SonarQube 5.3 in Screenshots

by g. ann campbell|

    The team is proud to announce the release of 5.3, another paradigm-shifting version, with the addition of significant new features, and the return of popular functionality that didn't make it in to 5.2:

    • New Project Space which puts the focus on the Quality Gate and the Leak Period
    • User tokens for authenticated analysis without passwords
    • New web services to facilitate a build breaker strategy
    • Cross-project duplication is back!

    New Project Space which puts the focus on the Quality Gate and the Leak Period

    The most striking change in this version is the replacement of the default project dashboard with a new, fixed Project space highlighting the top four data domains: technical debt, coverage, duplications, and structure (which includes both size and complexity):

    Because managing technical debt introduced during the Leak Period is so crucial, this streamlined, new project home page keeps the leak period (first differential period, which is now overridable at the project level), in the forefront. Both current and differential values are shown both textually and graphically:

    Each of the four domains offers a detailed sub-page, available either through the "more" links on the Project Space or the relevant project menu items:

    Technical Debt:




    Each domain page offers the same combination of current values (in blue, with clickthroughs) and leak period changes (yellow background) found on the main page, along with detailed numeric and graphical presentations designed to help you quickly zero-in on the worst offenders in your projects.

    SonarSource feels so strongly about the value of the new Project Space and the domain pages that none of them are configurable. But your old dashboards are still available under the "Dashboards" menu item.

    User tokens for authenticated analysis without passwords

    In version 5.2, we cut the last ties between analysis and the database. Now an analysis report is submitted to the server and all database updates take place server-side. In 5.3 we take the next step down the road of enhanced analysis security with the introduction of authentication tokens.

    Now an administrator can create authentication tokens for any user.

    Tokens may be used in for analysis and with web services. Simply pass the token as the login, and leave the password blank.

    The list of user token names (but not values!) is easily visible, and existing tokens can be revoked at any time:

    Users can't generate their own tokens yet, but that's coming soon.

    New web services to facilitate a build breaker strategy

    In the implementation of a Continuous Inspection strategy, many people use Continuous Integration servers, such as Jenkins, to execute their SonarQube scans, and want to show as broken a run that includes new code that breaks fails the Quality Gate. Because of time constraints, the old hooks for that were removed in 5.2 and not replaced. In 5.3. we made it a priority to close this gap, so the functionality is now available to allow you to implement a build breaker strategy.

    When the client-side scanner is done, it writes out a data file with the URL to call for the server-side processing status

    Once the processing is successful,

    you can use the analysis id to get the quality gate status

    Cross-project duplication is back!

    Also under the heading of returning favorites is cross-project duplication. The changes in 5.2 required serious API updates. In turn a rewrite of cross-project duplication detection was required - another priority in 5.3

    Notably, 5.3 only provides cross-project duplication detection, not the detection of duplications across modules within a project, which is planned for 5.4.

    That's All, Folks!

    Time now to download the new version and try it out. But don’t forget to read the installation or upgrade guide first!