +**Covered conditions by line** (`covered_conditions_by_line`) +Number of covered conditions by line. + +**Coverage** (`coverage`) +It is a mix of Line coverage and Condition coverage. Its goal is to provide an even more accurate answer to the following question: How much of the source code has been covered by the unit tests? + +`Coverage = (CT + CF + LC)/(2*B + EL)` +where +* CT = conditions that have been evaluated to 'true' at least once +* CF = conditions that have been evaluated to 'false' at least once +* LC = covered lines = lines_to_cover - uncovered_lines +* B = total number of conditions +* EL = total number of executable lines (`lines_to_cover`) + +**Coverage on new code** (`new_coverage`) +Identical to Coverage but restricted to new / updated source code. + +**Line coverage (`line_coverage`) +On a given line of code, Line coverage simply answers the following question: Has this line of code been executed during the execution of the unit tests?. It is the density of covered lines by unit tests: + +`Line coverage = LC / EL` +where +* LC = covered lines (`lines_to_cover` - `uncovered_lines`) +* EL = total number of executable lines (`lines_to_cover`) + +**Line coverage on new code** (`new_line_coverage`) +Identical to Line coverage but restricted to new / updated source code. + +**Line coverage hits** (`coverage_line_hits_data`) +List of covered lines. + +**Lines to cover** (`lines_to_cover`) +Number of lines of code which could be covered by unit tests (for example, blank lines or full comments lines are not considered as lines to cover). + +**Lines to cover on new code** (`new_lines_to_cover`) +Identical to Lines to cover but restricted to new / updated source code. + +**Skipped unit tests** (`skipped_tests`) +Number of skipped unit tests. + +**Uncovered conditions** (`uncovered_conditions`) +Number of conditions which are not covered by unit tests. + +**Uncovered conditions on new code** (`new_uncovered_conditions`) +Identical to Uncovered conditions but restricted to new / updated source code. + +**Uncovered lines** (`uncovered_lines`) +Number of lines of code which are not covered by unit tests. + +**Uncovered lines on new code** (`new_uncovered_lines`) +Identical to Uncovered lines but restricted to new / updated source code. + +**Unit tests** (`tests`) +Number of unit tests. + +**Unit tests duration** (`test_execution_time`) +Time required to execute all the unit tests. + +**Unit test errors** (`test_errors`) +Number of unit tests that have failed. + +**Unit test failures** (`test_failures`) +Number of unit tests that have failed with an unexpected exception. + +**Unit test success density (%)** (`test_success_density`) +`Test success density = (Unit tests - (Unit test errors + Unit test failures)) / Unit tests * 100` diff --git a/server/sonar-docs/src/pages/user-guide/quality-gates.md b/server/sonar-docs/src/pages/user-guide/quality-gates.md new file mode 100644 index 00000000000..8d422fbc151 --- /dev/null +++ b/server/sonar-docs/src/pages/user-guide/quality-gates.md @@ -0,0 +1,74 @@ +--- +title: Quality Gates +url: /user-guide/quality-gates/ +--- + +## Overview + +A quality gate is the best way to enforce a quality policy in your organization. +It's there to answer ONE question: can I deliver my project to production today or not? + +In order to answer this question, you define a set of Boolean conditions based on measure thresholds against which projects are measured. For example: + +* No new blocker issues +* Code coverage on new code greater than 80% +* Etc. + +Ideally, all projects will be verified against the same quality gate, but that's not always practical. For instance, you may find that: + +* Technological implementation differs from one application to another (you might not require the same code coverage on new code for Web or Java applications). +* You want to ensure stronger requirements on some of your applications (internal frameworks for example). +* Etc. + +Which is why you can define as many quality gates as you wish. Quality Gates are defined and managed in the **[Quality Gates](/#sonarqube#/quality_gates)** page found in the top menu. + +## Use the Best Quality Gate Configuration + +The quality gate "Sonar way" is provided by SonarSource, activated by default and considered as built-in and so read-only. It represents our view of the best way to implement the [Fixing the Water Leak](/user-guide/fixing-the-water-leak/) concept. At