Hey guys, For those who followed the tutorial but couldn't run it, here's what the problem might be and how to solve it: At the moment I'm talking about (31/08/2021) there is flutter plugin version 0.3.2, and I tried using it in sonarqube 9.0, and unfortunately this sonar version has problems for this plugin. So the version that runs normally will be exactly the same as the video= Sonarqube 8.8 and flutter plugin 0.3.1 Hope it helps more people, thanks for the tutorial, it was awesome! I'm Brazilian and your English was perfectly paced and calm, I understood 100% of everything you said, thank you!
I'm using sonarqube for one of my microservices. I'm upgrading the code on to spinnaker and getting failed tests so this helps to understand what each thing does on the dashboard.
Great video -- I also have the sonar scanner running on my flutter project on an azure pipeline. The part which isnt very clear is whether the scanner is also checking the external plugins that are used within the flutter app: for example, a camera plugin. I ran the scanner on my current work flutter project and I was a bit surprised that there were no security vulnerabilities, etc. From the web report generated by the scanner, there are many sections: duplication, size, complexity, issues, coverage, etc -- and when I click on the Overview tab within those sections, it just jumps into a code, with very little info. For example, I click on Code Smells inside of Maintainability, and how shows one particular bloc file, with New Code Smells: 0. My flutter project has over 200 files, and 100+ folders. So, it isnt small and probably has some flaws. Does all the sonarqube features require the non-community licence? I noticed that the enterprise edition provides the security reports. Any insights before I try the 14 day trial?
I've tried on Sonar Qube Enterprise Edition, with plugin version 0.5.1 and can't get security reports, does anyone know if is this a problem with the extension? or some extra configuration needs to be made?, documentation does not mention at all.
If you do not like to wait in the meantime there is also a very promising new project around a community plugin that you could check out: github.com/insideapp-oss/sonar-flutter
how is it different from dart code metrics check, does it provide additional code quality standards, or just for a GUI interface. For me and my team its not worth it. We are always looking for most strict code quality process. Let us know how we can improve it more
Great question, I had no specific look for now in dart code metrics check and will have now a deeper look. I believe at the moment because it is not fully supported. But in general it is not only about the UI it also includes some deployment and task features into it. For full supported languages like Typescript / Java etc. it also offers more features like task management, if you enter your passwords or if you have malfunctioning code. Also security it gives you additional insights in security issues.
This is great video, but i wanna ask. Why my code smell report is 0 Code Smell? i already using same version sonarqube, sonar scanner, and plugin flutter sonar.
Mhhh, it could be that you have awesome code. If we take that appart it could be that the plugin is not correctly working or that your code was not correct scanned. Are the other metrics work ok? Maybe it is a rule setting that you have to adjust.
@@FlutterExplained hi thanks for the reply. But i at my ide i got 48 code smells. When in run sonar scanner i got this error message : ERROR: org.buildobjects.process.StartupException: Could not startup process 'flutter analyze'. Can you pls help me?
Great, I use it usally in JS and Web Projects but I like the community edition at least to get an basic understanding and a visible indication :). I really hope SonarSource will support it in the future.
Sure with pleasure, it is to make sure that my voice is correctly hearable and there are no interference like for example my daughter shouting in the background. Else I would be not sure if the background is silent enough. Hope that answers your question :)
Thank you for tutorial. But I have problem. I followed tutorial, when I wrote terminal in Android studio I am getting the error. 'sonar-scanner.bat' is not recognized as an internal or external command, operable program or batch file
That is a quite typical System Variable problem, did you download and unzipped the sonar-scanner.bat file? Then you will need to add it to your System Environment Variables. I explain that for windows at 8:30. I hope that helps :)
Hi, have You fixed Your problem? I have the same and from 3 days I'm trying to fix it.. And yes I have added it to system environment var. How did You fixed it?
Thank you for tutorial. But I have problem. I followed tutorial, when I wrote terminal in Android studio I am getting the error. Project root configuration file: NONE
Thanks for your honest opinion. I guess the Scanner is already implemented inside of GitHub Actions. I am not sure though if it works already with a failing quality gate. I will investigate a little bit :)
I don't understand why people here in the comments say "fantastic video" when his whole demonstration ended up in a "D" qualifier or score (whatever you call it), so basically failing. And the video ended without fixing any issues that caused the "D" score. Btw I am also hitting 3 errors (2 blockers and one critical) when I am running my project thru the sonar step inside of a CICD pipeline, and I was hoping that this video would help me to figure out how to make my project pass the sonar test. Unfortunately this video did not pass its own sonar test, ended up in a "D" . Wow :(
Thank you for a very informative video. From what I can see Sonarqube is getting more and more popular. I havent used it yet but I think I will start with the community edition. In the project Im workig we're using over 95 librarier for Python . Does Sonarqube check if libraries are up to date?
