I might be missing something obvious, but I can't seem to get scan results for javascript to appear in SonarCloud. The repository is 95% an angular app with 5% java code. The java code scan is appearing in SonarCloud, but really I only need to scan the javascript in the angular application.
So clearly we are connected to SonarCloud, but nothing appears for the javascript.
I added <sonar.language>js</sonar.language> to the pom.xml file, which has had the effect that no scan information at all appears in SonarCloud, presumably because this property cancels scanning any language other than javascript, and the javascript scan isn't configured correctly.
I just want to scan the angular project and report results in SonarCloud. Either by scanning the dist/portal directory where the angular project is built, or by scanning the underlying Typescript files in src/app.
It's fine if the java code is also scanned.
Thanks for any help or pointers you can provide.
The directory structure of the repository is:
- src
- app
- [rest of angular code]
- e2e
- [testing files]
- deploy
- pom.xml
- [java code for the deploy]
- bitbucket-pipelines.yml
This is the pipeline.yml, and the step that uses maven to run sonarcloud:
caches:
sonar: ~/.sonar/cache
steps:
- step: &buildArtifacts
name: Build and test
image:
name: [[NAME]]
aws:
access-key: $AWS_ACCESS_KEY
secret-key: $AWS_SECRET_KEY
caches:
- maven
- sonar
script:
- source prepare_environment.sh
- mvn -e clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
artifacts:
- artifact/**
And this is the properties inside the pom.xml in the deploy/directory:
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<sonar.language>js</sonar.language>
<sonar.sources>${project.basedir}/../dist/portal</sonar.sources>
</properties>
Best option for scanning JS/TS is a custom Pipe.
If you don’t care about the Java code and just need to scan the Javascript and Typescript, then using the scanner for CLI is probably the best bet, and even more specifically, using the scan pipe is easiest to configure on Bitbucket Cloud. You don't need to use Maven at all.
In your bitbucket-pipelines YAML file, remove (or comment out) the reference to org.sonarsource.scanner in your &buildArtifacts step:
mvn -e clean verify # org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
Then create a new step to run the pipe:
- step: &buildAndTestSonarCloud
name: Analyze with SonarCloud
caches:
- node
- sonar
script:
- npm update && npm install
- pipe: sonarsource/sonarcloud-scan:0.1.5
variables:
SONAR_TOKEN: ${SONAR_TOKEN}
EXTRA_ARGS: '-Dsonar.sources=src/app'
SONAR_SCANNER_OPTS: -Xmx512m
DEBUG: "false"
You might also need to expand memory available for the step with something like this:
definitions:
services:
docker:
memory: 2048
Finally, call your step:
pipelines:
default:
- step: *buildAndTestSonarCloud
- step: *buildArtifacts
That should work. You should be up and running there on the JS/TS.
If you also want to run unit tests and have sonarcloud track your test coverage, add this below your npm update line:
- npm run test -- --code-coverage --no-watch --no-progress --browsers=ChromeHeadlessNoSandbox
And these EXTRA_ARGS configured for your file structure:
'-Dsonar.tests=src -Dsonar.test.inclusions="**/testing/**,**/*.spec.ts" -Dsonar.typescript.lcov.reportPaths=coverage/lcov.info'
That worked for me and should handle the full configuration.
Note: This is not going to look at Java code in your repository. If you do need Java code also scanned, a more complex Maven implementation is what you will need.