Merge remote-tracking branch 'gitlab/sonar17'

Author: bd-smlin

README.md

@@ -1,55 +1,50 @@
-Coverity Sonar Plugin
-=====================
+# Coverity® Sonar Plugin
 
-The Coverity Sonar Plugin automatically import issues from Coverity Connect into SonarQube.
+The Coverity Sonar Plug-in automatically imports issues from Coverity Connect into SonarQube.
 
-![Coverity Scan Build Status](https://scan.coverity.com/projects/13562/badge.svg "Coverity Scan Build Status")
+**Current Version**: 1.7.5
 
-Coverity® Sonar Plug-in Installation and Configuration Guide
-============================================================
+![Coverity Scan Build Status](https://scan.coverity.com/projects/13562/badge.svg "Coverity Scan Build Status")
 
-Version 1.7.4
+# Coverity Sonar Plug-in Installation and Configuration Guide
 
 This guide is intended to assist you with the installation and
 configuration of the Coverity Sonar plug-in. Once completed, you will be
 able to view Coverity Analysis issues within the SonarQube environment.
 
-Compatibility
-=============
+## Compatibility Matrix
+-----------------------
 
 The table below displays the software versions supported by the Coverity
 Sonar plug-in.
 
 | **Software**     | **Supported versions** |
 |------------------|------------------------|
-| SonarQube        | 6.7.5 - 7.9.1          |
+| SonarQube        | 7.9.1 - 8.9            |
 | SonarQube Scanner| 3.0 - 4.0              |
 | Coverity Connect | 8.0+                   |
 
-Installing the Coverity Sonar Plug-in
-=====================================
+## Installing the Coverity Sonar Plug-in
+----------------------------------------
 
 To install the Coverity Sonar plug-in, complete the following steps.
 
-1.  Ensure that you have SonarQube(v6.7.5 ~ v7.9.1) and SonarQube Scanner(v3.0 ~ v4.0) installed.
-    Sonar installation and setup instructions are located at
+1.  Ensure that you have a supported version of SonarQube and SonarQube Scanner installed.
+    <br>Sonar installation and setup instructions are located at 
     <http://docs.sonarqube.org/display/SONAR/Setup+and+Upgrade>.
 
 2.  Download and unzip the Coverity Sonar plug-in to the Sonar plugins
-    folder:
-
-    &lt;SonarInstallDirectory&gt;/extensions/plugins
+    folder: &lt;SonarInstallDirectory&gt;/extensions/plugins
 
 3.  Restart SonarQube.
 
 Note: After upgrading SonarQube, reset the quality profile for the languages which use Coverity
 (in **Quality Profiles**, select **Restore Built-in Profiles**, and select the language.)
 
-Configuring the Coverity Sonar Plug-in
-======================================
+## Configuring the Coverity Sonar Plug-in
+-----------------------------------------
 
-Once installed, you must configure the Coverity Sonar plug-in for
-general use.
+Once installed, you must configure the Coverity Sonar plug-in for general use.
 
 1.  Log in to SonarQube as an administrator.
 
@@ -66,8 +61,8 @@ general use.
 6.  Click **Save Coverity Settings** to complete the
     basic configuration.
 
-Configuring your Project Settings
-=================================
+## Configuring your Project Settings
+------------------------------------
 
 After configuring the general plug-in settings, you must select the
 correct Coverity Connect project to associate with each of your Sonar
@@ -100,8 +95,8 @@ whenever you run SonarQube Scanner on the specified project. This
 configuration must be completed for each project you wish to link with
 Coverity Connect.
 
-Setting Up sonar-project.properties
-===================================
+## Setting Up sonar-project.properties
+--------------------------------------
 
 For the plug-in to successfully display Coverity defects, the correct
 source paths must be entered in the sonar-project.properties file at the
@@ -157,12 +152,12 @@ See below for a complete example sonar-project.properties file.
 >
 > \# sonar.coverity.prefix=MyOptionalPrefix
 
-*Note*: When using the Coverity plug-in, use the language key "cov-cpp" instead of "c", "c++", or "cpp". This language key prevents conflicts with non_Coverity plug-ins.
+*Note*: When using the Coverity plug-in, use the language key "cov-cpp" instead of "c", "c++", or "cpp". This language key prevents conflicts with non-Coverity plug-ins.
 