Hey! I can confirm we (SonarSource) don't raise any warnings saying your dependencies are not up to date. This is called SCA and we don't provide yet such feature. For Python we have a powerful SAST engine that can find injection vulnerabilities in your code. You can try it for free at SonarCloud.io
Great question, I have to admit I have never done it myself. But I checked the documentation and it looks like there are a large amount of possibilities. docs.sonarqube.org/latest/extend/adding-coding-rules/
: Error during SonarScanner execution org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property. Please help me to resolve the asap @ Flutter explained
Great installation tutorial. Love you direct, no-fluff approach. However, you did not talk at all about SECURITY in this video and code quality was so general and high-level that I did not get a sense of the value SonarQube gives me. Sorry, cannot give you thumbs up with this title. If you change it to SonarQube Local Installation and Top Level Code Quality Features, I would definitely give you a thumbs up. Keep in mind that when you put a title, people come with some expectations - for me that was about security and I mostly wasted my time because you did not cover it.
Hi George, first of all, let me apologise for your lost time and that you did not find the answer you searched for. You made great suggestions, and I will see what I can do so that no more people fall into the same trap. As an answer to your security concerns, I can tell you that probably something like snyk is better for you than a static code analyser. snyk.io/ Static Code analysers are more about shallow code security topics and should not take for a holy grail. Like do not commit passwords, there is HTTP instead of HTTPS used etc. I hope that helps you and sorry again for the inconvenience.
Starting SonarQube... Unrecognized option: --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED Error: Could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit. Iam getting this error.please someone help @FlutterExplained
Hey guys,
For those who followed the tutorial but couldn't run it, here's what the problem might be and how to solve it:
At the moment I'm talking about (31/08/2021) there is flutter plugin version 0.3.2, and I tried using it in sonarqube 9.0, and unfortunately this sonar version has problems for this plugin.
So the version that runs normally will be exactly the same as the video= Sonarqube 8.8 and flutter plugin 0.3.1
Hope it helps more people, thanks for the tutorial, it was awesome! I'm Brazilian and your English was perfectly paced and calm, I understood 100% of everything you said, thank you!
Thank you for the support here, I pinned your comment so hopefully everyone who needs it gets access to it. 🙂
@@FlutterExplained many thanks! 🙏🏻
I'm using sonarqube for one of my microservices. I'm upgrading the code on to spinnaker and getting failed tests so this helps to understand what each thing does on the dashboard.
Extremely perfect. Thank you so much!!! Still works perfectly
Great video -- I also have the sonar scanner running on my flutter project on an azure pipeline. The part which isnt very clear is whether the scanner is also checking the external plugins that are used within the flutter app: for example, a camera plugin. I ran the scanner on my current work flutter project and I was a bit surprised that there were no security vulnerabilities, etc. From the web report generated by the scanner, there are many sections: duplication, size, complexity, issues, coverage, etc -- and when I click on the Overview tab within those sections, it just jumps into a code, with very little info. For example, I click on Code Smells inside of Maintainability, and how shows one particular bloc file, with New Code Smells: 0. My flutter project has over 200 files, and 100+ folders. So, it isnt small and probably has some flaws.
Does all the sonarqube features require the non-community licence? I noticed that the enterprise edition provides the security reports. Any insights before I try the 14 day trial?
I've tried on Sonar Qube Enterprise Edition, with plugin version 0.5.1 and can't get security reports, does anyone know if is this a problem with the extension? or some extra configuration needs to be made?, documentation does not mention at all.
Thanks, for such detailed guide, added it to my CI/CD flutter project. Waiting for native support for dart from sonar team.
If you do not like to wait in the meantime there is also a very promising new project around a community plugin that you could check out: github.com/insideapp-oss/sonar-flutter
@@FlutterExplained yes, I use it just now, and it works pretty well, but official support will be great
Hi folks! I've already follow the tutorial and the coverage don't appear. I need another config?
Code coverage % is always displayed as zero. Any inputs on how to fix this?
Make sure the .lcov file is being sent to SonarQube
how is it different from dart code metrics check, does it provide additional code quality standards, or just for a GUI interface. For me and my team its not worth it.
We are always looking for most strict code quality process.
Let us know how we can improve it more
Great question, I had no specific look for now in dart code metrics check and will have now a deeper look. I believe at the moment because it is not fully supported. But in general it is not only about the UI it also includes some deployment and task features into it.
For full supported languages like Typescript / Java etc. it also offers more features like task management, if you enter your passwords or if you have malfunctioning code. Also security it gives you additional insights in security issues.
@@FlutterExplained Ok great, thanks
if i add .jar file into plugin and again run this command 'C:\sonarqube\bin\windows-x86-64\StartSonar.bat' so it's return error
This is great video, but i wanna ask. Why my code smell report is 0 Code Smell? i already using same version sonarqube, sonar scanner, and plugin flutter sonar.
Mhhh, it could be that you have awesome code. If we take that appart it could be that the plugin is not correctly working or that your code was not correct scanned. Are the other metrics work ok? Maybe it is a rule setting that you have to adjust.