each SonarQube release, we adjust automatically this default quality gate according to SonarQube's capabilities. + +Three metrics allow you to enforce a given Rating of Reliability, Security and Maintainability, not just overall but also on new code. These metrics are recommended and come as part of the default quality gate. We strongly advise you to adjust your own quality gates to use them to make feedback more clear to your developers looking at their quality gate on their project page. + +Don't forget also that quality gate conditions must use differential values. There is no point for example to check an absolute value such as : Number of Lines of Code is greater than 1000. + +### Recommended Quality Gate + +The `Sonar way` Built-in quality gate is recommended for most projects. If focuses on keeping new code clean, rather than spending a lot of effort remediating old code. Out of the box, it's already set as the default profile. + +## Quality Gate Status + +The current status is displayed prominently at the top of the Project Page: + +![Quality Gate Status](/images/quality-gate-status.jpeg) + +## Getting Notified When a Quality Gate Fails + +Thanks to the notification mechanism, users can be notified when a quality gate fails. To do so, subscribe to the **New quality gate status** notification either for all projects or a set of projects you're interested in. + +## Security + +Quality Gates can be accessed by any user (even anonymous users). All users can view every aspect of a quality gate. + +To make changes (create, edit or delete) users must be granted the **Administer Quality Profiles and Gates** permission. + +A **project administrator** can choose which quality gates his/her project is associated with. See Project Settings for more. + +## Defining Quality Gates + +To manage quality gates, go to **[Quality Gates](/#sonarqube#/quality_gates)** (top menu bar). + +Each Quality Gate condition is a combination of: + +* measure +* period: **Value** (to date) or **New Code** (differential value over the New Code period) +* comparison operator +* warning value (optional) +* error value (optional) + +For instance, a condition might be: + +* measure: Blocker issue +* period: Value +* comparison operator: > +* error value: 0 + +Which can be stated as: No blocker issues. diff --git a/server/sonar-docs/src/pages/user-guide/security-reports.md b/server/sonar-docs/src/pages/user-guide/security-reports.md new file mode 100644 index 00000000000..f25d69c2aa1 --- /dev/null +++ b/server/sonar-docs/src/pages/user-guide/security-reports.md @@ -0,0 +1,40 @@ +--- +title: Security Reports +url: /user-guide/security-reports/ +--- + +## What do the Security Reports show? +The Security Reports are designed to quickly give you the big picture on your application's security, with breakdowns of just where you stand in regard to each of the [OWASP Top 10](https://www.owasp.org/index.php/Top_10-2017_Top_10), and [SANS Top 25](https://www.sans.org/top25-software-errors) categories, and [CWE](http://cwe.mitre.org/)-specific details. +The Security Reports are fed by the analyzers, which rely on the rules activated in your quality profiles to raise security issues. If there are no rules corresponding to a given OWASP category activated in your Quality Profile, you will get no issues linked to that specific category and the rating displayed will be A. That won't mean you are safe for that category, but that you need to activate more rules (assuming some exist). + +## What's the difference between a Hotspot and a Vulnerability? +Vulnerabilities are points in the code which are open to attack. +Security Hotspots are security-sensitive pieces of code that should be carefully reviewed by someone with a security auditor hat. This person can be: +* a member of the development team who is more sensitive to security problems +* someone outside the development team contracted for the purpose of reviewing these Hotspots. + +The main goal of Security Hotspots is to help focus the efforts of the security auditors who manually review application source code. The second goal is to educate developers and to increase their security-awareness. +Having a Hotspot in your application does not mean there is a problem. What it does mean is that a human, preferably a security auditor/expert should look over the code to see if the sensitive piece of code is being used in the safest manner. + +## Why don't