Integrate NDepend with SonarQube v5

IMPORTANT:
  • If you want to run the SonarQube NDepend plugin with a pro BuildMachine licensing, you are not concerned by the procedure below.
  • If you want to run the SonarQube NDepend plugin with the 14-day trial, you need to make sure to activate the NDepend 14-day trial period on the machine that will run it.
  • To do so, once NDepend files unzipped on the machine, just run once VisualNDepend.exe. You'll go through a few seconds activation procedure if the machine is connected to internet.
  • If the machine is not connected to internet, an offline activation procedure will be proposed instead, and must be fulfilled in order to run the SonarQube NDepend plugin.
  • Notice that the same Windows user must be used for activating thought VisualNDepend.exe, and for running the SonarQube NDepend plugin executables (NDepend.SonarQube.RuleRunner.exe and NDepend.SonarQube.RuleSetBuilder.exe see below).



Plugin Prerequisites



Install the NDepend Plugin

    Copy the sonar-ndepend-plugin-VERSION.jar

    • from the $NDependInstallDir$\Integration\SonarQube directory
    • to the $SonarQubeInstallDir$\extensions\plugins directory

    Notice that this plugin is open sourced at: https://github.com/SonarCommunity/sonar-ndepend




Generate the set of NDepend Rules that will be configured into the Sonar server
    Generate the NDepend rules set to configure into SonarQube, using the executable:
    $NDependInstallDir$\Integration\SonarQube\NDepend.SonarQube.RuleSetBuilder.exe
    that takes 2 command line arguments:
    • The absolute file path of the NDepend project file (file name extension .ndproj)
    • The absolute file path of the output XML file path (file name extension extension .xml). Later we'll explain how to use its XML content.
    Notice that the rules taken account are activated rules defined in:
IMPORTANT:
  • Make sure that all your assemblies analyzed by NDepend PDB files are available, because without PDB, NDepend rules issues won't have source file declaration available.
  • For this reason, if a single PDB file is missing, the executable NDepend.SonarQube.RuleSetBuilder.exe will fail. Its exit-code will be 1 (while 0 means success) and an explicit message will be shown on the console.
  • Related link: Understanding NDepend Analysis Inputs



Start Sonar

    Start Sonar : for example on a Windows x64 machine do: $SonarQubeInstallDir$\bin\windows-x86-64\StartSonar.
    Note that the communication from NDepend to SonarQube occurs through XML files: hence NDepend must run on Windows but the SonarQube server can run on any OS.

    In a browser open http://localhost:9000/ and log to SonarQube as admin




Configure the NDepend Rules in the Sonar server
    From the SonarQube web UI, go to Settings > NDepend and:
    • In the NDepend Rules textbox, set the XML content of the XML file generated by NDepend.SonarQube.RuleSetBuilder.exe (see above).
    • In the Path to textbox, set the NDepend.SonarQube.RuleRunner.exe absolute path.
      This executable can be found under $NDependInstallDir$\Integration\SonarQube\NDepend.SonarQube.RuleRunner.exe
      Don't prefix the path with an environnement variable path, write the entire variable path.

Click Save and restart Sonar.


NOTE:
  • Each time you’ll update your set of NDepend rules,
    • NDepend.SonarQube.RuleRunner.exe will have to be re-run,
    • the NDepend Rules textbox will have to be re-filled with NDepend.SonarQube.RuleRunner.exe output xml,
    • the SonarQube server will have to be re-started.
  • NDepend rules IDs in the SonarQube server are infered from the NDepend Rule names, hence each time you'll change a rule name SonarQube will consider that a rule have been removed + a rule have been added.



Activate the NDepend Rules in the Sonar server

    The NDepend rules are now loaded in the SonarQube repository but not activated yet.

    To activate them, you have to:

    • log as admin in the SonarQube UI
    • go to the Rules tab
    • choose the NDepend C# repository

    • and activate these rules in the profile you want by clicking on Bulk Change -> Activate In




Run MSBuild Sonar-Runner

Here is the SonarQube documentation concerning runnig MSBuild Sonar-Runner from the command line argument.

Make sure to add the path to the NDepend project file (.ndproj extension) this way:

SonarQube.Scanner.MSBuild.exe begin /key:{SonarQube project key} /name:{SQ project name} /version:{SQ project version}  /d:sonar.cs.ndepend.projectPath={the path of ndproj}
IMPORTANT:
  • Make sure that all your assemblies analyzed by NDepend PDB files are available at analysis time, because without PDB, NDepend rules issues won't have source file declaration available.
  • For this reason, if a single PDB file is missing, the executable NDepend.SonarQube.RuleRunner.exe, invoked through sonar-runner.bat, will fail. In such situation no NDepend rule issues will be shown in the Sonar UI. NDepend.SonarQube.RuleRunner.exe exit-code will be 1 (while 0 means success) and an explicit message will be shown on the console (but not in the SonarQube UI).
  • Related link: Understanding NDepend Analysis Inputs
  • Notice that if your code is not commited under an SCM, make sure to disable the run of SCM blame, else MSBuild Sonar-Runner will fail. http://docs.sonarqube.org/display/SONAR/SCM+support

What if I run Sonar on a Linux machine and NDepend on a Windows machine?
  • The Sonar scanner on Windows will take care of starting NDepend.SonarQube.RuleRunner.exe.
  • Hence the path to NDepend.SonarQube.RuleRunner.exe you provide is the absolute path in the windows machine where the sonar msbuild scanner is executed.

By default the NDepend analysis is executed by the ndepend sonar plugin. However you can launch the analysis before the sonar execution using the RulesRunner.exe command...

SonarQube\NDepend.SonarQube.RuleRunner.exe C:\work\project.ndproj C:\work\ndepend-report.xml

...and give the result file to the sonar plugin using the sonar.cs.ndepend.reportPath variable

/d:sonar.cs.ndepend.reportPath=C:\work\ndepend-report.xml  

In this case the sonar plugin will use the result file and will not launch the ndepend analysis.
This possibility could be used for the MultiModule sonar projects where the NDepend analysis could be executed many times for each module. Executing NDepend once you will gain in performance.

REMARKS:
  • According to the SonarQube documentation: "MSBuild SonarQube Runner is the only official way to launch a SonarQube analysis on .NET projects."



Browse NDepend Rules Issues in the SonarQube UI

    NDepend Rules Issues are now reported as any issues in the SonarQube UI.

    You can browse it, go to source code declaration (in the UI), assign it, change its status...