This guide will get a fully functional evaluation version of the enterprise CodeScan running on your own server.
If you want to use our quickstart bundler please go to our bundler instructions page.
- Ant 1.9+
- SonarQube (recommended version: 7.9)
- Java 11+
- Windows / Mac / Linux
- Download the latest version from here
- Extract the zip file. It contains the SonarQube plugins and an ant based tool to run an analysis with.
- Delete any existing Salesforce plugins from your installation
- Copy sonar-salesforce-plugin-XXX.jar and sonar-codescanlang-plugin-XXX.jar into your SonarQube installation at /extensions/plugins/
Note: you will need to edit antbuild.properties if your SonarQube installation different than usual or if you have a proxy. You can also edit /runner/antbuild.xml if you want to customize your workflows.
For more instructions on how to setup the SonarQube ant plugin, see https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Ant you should check the steps that the ant script takes are appropriate for your requirements.
Configure the CodeScan license:
- Click here to go to the license page and request an evaluation license.
- When you receive your license, enter it by logging into SonarQube with the credentials User: admin Password: admin and go to Administrator at the top right.
- Click on ‘General Settings’ on the right
- Click on CodeScan on the list of Categories
- Enter your license in the text box labelled ‘CodeScan license’ (key is sf.license.secured)
- Click save
Setting up your Quality Profiles
- Click on the Quality Profiles menu.
Setting up a project
- Create a copy of the ‘sonar-project-template’ folder in the runner directory of this folder and put it in the same project. Let’s call it /runner/my-project
salesforce.passwordto your Salesforce username/password. Your Salesforce token also has to appended to the end of your salesforce.password parameter. For example: salesforce.password=passwordtoken. Setting your Salesforce username and password is not necessary if you want to analyse static content (see running offline). Please use a system administrator user profile for this otherwise you may experience strange errors when downloading the code or executing tests.
- Open a command prompt and navigate into /runner/my-project
- Run this command. See Ant Configuration for a list of default commands
ant -f ../antbuild.xml analyse
NOTE: If the Anyone group is not granted Execute Analysis permission or if the SonarQube instance is secured (the sonar.forceAuthentication property is set to true), the credentials of a user having been granted Execute Analysis permission have to be provided through the sonar.login and sonar.password properties.
- If your network has a proxy, you will need to pass some more parameters to avoid license errors.
- A guide for this is available here.