I see any Hotspots? +They are three reasons you might not see any Hotspots: +* it is possible you really have none of them because the code has been written without using any security-sensitive API. +* it is possible that Hotspot rules are available, but not yet activated in your Quality Profile, and so naturally no issues are raised +* it is more likely that the analyzer for the langauge you're using does not yet offer Hotspot rules, and so it doesn't raise any Hotspots regardless of the quality of how many are actually there, but this last option will disappear over time. + +## Why don't I see any Vulnerabilities? +You might not see any Vulnerabilities for more or less the same reasons as for Hotspots, but it may be more surprising for Vulnerabilities because you may see some Vulnerabilities reported in the Project homepage, while there are none in the Security Reports. This is because the language analyzer may not yet provide the "Security Standards" metadata required for issues to be visible on the Security Reports. This metadata is basically the link between a Rule (and its issues) and the "OWASP Top 10" or "SANS Top 25" categories. Without this link, there is no way to associate an already existing Vulnerability to the Security Standard categories and so to display security issues correctly in the reports. Every analyzer version released by SonarSource after July 2018 should feed the "Security Standards" and be compatible with the Hotspot issue type. + +## I'm a developer. Should I care about Hotspots? +Probably not. Hotspots, as such, aren't really actionable. They simply mark *potential* problems, so there's really nothing to do immediately on the code. That's why you don't receive notifications when Hotspot issues are raised, and why Hotspots aren't shown in the Issues page by default. + +## What if my Hotspot really marks a Vulnerability? +If you look at the code where a Hotspot is raised and realize that there really is a problem, click on the current status (probably `Open`) to register that you've *Detect*ed a Vulnerability at that point in the code. Once you do, it will be converted to a Vulnerability, and the developer who last touched the line will receive "new issue" notifications (if she's signed up to get them). + +## What happens after my Hotspot becomes a Vulnerability? +Once you've *Detect*ed that there really is a problem at a Hotspot location, it will be assigned to the appropriate developer, who will make a fix, and must then `Request Review` *via the UI*. That request moves the issue from Vulnerability back to Hotspot. From there, it's up to the security auditor to either `Accept` or `Reject` the fix. Accepting the fix will mark it `Won't Fix`, and rejecting it will turn it back into a Vulnerability, putting it back in the developer's queue. + +## What does it mean for a Hotspot to be marked "Won't Fix"? +The `Won't Fix` designation is used to indicate that a Hotspot has been reviewed and there is no way, as of now, to exploit this piece of code to create an attack. + + diff --git a/server/sonar-docs/src/pages/user-guide/user-account.md b/server/sonar-docs/src/pages/user-guide/user-account.md new file mode 100644 index 00000000000..935823eda08 --- /dev/null +++ b/server/sonar-docs/src/pages/user-guide/user-account.md @@ -0,0 +1,20 @@ +--- +title: User Account +url: /user-guide/user-account/ +--- + +As a {instance} user you have your own space where you can see the things that are relevant to you: + +## Home Page + +It gives you a summary of: + +* your Groups +* your SCM accounts + +## Security + +In addition to being able to change your password, if your instance is not using a 3rd party authentication mechanism such as LDAP or any OAuth provider (GitHub, Google Account, ...), you can manage your own authentication tokens. + +You can create as many Token as you want. Once a Token is created, you can use it to publish analysis to a project where you have the execute analysis permission. + diff --git a/server/sonar-docs/src/pages/webhooks.md b/server/sonar-docs/src/pages/webhooks.md deleted file mode 100644 index 2c09225141f..00000000000 --- a/server/sonar-docs/src/pages/webhooks.