C++ example project scanned on SonarQube using Azure Pipelines

This project is analysed on SonarQube!

It is very easy to analyze a C, C++ and Objective-C project with SonarQube on Azure DevOps:

1. Create a sonar-project.properties file to store your configuration

2. Install SonarQube extension for your organization:

   1. Open Organization settings (in the bottom left corner of organization view)

   2. Open "Extensions" page (in the General category)

   3. Press "Browse marketplace" and find "SonarQube"

   4. Select your organization and click "Install"

3. Add the SonarQube connection to your project:

   1. Open Project settings (in the bottom left corner)

   2. Open "Service connections" page (in the Pipelines category)

   3. Press "New connection" and select "SonarQube""

   4. Fill in the server URL (e.g.: https://example.com:9000) and the authentication token

   5. Name your connection SonarQube (to reference it later in azure-pipelines.yml)

4. In your azure-pipelines.yml file:

   1. Add the SonarQubePrepare task and configure it:

      • Specify the SonarQube Service Endpoint as SonarQube - the connection you created earlier

      • Choose "Use standalone scanner" (scannerMode: 'CLI')

      • Choose "Manually provide configuration"

      • Specify the "Project Key" and the "Sources directory root"

      • In "Additional Properties" in the "Advanced" section, add the property sonar.cfamily.build-wrapper-output with, as its value, the output directory to which the Build Wrapper should write its results (e.g. build_wrapper_output_directory)

   2. Add a task to download the Build Wrapper

   3. Wrap your compilation with the Build Wrapper

   4. Add the SonarQubeAnalyze task

You can take a look at the sonar-project.properties and azure-pipelines.yml to see it in practice.

Documentation

• Documentation of the C, C++ and Objective-C plugin and its Build Wrapper

• Documentation of using SonarQube with Azure DevOps

• Configuring C, C++ and Objective-C analysis cache

• Configuring multithreaded execution

Warnings

The following warning may appear during invocation of /build-wrapper-macosx-x86. To best of our knowledge does not affect the result of the analysis:

dyld: warning: could not load inserted library '/Users/runner/.sonar/build-wrapper-macosx-x86/libinterceptor.dylib' into hardened process because no suitable image found.  Did find:
	/Users/runner/.sonar/build-wrapper-macosx-x86/libinterceptor.dylib: code signature in (/Users/runner/.sonar/build-wrapper-macosx-x86/libinterceptor.dylib) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.

For details please reffer to following ticket and community thread.

macOS\XCodeBuild

A build of the code repository on a macOS using XCode build system.

To build the code run from the repository root directory:

xcodebuild

Code Description

An example of a flawed C++ code. The code repository is meant to be compiled with different build systems using different CI pipelines on Linux, macOS, and Windows.

The code repository is forked into other repositories in this collection to add a specific build system, platform, and CI. The downstream repositories are analyzed either with SonarQube or SonarCloud.

You can find examples for:

• Linux

• macOS

• Windows

Using the following build systems:

• CMake

• GNU Autotools

• Xcode

• MSBuild

Running on the following CI services:

• Azure DevOps

• GitHub Actions

• Travis

• Jenkins

• GitLab CI

• BitBucket Pipelines

• Additionally, generic examples demonstrate integration with other CIs and manual-configuration examples should help you if you are running locally.

Configured for analysis on:

• SonarQube

• SonarCloud

You can find also a few examples demonstrating:

• The use of Compilation Database (compile_commands.json)

• Test coverage

See examples-structure.adoc for a description of the structure of this GitHub organization and the relations between its different repositories.