sonar-ps-plugin

Repository for Powershell language plugin for Sonar.

Description

Currently plug-in supports:

• Reporting of issues found by PSScriptAnalyzer
• Cyclomatic and cognitive complexity metrics (since version 0.3.0)
• Reporting number of lines of code and comment lines metrics (since version 0.3.2)

Dev-Branch:

Master-Branch:

Donating

You can support this project and others via Paypal

Usage

1. Download and install SonarQube
2. Download plugin from the releases and copy it to sonarqube's extensions\plugins directory
3. Start SonarQube and enable rules
4. Prepare build agent machines:

• WINDOWS:
  • Install PSScriptAnalyzer into your build machine where you plan to run sonar scanner, quick steps:
  • In powershell terminal run (more info): Install-Module -Name PSScriptAnalyzer -Force
  • Verify if module got installed successfully in poweshell terminal run (more info): Invoke-ScriptAnalyzer -ScriptDefinition '"b" = "b"; function eliminate-file () { }'
  • You can check sample project to test plugin and verify configuration
• LINUX:
  • Install Powershell on Linux (for example Ubuntu https://learn.microsoft.com/en-us/powershell/scripting/install/install-ubuntu?view=powershell-7.4)
  • Install PSScript analyzer (https://learn.microsoft.com/en-us/powershell/utility-modules/psscriptanalyzer/overview?view=ps-modules#installing-psscriptanalyzer), for example in the terminal execute to install it: pwsh -Command "Install-Module -Name PSScriptAnalyzer -Force"
  • Test if module is working properly: pwsh -Command "Invoke-ScriptAnalyzer -ScriptDefinition '"b" = "b"; function eliminate-file () { }'"
  • Once you executed previous steps, please specify "sonar.ps.executable" property to point to powershell executable on the linux (you can find it by using command whereis pwsh): sonar.ps.executable="/usr/bin/pwsh"

Configuration

Currently there is a possibility to override the following options either on server in the Administration tab or on the project configuration files:

• sonar.ps.tokenizer.skip - if set to true - skips tokenizer, which might be time consuming, defaults to false
• sonar.ps.file.suffixes - allows to specify which files should be detected as Powershell files, defaults to .ps1,.psm1,.psd1
• sonar.ps.executable - allows to specify powershell executable, defaults to powershell.exe (since version 0.3.0)
• sonar.ps.plugin.skip - if set to true - skips plugin in general, meaning that no sensors are run, defaults to false (since version 0.3.0)
• sonar.ps.tokenizer.timeout - maximum number of seconds to wait for tokenizer results, defaults to 3600 (since version 0.4.0)
• sonar.ps.external.rules.skip - list of repo:ruleId comma separated pairs to skip reporting of issues found by rules (since version 0.5.0)

Requirements

Different plugin versions supports the following:

• 0.5.3 - Sonarqube version 8.9.2+ and PSScriptAnalyzer version 1.20+ rules, Java 17+
• 0.5.1 - Sonarqube version 8.9.2+ and PSScriptAnalyzer version 1.20+ rules, Java 11+
• 0.5.0 - Sonarqube version 6.7.7+ and PSScriptAnalyzer version 1.18.1 rules, Java 8
• 0.3.0 - Sonarqube version 6.3+ and PSScriptAnalyzer version 1.17.1 rules, Java 8
• 0.2.2 - Sonarqube 5.6+ version and PSScriptAnalyzer version 1.17.1 rules, Java 8