99x-Delivery-Framework / PHR-Code-Analysis

0 stars 1 forks source link

Why is the Sonarqube version used in the script v9 and not the latest? #9

Open keshav1002 opened 3 months ago

keshav1002 commented 3 months ago

I would like to know why the latest version of the Sonarqube community edition is not utilized in the script and its locked to version 9.9.5-community edition.

keshav1002 commented 3 months ago

The main reason for sticking to version 9.9.5 is due to the fact that the plugin that we rely on to generate the reports as of right now supports up until that particular version. Newer versions such as v10 and above are not supported by the plugin right now. If in the future the plugin is updated to support a newer version then this script can also be updated to support that particular version.

The Enterprise edition of Sonarqube comes with built-in functionality for generating reports. However due to cost constraints and licensing issues, since this script needs to be run on many projects, the community edition seems to be more suitable. The only effective plugin that was found so far that can almost bring the same functionality as the reporting feature in the Enterprise edition to the Community edition was the Sonar CNES report plugin, thereby was chosen to be used in this script. If a new better plugin arises then we can update the script to accommodate that as well.

Another alternative to avoid this limitation is to build our own plugin to generate reports. A simple version of this exists in this repo as a Java project since it was required to be utilized for generating reports while scanning .NET projects. The SonarQube API provides functionalities to programmatically pull the analysis details and metadata. A custom-built plugin can ensure support for the latest version of Sonarqube and achieve broader goals of reporting and analysis of projects.