How to: Install SPCAF SonarQube integration

Note: Please note that Rencore will no longer provide updates for SPCAF integration into SonarQube. SPCAF version is the last plugin available, support will continue as we continue to support SPCAF version

SonarQube SPCAF Plugin

Core plugin for automatically importing results of SPCAF analysis after an MSBuild.

Using SPCAF With SonarQube & Visual Studio Team Services

Installing the SPCAF SonarQube involves three simple steps:

Install SonarQube Plugin

  1. On the SonarQube Server stop the SonarQube Service.
    • From "Services" right click the SonarQube service and select "Stop".
  2. Copy the SPACF plugin jar files into your SonarQube Server and put it in the directory: $SONARQUBE_HOME/extensions/plugins;- (C:\SOnarQube\extensions\plugins).
    • You may already have certain languages defined. If this is the case only copy languages from SPCAF that are new to your environment.
  3. Start the SonarQube service.
    • From "Services" right click the SonarQube service and select "Start".

Add SPCAF Rules to a Quality Profile

  1. Open the SonarQube administration portal. (http://localhost:9000/)
  2. Click "Rules" in the top menu.
  3. Choose repositories from the left-hand panel and select SPCAF repository of the language you would like to add.
    • The "Rules" option is at the top whilst logged in as an Administrator role, else it can be found on the side.
    • You can also filter all SPCAF rules using the "spcaf" tag.
  4. Click "Bulk Change" in the top right-hand menu.
  5. Select "Activate In".
    • The option is top right of the rules tab in SonarQube.
  6. Starting typing and choose the quality profile that you wish to add SPCAF rules too.
    • "Activate In" has predictive typing.
  7. Click "Apply".
  8. Repeat steps 3-6 for any other language rules you want to add.

Note: SonarQube already has a plugin called "SonarQube for the Web World" which covers the following technologies:

  • Linters:
    • JSHint.
    • CSS Lint.
    • SCSS Lint.
    • HTMLHint.
    • Angular Hint.
    • ESLint plugin for AngularJS.
    • Unit testing.
    • Jasmine.
  • Code Coverage:
    • Istanbul.
    • Code duplication.
    • Simian.
    • CPD.
    • Code complexity.
    • Plato.

As we will not duplicate rules coving the above technologies the number of SPCAF rules present in SonarQube will differ slightly from the number of rules in SPCAF directly.

Configure the Visual Studio Team Services Build Process

  1. Open Visual Studio Team Services.
  2. Under "Build Menu" edit your build task.
  3. Add the SPCAF Build task process between the “Fetch the Quality Profile from SonarQube.” and “Finish the analysis and upload the results to SonarQube” tasks. How to Add SPCAF to VSTS:
  4. Set the "Advanced" -> Additional Settings Attribute of the "Fetch the Quality Profile from SonarQube to:
    • "/d:sonar.spcaf.cq.reportPath=$(build.stagingDirectory)/SPCAFResults/SPCAFReport_Rules.xml"
  5. Ensure you select the XML report for the output In the "SPCAF code analysis for SharePoint and Office Projects" task or SonarQube will not be able to read the results.
    • After you have run the Visual Studio Team Services build, it will then upload the results to SonarQube server. You will then be able to go into your SonarQube project via the administration interface and see the SPCAF results.

Typical Visual Studio Team Services Build task set-up: - Fetch the Quality Profile from SonarQube -> Build solution x - Publish symbols path -> Copy files to staging -> Publish artifacts drop -> SPCAF code analysis for SharePoint and Office Projects -> Finish the analysis and upload the results to SonarQube.

Have more questions? Submit a request


Please sign in to leave a comment.