/sonar-coldfusion

SonarQube ColdFusion Analyzer

Primary LanguageJavaApache License 2.0Apache-2.0

SonarQube ColdFusion Plugin

CI Quality Gate Status Coverage

A SonarQube plugin for analyzing ColdFusion code, based on the CFLint library.

Installation

  1. Download the JAR file from the releases section or build it yourself by cloning the code and running mvn install.
  2. Copy sonar-coldfusion-plugin-{version}.jar to <sonarqube dir>/extensions/plugins.
  3. Restart SonarQube.

Compatibility

SonarQube Version Plugin Version
9.0 - 9.1 2.2.0
7.6 - 8.9 2.1.1
5.6 - 7.5 1.5.0

Running

Follow the instructions for analyzing code with SonarQube Scanner. The ColdFusion plugin will automatically discover and analyze .cfc and .cfm files.

Parameters tuning

If you encounter log output indicating, that the Compute Engine of SonarQube has insufficient memory, similar to:

2016.06.22 16:17:43 INFO  ce[o.s.s.c.t.CeWorkerCallableImpl] Execute task | project=ApplyNowModule | type=REPORT | id=AVV4eUIgcn4uboqEX1C3
java.lang.OutOfMemoryError: GC overhead limit exceeded
Dumping heap to java_pid8400.hprof ...
Heap dump file created [565019912 bytes in 6.373 secs]

you'll need to increase heap memory on the server, in <sonarqube dir>/conf/sonar.properties:

sonar.ce.javaOpts=-Xmx2g -Xms128m -XX:+HeapDumpOnOutOfMemoryError

2GB might be enough, or perhaps your code base warrants more.

Building

Run Maven goal

mvn clean package

Releasing

Setup Maven settings.xml with

  <servers>
    <server>
        <id>github</id>
        <privateKey>yourprivatekey</privateKey>
    </server>
  </servers>

Run Maven goal

mvn clean package de.jutzig:github-release-plugin:1.3.0:release 

This will build the plugin jar file, create a release and a tag on github and upload the artifact to the repo.

Contributors

Many thanks for the people, who created or improved this project:

  • Tomek Stec
  • Michał Paluchowski
  • Nicolas Bihan
  • Gareth Edwards

License

Copyright 2016-2019 StepStone GmbH and contributors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.