SonarQube 5.2 in Screenshots

The team is proud to announce the biggest release ever of the SonarQube server, version 5.2, which includes the second-most-anticipated feature ever: code scanners no longer access the database! In brief, this version features:

  • Scanners no longer access the database
  • Enhanced monitoring
  • Better issue management
  • Improved UI for global admin
  • Also worth noting

Scanners no longer access the database

In a significant, fundamental change, this version breaks the direct ties from the SonarQube Scanners (SonarQube Runner, Maven, Gradle, …) to the SonarQube database. From this version forward, it is no longer necessary to hand out your SonarQube database credentials to would-be analyzers, and if they’re still included in your analysis parameters, you’ll see warnings in the log:

Breaking the database connection means you’re now free to execute analysis from your CI services like travis-ci, appveyor, VSO Build, and so on without biting your nails over database security. Instead, scanners now submit analysis reports to the server, and the server processes them asynchronously. This means that analysis results are not available in the Web application right after the scanner has finished its execution, it can take some time depending on the load on the server:

But it also means that it’s no longer required to have a fat network connection between the machines analysis runs on and the database. Now you can arrange those machines on your network based solely on your own criteria.

As soon as an analysis report is sent to the server, the status of the report is displayed on the dashboard of the corresponding project:

Enhanced monitoring

Because more processing is done on server-side, more information is available server-side to monitor and understand what’s going on in SonarQube. First, the former “Analysis Reports” page has been renamed “Background Tasks” and redesigned to offer far more features, including access to the analysis report processing logs:

The page is available at project administration level too:

Server logs are also now accessible from the UI, and it’s possible to dynamically change the server log level (it reverts automatically on restart):

Better issue management

Continuing the theme of more and better information, the reporting of issues has also improved in this version. First, is the ability to have more precise issue highlighting, additional issue locations, and additional messages:

The additional highlights and messages are attached to the issues, so you have to select an issue to see its “extras”:

Of course, the platform just makes these things possible; the language plugins have to support them before you’ll see these effects. So far, you can see additional locations and messages in select rules in the Java plugin.

Another improvement is the ability to display issues by count or technical debt:

As well as a new entry page for issues with quick links to default and saved issue filters:

Speaking of filters, there’s a new issue filter widget with a wide variety of display options, so you can put the results of any search directly on your dashboard:

Wrapping up the topic of issues, we’ve improved notifications, with a new “My New Issues” notification that tells you only about what’s relevant to you, and we’ve added the ability to define a default issue assignee on a project. This account will be used for every new issue that SonarQube can’t assign automatically based on the SCM information.

Improved UI for global admin

A number of pages have been rewritten in this version for a more consistent user experience. The one available to everyone is the Quality Profiles page:

Beyond that, many administrative pages have been rewritten, including all the security pages:

As well as the Update Center:

And the Project Management page:

As a side-effect of these rewrites, web services are now available for all the types of data required to feed these pages. Check your server’s api_documentation for details, or use Nemo’s for a quick reference.

Also worth noting

As a side-effect of the ties between analysis and the database, plugins that do data manipulation beyond simply gleaning raw numbers and issues directly from source files will probably need to be rewritten because the API’s have changed, and such processing must now be done server-side.

All design-related features were dropped in this version (see SONAR-6553 for details), including Package Tangle Index and related metrics.

Also gone in 5.2, but slated to reappear in 5.3 is cross-module/project duplication detection. Why? We simply ran out of time.

That’s All, Folks!

Time now to download the new version and try it out. But don’t forget to read the installation or upgrade guide.

© 2008-2016, SonarSource S.A, Switzerland. All content is copyright protected. SONARQUBE, SONARLINT and SONARSOURCE are
trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.