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: Webhooks ---- - -Webhooks notify external services when a project analysis is complete. An HTTP POST request including a JSON payload is sent to each URL. URLs may be specified at both the project and global levels. Project-level specification does not replace global-level webhooks. All hooks at both levels are called. -Plugins - -The HTTP(S) call: - -* is made regardless of the status of the Background Task -* includes a JSON document as payload, using the POST method -* has a content type of "application/json", with UTF-8 encoding - -## Configuration - -You can configure up to 10 webhooks in in **Administration > Webhooks**. - -An additional set of 10 webhooks can be configured at the global level in **Administration > Configuration > Webhooks**. - -If configured, all 20 will be executed. - -## Delivery and Payload - -### Delivery - -The Webhook administration console shows the result and timestamp of the most recent delivery of each webhook with the payload available via the list icon. Results and payloads of earlier deliveries are available from the tools menu to the right of each webhook - -Response records are purged after 30 days. - -The URL must respond within 10 seconds or the delivery is marked as failed. - -### Payload - -An HTTP header "X-SonarQube-Project" with the project key is sent to allow quick identification of the project involved - -The Payload is a JSON document which includes: - -* when the analysis was performed: see "analysedAt" -* the identification of the project analyzed: see "project" -* each Quality Gate criterion checked and its status: see "qualityGate" -* the Quality Gate status of the project: see "qualityGate.status" -* the status and the identifier of the Background Task : see "status" and "taskId" -* user-specified properties: see "properties" - -#### Example - -``` -{ - "analysedAt": "2016-11-18T10:46:28+0100", - "project": { - "key": "org.sonarqube:example", - "name": "Example" - }, - "properties": { - }, - "qualityGate": { - "conditions": [ - { - "errorThreshold": "1", - "metric": "new_security_rating", - "onLeakPeriod": true, - "operator": "GREATER_THAN", - "status": "OK", - "value": "1" - }, - { - "errorThreshold": "1", - "metric": "new_reliability_rating", - "onLeakPeriod": true, - "operator": "GREATER_THAN", - "status": "OK", - "value": "1" - }, - { - "errorThreshold": "1", - "metric": "new_maintainability_rating", - "onLeakPeriod": true, - "operator": "GREATER_THAN", - "status": "OK", - "value": "1" - }, - { - "errorThreshold": "80", - "metric": "new_coverage", - "onLeakPeriod": true, - "operator": "LESS_THAN", - "status": "NO_VALUE" - } - ], - "name": "SonarQube way", - "status": "OK" - }, - "serverUrl": "http://localhost:9000", - "status": "SUCCESS", - "taskId": "AVh21JS2JepAEhwQ-b3u" -} -``` - -## Additional parameters - -A basic authentication mechanism is supported by providing user/password in the URL of the Webhook such as `https://myLogin:myPassword@my_server/foo`. - -If you provide additional properties to your SonarQube Scanner using the pattern `sonar.analysis.*`, these properties will be automatically added to the section "properties" of the payload. - -For example these additional parameters: - -``` -sonar-scanner -Dsonar.analysis.scmRevision=628f5175ada0d685fd7164baa7c6382c1f25cab4 -Dsonar.analysis.buildNumber=12345 -``` - -Would add this to the payload: - -``` -"properties": { - "sonar.analysis.scmRevision": "628f5175ada0d685fd7164baa7c6382c1f25cab4", - "sonar.analysis.buildNumber": "12345" -} -``` diff --git a/server/sonar-docs/src/templates/page.js b/server/sonar-docs/src/templates/page.js index 75b02494ed3..ad61a0fb70c 100644 --- a/server/sonar-docs/src/templates/page.js +++ b/server/sonar-docs/src/templates/page.js @@ -51,10 +51,11 @@ export default class Page extends React.PureComponent { htmlWithInclusions = removeTableOfContents(htmlWithInclusions); htmlWithInclusions = createAnchorForHeadings(htmlWithInclusions, realHeadingsList); htmlWithInclusions = replaceDynamicLinks(htmlWithInclusions); + htmlWithInclusions = replaceInstanceTag(htmlWithInclusions); return (
    - + @@ -99,6 +100,10 @@ export const query = graphql` } `; +function replaceInstanceTag(content) { + return content.replace('{instance}', 'SonarQube'); +} + function replaceDynamicLinks(content) { const version = process.env.GATSBY_DOCS_VERSION || ''; const usePrefix = process.env.GATSBY_USE_PREFIX === '1'; @@ -115,12 +120,6 @@ function replaceDynamicLinks(content) { '$2' ); - // Add trailing slash to local link - content = content.replace( - /\(.*)\<\/a\>/gim, - '$2' - ); - return content.replace( /\(.*)\<\/a\>/gim, '$2' -- cgit v1.2.3