SonarQube plugin for static code analysis of Scala projects.

Intended for SonarQube 6.7 LTS, SonarQube 7.7 and Scala 2.11/2.12. Running analysis from a Windows machine is currently not supported, please use Linux or other Unix-like operating systems.

This plugin is not an evolution from the legacy sonar-scala-plugin of which versions can be found laying around such as 1and1/sonar-scala. The previous plugin used the Scala compiler to create its metrics which had the disadvantage of requiring a specific plugin per each major version of Scala. Instead, this plugin uses the scala-ide/scalariform library to parse the source code in a version independent way.

This plugin currently supports the following SonarQube metrics:

Size

• Number of classes (and objects) - classes
• Number of lines containing either comments or commented-out code - comment_lines
• Number of files (computed by the platform) - files
• Lines of code - ncloc
• Number of functions - functions

Tests

• Number of lines of code which could be covered by unit tests - lines_to_cover
• Number of lines of code which are not covered by unit tests - uncovered_lines
• Percentage of line coverage - line_coverage
• Number of unit tests - tests
• Number of skipped unit tests - skipped_tests
• Number of unit test errors - test_errors
• Number of unit test failures - test_failures
• Execution duration of unit tests - test_execution_time

In addition to the above, the plugin reports the following custom metrics, which are extracted from the Scoverage report:

• Number of all statements - total_statements
• Number of statements covered by tests - covered_statements
• Percentage of statement coverage - scoverage
• Percentage of branch coverage - branch_scoverage

This plugin integrates 69 quality checks from Scalastyle and 117 from Scapegoat. 40 of the Scalastyle rules are defined without parameters, and the remaining 29 are rule templates, which allow you to set up custom rules by specifying the parameters yourself. Most of those are already activated for you with default values recommended by Scalastyle. Scapegoat rules don't contain any templates.

Sonar-scala creates two rules repositories and four built-in quality profiles: Scalastyle, Scapegoat and a combination of those two Scalastyle+Scapegoat and Recommended by sonar-scala. The rules in the quality profiles are almost all activated, except for those which are broken in the upstream projects and had to be blacklisted.

To make changes to any of the rules, you can clone the quality profile of your choice and then you should be able to activate or deactivate rules, change rule severity and create more custom rules from the existing templates. Alternatively, you can create your quality profile and activate rules from any of the repositories using SonarQube rule filtering and bulk-change features available on the Rules page.

For more information about Scalastyle and Scapegoat rules, please consult the upstream documentation:

• Scalastyle - http://www.scalastyle.org/rules-1.0.0.html
• Scapegoat - https://github.com/sksamuel/scapegoat/tree/v1.3.8

Download the latest release jar into your SonarQube plugins folder /opt/sonarqube/extensions/plugins and restart SonarQube either manually or using the update center.

For an out-of-the-box setup, you can use my docker-compose recipe or a docker image with SonarQube which contains bundled sonar-scala plugin. Please see mwz/sonar-scala-docker for more details.

For automating the analysis of your Scala projects, check out my sbt plugin mwz/sbt-sonar.

Also, see the examples directory, which includes sample projects for SBT (1.x), Gradle (5.x) and Maven (3.x) along with basic instructions on how to execute SonarQube analysis for each of those projects.

The plugin exposes the following properties which can be passed to sonar-scanner when running an analysis:

• sonar.sources - Scala source directory relative to the root of your project (usually src/main/scala)
• sonar.tests (optional) - Scala tests directory relative to the root of your project (usually src/test/scala)
• sonar.junit.reportPaths (optional) - relative path to the directory containing unit test execution reports in Surefire XML format (defaults to target/test-reports); those reports get generated automatically by sbt and Gradle (Gradle outputs those in build/test-results/test), for Maven see the examples on how to configure the Surefire plugin
• sonar.scala.version (optional) - defines the version of Scala used in your project (requires the {major}.{minor} versions and the patch version is ignored, defaults to 2.12)
• sonar.scala.scoverage.reportPath (optional) - relative path to the scoverage report (defaults to target/scala-${sonar.scala.version}/scoverage-report/scoverage.xml)
• sonar.scala.scoverage.disable (optional) - disables the Scoverage sensor from being executed on your sources (defaults to false)
• sonar.scala.scalastyle.disable (optional) - disables the Scalastyle sensor from being executed on your sources (defaults to false)
• sonar.scala.scapegoat.reportPath (optional) - relative path to the scapegoat report (defaults to target/scala-${sonar.scala.version}/scapegoat-report/scapegoat.xml)
• sonar.scala.scapegoat.disable (optional) - disables the Scapegoat sensor from being executed on your sources (defaults to false)

See an example usage:

sonar-scanner -Dsonar.projectName=test \
              -Dsonar.projectKey=test \
              -Dsonar.sources=src/main/scala \
              -Dsonar.tests=src/test/scala \
              -Dsonar.sourceEncoding=UTF-8 \
              -Dsonar.scala.version=2.12 \
              -Dsonar.scala.scoverage.reportPath=target/scala-2.12/scoverage-report/scoverage.xml \
              -Dsonar.scala.scapegoat.reportPath=target/scala-2.12/scapegoat-report/scapegoat.xml

or simply sbt sonarScan if you use the sbt-sonar sbt plugin.

To build the project from sources, run the assembly task in sbt shell and the jar assembled with all of the dependencies required by this plugin should be created in the target/scala-2.12 directory.

To debug the plugin, export the following environment variable before running sonar-scanner for your project:

export SONAR_SCANNER_OPTS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=8000"

Once you've done that, sonar-scanner should display the following message Listening for transport dt_socket at address: 8000. You can now attach your IDE to the process on port 8000, set breakpoints and debug the code.

This project is a continuation of the sonar-scala plugin, which was initially developed by Sagacify.

Many other projects have been used as an inspiration, here is a list of the main ones:

• RadoBuransky/sonar-scoverage-plugin
• arthepsy/sonar-scala-extra
• 1and1/sonar-scala
• SonarSource/sonar-java
• SonarSource/sonar-examples

For a list of changes and releases, please see CHANGELOG.

The project is licensed under the GNU LGPL v3. See the LICENSE file for more details.