SonarQube
  1. SonarQube
  2. SONAR-2119

Separate Sonar Analysis from Database Update

    Details

    • Type: New Feature New Feature
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Database
    • Labels:
      None
    • Number of attachments :
      0

      Description

      In a large organization, there's a strong benefit to having a central Sonar server for reporting and management but multiple build environments managed by different teams. These could well be geographically dispersed. In the current Sonar architecture, database updates occur as part of the Sonar Analysis. If the location database server is on another network from where the analysis is run, the length of time for the analysis can be considerable due to network latency.

      The feature requested is to create an offline/batch mode for processing where the analysis could be run and a SQL or XML file generated instead of writing directly to the database. The file could then be processed later. Separating the Sonar analysis from the database update would free up the CI server on the build machine to perform builds. The database update could then be run separately, the cost being the delay in seeing the results.

      Another benefit would be for really large analysis that run multiple hours. If the database connection fails, the analysis needs to be re-run. In batch mode, the analysis data could be generated and moved to the database server (via scp, etc). The data could then be incorporated into the database using a local SQL connection removing the network issue.

        Issue Links

          Activity

          Hide
          Eddie Webb added a comment - - edited

          HTTP Web Service Please

          I agree, we need to sever the idea of Maven connecting to the database all together, and rely on more granular protections that could be achieved with HTTP(s) web service calls.

          • Allows integration with existing security (LDAP, Crowd, Etc)
          • Allows IDs access to submit analysis, and not randomly update any database rows
          • Allows teams to analyse certain projects, and nothing else
          Show
          Eddie Webb added a comment - - edited HTTP Web Service Please I agree, we need to sever the idea of Maven connecting to the database all together, and rely on more granular protections that could be achieved with HTTP(s) web service calls. Allows integration with existing security (LDAP, Crowd, Etc) Allows IDs access to submit analysis, and not randomly update any database rows Allows teams to analyse certain projects, and nothing else
          Hide
          David Ehringer added a comment -

          I definitely agree that an HTTP only solution would be a huge improvement.

          Show
          David Ehringer added a comment - I definitely agree that an HTTP only solution would be a huge improvement.
          Hide
          Chris Willman added a comment -

          +1 for a HTTP intermediate (similar to SonarQube IDE). Not exposing JDBC info would solve many security risks at my org. I also think this problem is redundant if partial analysis were possible.

          Show
          Chris Willman added a comment - +1 for a HTTP intermediate (similar to SonarQube IDE). Not exposing JDBC info would solve many security risks at my org. I also think this problem is redundant if partial analysis were possible.
          Hide
          Guillaume Boucherie added a comment -

          This enhancement was previously planned for 4.3, then for 5.0 and its now unscheduled.
          Did you plan to work on this feature ? Maybe there is another issue linked to this feature ?
          Thanks

          Show
          Guillaume Boucherie added a comment - This enhancement was previously planned for 4.3, then for 5.0 and its now unscheduled. Did you plan to work on this feature ? Maybe there is another issue linked to this feature ? Thanks
          Hide
          Freddy Mallet added a comment -

          @Guillaume, be sure that we're currently hardly working on this ticket but by definition this requires a lot of stuff to be done before doing any release.

          Show
          Freddy Mallet added a comment - @Guillaume, be sure that we're currently hardly working on this ticket but by definition this requires a lot of stuff to be done before doing any release.

            People

            • Assignee:
              Unassigned
              Reporter:
              John M. Vogtle
            • Votes:
              42 Vote for this issue
              Watchers:
              29 Start watching this issue

              Dates

              • Created:
                Updated: