db* CODECOP for SonarQube v8.9.1

New

• Based on db* CODECOP v4.2.1
  • see Release Notes

Compatibility

SonarQube

• Minumum SonarQube version: 7.9
• Latest SonarQube version tested: 9.0.1

Client Plugin

• Minimum db* CODECOP Validators version: 4.0.0
• Latest db* CODECOP Validators version tested: 4.2.0

db* CODECOP for SonarQube v8.9.0

New

• Based on db* CODECOP v4.1.3
  • see Release Notes

Changed

• Remove metric for "Processing time in seconds"

Compatibility

SonarQube

• Minumum SonarQube version: 7.9
• Latest SonarQube version tested: 8.9.0

Client Plugin

• Minimum db* CODECOP Validators version: 4.0.0
• Latest db* CODECOP Validators version tested: 4.1.0

db* CODECOP for SonarQube v8.0.3

New

• PLSQLCOP-291: Standalone SonarQube plugin without accessing db* CODECOP Command Line
• PLSQLCOP-293: Secondary SonarQube plugin running together with SonarPLSQL or ZPA
• PLSQLCOP-292: Provide tooling to create child plugins with custom validators for standalone or secondary SonarQube plugin
• PLSQLCOP-230: Support comma delimited folders in sonar.sources parameter
• Based on db* CODECOP v4.0.3
  • see Release Notes

Changed

• PLSQLCOP-312: Rebrand "PL/SQL Cop for SonarQube" to "db* CODECOP for SonarQube"
• Disabled rule E-0001: Timeout occurred (after n seconds) during load/parse/validation of resource.
  • Timeout is no longer configurable in the SonarQube plugin

Compatiblity

• Minumum SonarQube version: 7.9
• Latest SonarQube version tested: 8.7.1

PL/SQL Cop for ZPA v7.9.0.1 (Beta)

Version 7.9.0.1 (Beta)

Bug Fixes

• #1 ERROR: Exception while processing xyz: n+1 is not a valid line for pointer. File xyz has n line(s)
  • Report lines with parse-errors as E-0002
  • Do not report guideline validations in files with parse-errors (E-0002)
  • Ignore guideline validations reported on non-existing lines

PL/SQL Cop for ZPA v7.9.0.0 (Beta)

Version 7.9.0.0 (Beta)

This is a secondary SonarQube plugin for SonarQube 7.9LTS (or newer). It requires the primary SonarQube plugin Z PL/SQL Analyzer (ZPA).

The idea is to run ZPA and PL/SQL Cop on the same SonarQube server. This is not possible in a standard setup, since a file extensions is associated with one and only one language (either "plsqlcop" or "plsqlopen"). And one language is by default managed by a single SonarQube plugin.

Trivadis recommends to use only one plugin for PL/SQL. If different projects require different plugins for the same language then dedicated SonarQube instances are recommended.

However, this plugin offers to check ZPA and PL/SQL Cop rules for the same project. Of course it is possible to configure only ZPA or only PL/SQL Cop rules for projects to ensure that the license agreement regarding the number of developers is honoured while keeping the infrastructure as simple as possible.

Responsibility of the Primary Plugin ZPA

ZPA is the primary plugin. It is responsible for the following:

• The "PL/SQL (ZPA)" language. The internal language code is "plsqlopen"
• The rules repositories:
  • Z PL/SQL Analyzer
  • Common PL/SQL (ZPA)
• Configuration of file suffixes to be recognised and processed as language "plsqlopen"
• Measures
  • Size (New Lines, Lines of Code, Lines, Statements, Functions, Files, Comment Lines, Comment (%)
  • Complexity (Cyclomatic Complexity)
  • Duplication (Duplicated Lines, Duplicated blocks)
  • Coverage (Lines to Cover, Uncovered Lines, Conditions to Cover, Uncovered Conditions)
• Issues
  • Based on the rules in the quality profile of the ZPA repositories

Responsibility of the Secondary Plugin PL/SQL Cop

PL/SQL Cop is the secondary plugin. It is responsible for the following:

• The rules repository "PL/SQL Cop Rules"
• Configuration of the PL/SQL Cop License
• Issues
  • Based on the rules in the quality profile of the "PL/SQL Cop Rules" repositories
  • The rules are checked only if at least one PL/SQL Cop rule is active. This ensures that the runtime of projects not using PL/SQL Cop is not too much affected

Limitations

• No PL/SQL Cop CLI

  • This plugin does not call the PL/SQL Cop CLI. Therefore it is not necessary to configure the path to the CLI for the SonarQube server and the clients running SonarScanner
  • This simplifies the usage, since no special configuration on the client side is necessary. The downside is that the additional features of the CLI are missing

• No Custom Validators

  • This plugin uses the com.trivadis.tvdcc.validators.TrivadisGuidelines3 validator
  • It is not possible to configure another validator
  • It is not possible to define custom rules
  • It might be possible that these limitations are lifted in one of the coming releases, e.g. by providing a method to build a custom SonarQube plugin the same way as we currently provide a mechanism to build custom validators.

• PL/SQL Cop Plugin is always downloaded

  • All plugins for known file extensions are downloaded, regardless of the active rules for a project. However, the plugins are cached by the client and therefore the runtime should be affected for the first run only

Installation

Copy the downloaded sonar-plsql-cop-plugin-zpa-7.9.0.0.jar file into the extensions/plugins folder of your SonarQube installation and restart the SonarQube server. Login as admin, click on "Administration" in the main menu bar and configure the "PL/SQL Cop" section as shown below:

Configure file extensions

Configure the file extensions you want to analyse with ZPA and PL/SQL Cop here:

Configure Quality profiles

Configure one or more quality profiles to be used by the projects. Here's an example:

Example Analysis Result

PL/SQL Cop for SonarQube v7.9.0.1

• Released on 2019-09-30
• Fixed:
  • Crash when starting SonarQube server with a plsqlcop-model.xml in the genmodel folder of PL/SQL Cop.

PL/SQL Cop for SonarQube v7.9.0.0

• Released on 2019-09-29
• New:
  • Runs in SonarQube 7.9 – 7.9.1
  • Tested with SonarScanner 3.0.0-4.1.0

PL/SQL Cop for SonarQube v6.7.0.4

• Released on 2019-09-30
• Fixed:
  • Crash when starting SonarQube server with a plsqlcop-model.xml in the genmodel folder of PL/SQL Cop.

PL/SQL Cop for SonarQube v6.7.0.3

• Released on 2019-09-29
• Changes based on Link to Trivadis PL/SQL & SQL Guidelines v3.6.
  • Renamed G-3130 from “Try to use ANSI-join syntax” to “Try to use ANSI SQL-92 join syntax”.
  • Renamed G-3160 from “Avoid virtual columns to be visible” to “Avoid visible virtual columns”.
  • Renamed G-8410 from “Always use application locks to ensure a program unit only running once at a given time” to “Always use application locks to ensure a program unit is only running once at a given time”.

PL/SQL Cop for SonarQube v6.7.0.2

• Released on 2019-03-05
• New:
  • Improve OS independence of properties sonar.plsqlcop.tvdcc.path and sonar.plsqlcop.tvdcc.param.licence.
    • Unix environments
      • remove leading c:
      • remove leading d:
      • change \ to /
      • change tvdcc.cmd to tvdcc.sh
    • Windows environments
      • change tvdcc.sh to tvdcc.cmd
    • Processing continues without code validation if the PL/SQL Cop executable is not found. In this case, an error is logged.
• Fixed:
  • Eliminated the warning WARN: Property 'sonar.plsqlcop.file.suffixes' is not declared as multi-values/property set but was read using 'getStringArray' method.