A SonarQube plugin for analyzing ColdFusion code, based on the CFLint library.
Setup Maven settings.xml with
<servers>
<server>
<id>github</id>
<privateKey>yourprivatekey</privateKey>
</server>
</servers>Run Maven goal
mvn clean package de.jutzig:github-release-plugin:1.3.0:release This will build the plugin jar file, create a release and a tag on github and upload the artifact to the repo.
- Download the JAR file from the releases section or build it yourself by cloning the code and running
mvn install. - Copy
sonar-coldfusion-plugin-{version}.jarto<sonarqube dir>/extensions/plugins. - Restart SonarQube.
Follow the instructions for analyzing code with SonarQube Scanner. The ColdFusion plugin will automatically discover and analyze .cfc and .cfm files.
If you encounter log output indicating, that the Compute Engine of SonarQube has insufficient memory, similar to:
2016.06.22 16:17:43 INFO ce[o.s.s.c.t.CeWorkerCallableImpl] Execute task | project=ApplyNowModule | type=REPORT | id=AVV4eUIgcn4uboqEX1C3
java.lang.OutOfMemoryError: GC overhead limit exceeded
Dumping heap to java_pid8400.hprof ...
Heap dump file created [565019912 bytes in 6.373 secs]
you'll need to increase heap memory on the server, in <sonarqube dir>/conf/sonar.properties:
sonar.ce.javaOpts=-Xmx2g -Xms128m -XX:+HeapDumpOnOutOfMemoryError
2GB might be enough, or perhaps your code base warrants more.
Based on StepStone GmbH repo
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.