Git Product home page Git Product logo

mathan-dependency-updates-sonar-plugin's Introduction

Build Status Codacy Badge

Dependency-Updates-Report Plugin for SonarQube 7.x

Integrates dependency updates report from versions-maven-plugin into SonarQube v7.3 or higher.

About dependency updates report

The versions-maven-plugin has the goal dependency-updates-report which creates an overview about available updates for the dependencies of a Maven project. There can be incremental, minor or major version updates.

Note

This SonarQube plugin does not perform analysis, rather, it reads existing dependency-updates-reports. Please refer to versions-maven-plugin for relevant documentation how to generate the reports.

Metrics

The plugin keeps track of the following statistics:

Metric Description
Dependencies to patch The number of dependencies with patches available (incremental updates).
Dependencies to patch (Ratio) The ratio of dependencies to patch.
Dependencies to upgrade The number of dependencies with upgrades available (minor and/or major updates).
Dependencies to upgrade (Ratio) The ratio of dependencies to upgrade.
Patch maintenance The rating of the patch maintenance (see below)
Patches missed The total number of patches missed.
Upgrade maintenance The rating of the upgrade maintenance (see below)
Upgrades missed The total number of upgrades missed.

Maintenance rating

The number of dependencies of patches/upgrades cannot be used for rating as this should also depend on the ratio to the total number of dependencies and the total number of patches/upgrades per dependency.

This metric is not final. For now the rating is based on the regarding ratio.

Ratio Rating
< 5% a
< 10% b
< 20% c
< 50% d
>=50% e

Installation

Copy the plugin (jar file) to $SONAR_INSTALL_DIR/extensions/plugins and restart SonarQube.

Plugin Configuration

The versions-maven-plugin will output a file named 'dependency-updates-report.xml' when asked to output XML. The mathan-dependency-updates-sonar-plugin reads an existing dependency updates XML report.

There is additional configuration available which enables to override the default mapping from available updates to SonarQube severity. It is also possible to include or exclude certain dependencies for the check. Reducing or raising the severity for dependencies can be done too.

Artifact pattern syntax

The filters defined are using a special artifact pattern syntax already known from Maven extended to allow a comma separated list of such patterns.

The pattern is defined like this: [groupId]:[artifactId]:[type]:[version]:[scope]:[classifier].

Each pattern segment is optional and supports full and partial * wildcards. An empty pattern segment is treated as an implicit wildcard. For example, org.apache.* would match all artifacts whose group id started with org.apache., and :::*-SNAPSHOT would match all snapshot artifacts.

Configuration properties

Property Description Default
sonar.dependencyUpdates.updateIncremental Overrides the severity used for dependencies with incremental updates available. (INFO, MINOR, MAJOR, CRITICAL, BLOCKER) Severity.MINOR
sonar.dependencyUpdates.updateMinor Overrides the severity used for dependencies with minor updates available. (INFO, MINOR, MAJOR, CRITICAL, BLOCKER) Severity.MAJOR
sonar.dependencyUpdates.updateMajor Overrides the severity used for dependencies with major updates available. (INFO, MINOR, MAJOR, CRITICAL, BLOCKER) Severity.CRITICAL
sonar.dependencyUpdates.inclusions Filter (see Artifact pattern syntax) to include certain dependencies only. ::::: (include all)
sonar.dependencyUpdates.exclusions Filter (see Artifact pattern syntax) to exclude certain dependencies. (none)
sonar.dependencyUpdates.override.info Filter (see Artifact pattern syntax) to override severtiy (if updates are available for dependencies matching) to INFO (none)
sonar.dependencyUpdates.override.minor Filter (see Artifact pattern syntax) to override severtiy (if updates are available for dependencies matching) to MINOR (none)
sonar.dependencyUpdates.override.major Filter (see Artifact pattern syntax) to override severtiy (if updates are available for dependencies matching) to MAJOR (none)
sonar.dependencyUpdates.override.critical Filter (see Artifact pattern syntax) to override severtiy (if updates are available for dependencies matching) to CRITICAL (none)
sonar.dependencyUpdates.override.blocker Filter (see Artifact pattern syntax) to override severtiy (if updates are available for dependencies matching) to BLOCKER (none)

mathan-dependency-updates-sonar-plugin's People

Contributors

reallyinsane avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.