@@FlutterExplained hi thanks for the reply. But i at my ide i got 48 code smells. When in run sonar scanner i got this error message : ERROR: org.buildobjects.process.StartupException: Could not startup process 'flutter analyze'. Can you pls help me?
I played with SonarQube some days ago, but not in production yet.
Great, I use it usally in JS and Web Projects but I like the community edition at least to get an basic understanding and a visible indication :). I really hope SonarSource will support it in the future.
can someone please tell me, why earphone when he is recording over a microphone !!!
Sure with pleasure, it is to make sure that my voice is correctly hearable and there are no interference like for example my daughter shouting in the background. Else I would be not sure if the background is silent enough. Hope that answers your question :)
How can I get a similar home setup, the seat and monitors
I am using sonarqube in docker, now how can I follow these instructions?
Thank you for tutorial. But I have problem. I followed tutorial, when I wrote terminal in Android studio I am getting the error.
'sonar-scanner.bat' is not recognized as an internal or external command,
operable program or batch file
That is a quite typical System Variable problem, did you download and unzipped the sonar-scanner.bat file? Then you will need to add it to your System Environment Variables. I explain that for windows at 8:30. I hope that helps :)
Set Enviroment Variable
Hi, have You fixed Your problem? I have the same and from 3 days I'm trying to fix it.. And yes I have added it to system environment var. How did You fixed it?
Thank you for tutorial. But I have problem. I followed tutorial, when I wrote terminal in Android studio I am getting the error.
Project root configuration file: NONE
Thank you for this fantastic video, 😆
Glad you enjoyed it and could make good use of it!
imho SonarQube will be relevant only if and when will support github actions
Thanks for your honest opinion. I guess the Scanner is already implemented inside of GitHub Actions. I am not sure though if it works already with a failing quality gate. I will investigate a little bit :)
This is officially supported: github.com/marketplace/actions/official-sonarqube-scan
will these instructions work for M1 mac?
Hi Deva, for me all of them work and they worked well. Feel free to let me know your experience if you have tried it :)
Wann machst du das Viedeo?
Bin dran :)
I don't understand why people here in the comments say "fantastic video" when his whole demonstration ended up in a "D" qualifier or score (whatever you call it), so basically failing.
And the video ended without fixing any issues that caused the "D" score.
Btw I am also hitting 3 errors (2 blockers and one critical) when I am running my project thru the sonar step inside of a CICD pipeline, and I was hoping that this video would help me to figure out how to make my project pass the sonar test. Unfortunately this video did not pass its own sonar test, ended up in a "D" . Wow :(
thank you , so much
Always welcome
Hello I'm Lena.🙋♀️😉
Welcome Lena :), ich hoffe es geht dir gut. Grüße von K.
Mir geht es gut.👍👌😉😃🤣😊
Und warum heißt du K?🤨🤔
Denke noch an das Video 😉
Thank you for a very informative video. From what I can see Sonarqube is getting more and more popular. I havent used it yet but I think I will start with the community edition. In the project Im workig we're using over 95 librarier for Python . Does Sonarqube check if libraries are up to date?
Good question, but no I guess it will not check the dependencies :)
Hey! I can confirm we (SonarSource) don't raise any warnings saying your dependencies are not up to date. This is called SCA and we don't provide yet such feature. For Python we have a powerful SAST engine that can find injection vulnerabilities in your code. You can try it for free at SonarCloud.io
Can we define our own rules to sonar? And how complex they may be?
Great question, I have to admit I have never done it myself. But I checked the documentation and it looks like there are a large amount of possibilities.
docs.sonarqube.org/latest/extend/adding-coding-rules/
Thank you for this :)
: Error during SonarScanner execution
org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
Please help me to resolve the asap @ Flutter explained
anyone please help me
Amazing 😍😍😍
Thanks!
Please use McaOS, thanks
"The main branch has no lines of code." can not solve this,
Waaaaw 😅
Great installation tutorial. Love you direct, no-fluff approach. However, you did not talk at all about SECURITY in this video and code quality was so general and high-level that I did not get a sense of the value SonarQube gives me. Sorry, cannot give you thumbs up with this title. If you change it to SonarQube Local Installation and Top Level Code Quality Features, I would definitely give you a thumbs up. Keep in mind that when you put a title, people come with some expectations - for me that was about security and I mostly wasted my time because you did not cover it.
Hi George, first of all, let me apologise for your lost time and that you did not find the answer you searched for. You made great suggestions, and I will see what I can do so that no more people fall into the same trap.
As an answer to your security concerns, I can tell you that probably something like snyk is better for you than a static code analyser.
snyk.io/
Static Code analysers are more about shallow code security topics and should not take for a holy grail. Like do not commit passwords, there is HTTP instead of HTTPS used etc.
I hope that helps you and sorry again for the inconvenience.
What happened to the SECURITY part? Sorry, thumbs down :(
Starting SonarQube...
Unrecognized option: --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.
Iam getting this error.please someone help @FlutterExplained