db CODECOP* is a plugin designed to perform static code analysis for SQL and PL/SQL code, ensuring adherence to coding standards and best practices. It can be integrated with SonarQube to provide automated scanning and reporting on code quality, identifying potential issues like security vulnerabilities, performance bottlenecks, and code inconsistencies.
Step 1: Download db CODECOP*
Download the standalone plugin from db CODECOP Release Page. The version used is sonar-plsql-cop-standalone-8.9.12.jar.
Step 2: Place the Plugin in SonarQube Extension Folder
Copy the .jar file to the directory:
C:\sonarqube-10.7.0.96327\extensions\plugins
Step 3: Install the Child Plugin (Custom Validator Plugin)
Download the custom validator plugin from Custom Validator Plugin Release Page. The version used is sonar-plsql-cop-custom-validators-plugin-5.0.1.jar. Copy the downloaded .jar file to the extensions/plugins folder and restart the SonarQube server.
Step 4: Configure Validator Config Class on SonarQube
Login to SonarQube as Administrator. Go to Administration > General Settings > Configuration > db* CODECOP. Enter one of the following in the Validator Config Class field:
com.trivadis.sonar.plugin.GLPValidatorConfig
OR
com.trivadis.sonar.plugin.TrivadisGuidelines3PlusValidatorConfig (recommended).
Save the configuration.
Step 5: Restart SonarQube
Navigate to Administration > System and click Restart Server.
Step 6: Create a Jenkins Pipeline Script
Use the following Jenkins pipeline script for SonarQube integration:
pipeline {
agent any
environment {
SONAR_SCANNER_PATH = 'C:\\ProgramData\\Jenkins\\.jenkins\\tools\\hudson.plugins.sonar.SonarRunnerInstallation\\sonar-scanner\\bin\\sonar-scanner.bat'
SONAR_HOST_URL = 'http://localhost:9000/'
SONAR_PROJECT_KEY = 'scanlocal'
SONAR_PROJECT_NAME = 'scanlocal'
SONAR_PROJECT_VERSION = '1.0'
SONAR_SOURCE_ENCODING = 'UTF-8'
GIT_REPO_URL = 'https://sonarqubescanning-admin@bitbucket.org/sonarqubescanning/scanlocal.git'
GIT_BRANCH = 'master'
GIT_CREDENTIALS_ID = 'bb_coding'
}
stages {
stage('Clone Repository') {
steps {
git branch: "${GIT_BRANCH}",
url: "${GIT_REPO_URL}",
credentialsId: "${GIT_CREDENTIALS_ID}"
}
}
stage('SonarQube Analysis') {
steps {
script {
withSonarQubeEnv('SonarQube') {
bat """
"${SONAR_SCANNER_PATH}" ^
-Dsonar.host.url=${SONAR_HOST_URL} ^
-Dsonar.projectKey=${SONAR_PROJECT_KEY} ^
-Dsonar.projectName=${SONAR_PROJECT_NAME} ^
-Dsonar.projectVersion=${SONAR_PROJECT_VERSION} ^
-Dsonar.sourceEncoding=${SONAR_SOURCE_ENCODING} ^
-Dsonar.qualitygate.wait=true ^
-Dsonar.sources=. ^
-Dsonar.inclusions=**/*.sql
"""
}
}
}
}
}
}
Step 7: Run the Jenkins Job
Execute the Jenkins pipeline job. The SonarQube report will be generated using db CODECOP.