 To specify the language key: 
--   Add "sonar.language=cov-cpp" (or another preferred language) to the properties file.
--   in **Administration &gt; Coverity &gt; Languages**, configure "C/C++ source files suffixes" appropriately.
--   Configure the source file suffixes for the other language plug-ins to avoid conflicts.
+-   In **Administration &gt; Coverity &gt; Languages**, configure "C/C++ source files suffixes" appropriately.
+-   Make sure that **Administration &gt; Configuration &gt; Languages** and your project level settings (**Project Settings &gt; General Settings &gt; Languages**) don't contain the suffixes that you configured above to avoid conflicts. For example, if your Coverity language configuration includes <code>\*\*./\*.cpp </code>, make sure to remove <code>\*\*./\*.cpp </code> everywhere else.
+-   See https://community.sonarsource.com/t/language-of-file-dal-db2-vb-can-not-be-decided-as-the-file-matches-patterns-of-2-languages/21998 and https://community.sonarsource.com/t/language-of-file-can-not-be-decided-as-the-file-matches-patterns/16246 to see example conflicts.
 
 *Note*: The "sonar.coverity.prefix" property is used to help locate files when anlyzing with the sonar scanner. The prefix value will be removed from the "File path" value on the Coverity Connect issue.
 -   the value must match exactly, if having trouble finding the source files look at the Coverity Connect issues "File" column 
@@ -174,8 +169,7 @@ To specify the language key:
 -	If **sonar.coverity.stream** is not configured, then the plugin will use **sonar.coverity.project** to fetch defects from.
 
 
-The Coverity Widget
-===================
+# The Coverity Widget
 
 The Coverity plug-in includes a Coverity widget that displays
 Coverity-specific measures. The Coverity widget is available with SonarQube versions before version 6.2.
@@ -192,17 +186,15 @@ Coverity-specific measures. The Coverity widget is available with SonarQube vers
 -   The Coverity widget can be added to the Dashboard by two different routes: as Admin,
 go to **Dashboards &gt; Manage dashboards**, or in a Project, go to **Dashboard** and add it there. 
 
-Sonar Scanner with SSL
-===================
+# Sonar Scanner with SSL
 
 Coverity SonarQube Plugin provides a connection to Coverity Connect through SSL. The certificates should be imported to the java key chain where Sonar Scanner is running from. 
 
 Sonar Scanner provides its own jre bundle as part of Sonar Scanner. This means that if a user installed java locally, the certificates need to be imported to the jre which is bundled with Sonar Scanner. 
 
 keytool -importcert -keystore <PATH_TO_SONAR_SCANNER>/jre/lib/security/cacerts -storepass changeit -file <CERT_FILE> -alias <ALIAS>
 
-Limitations
-===========
+# Limitations
 
 The Coverity Sonar plug-in has the following limitations, which may be
 addressed in future releases.
@@ -237,17 +229,20 @@ addressed in future releases.
 -   There are no immediate plans for localization to languages other
     than English.
 
-Support
-=======
-If you have any questions or issues with the Coverity plugin, contact <[email protected]>
+# Support
+
+If you have questions or issues with the Coverity plugin, please contact <[email protected]>
 
-Changelog
-=========
+# Changelog
 
+* __1.7.5__
+  * Fixed crash on start up of plug-in (SQP-156)
+  * Updated minimum supported version of SonarQube to 7.9.1 (SQP-141)
+  * Added support for SonarQube 8.* (SQP-148)
 * __1.7.4__
   * Fixed an issue where C/C++ doesn't show up under 'languages' filter in the Projects page. (SQP-134)
   * Fixed an issue where lines of code not reporting consistently for c/c++ in SonarQube. (SQP-135)
-* Enhancement Request - addition of Coverity c/c++ rules into SonarQube plugin (SQP-133)
+  * Enhancement Request - addition of Coverity c/c++ rules into SonarQube plugin (SQP-133)
 * __1.7.3__
   * Fixed an issue where C/C++ project is displayed as an empty project in the SonarQube after running Coverity SonarQube plugin. (SQP-144)
   * "sonar.coverity.cov-cpp.suffixes" property is declared as multi-value property. (SQP-136)

pom.xml

@@ -5,15 +5,15 @@
 	<groupId>org.sonar.plugins.coverity</groupId>
 	<artifactId>coverity-sonar-plugin</artifactId>
 	<packaging>sonar-plugin</packaging>
-	<version>1.7.4</version>
+	<version>1.7.5</version>
 
 	<name>Coverity</name>
 	<description>Imports Coverity defects into SonarQube</description>
 	<url>https://github.com/coverity/coverity-sonar-plugin</url>
 	<inceptionYear>2014</inceptionYear>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<sonar.version>6.7.5</sonar.version>
+		<sonar.version>7.9.6</sonar.version>
 		<jdk.min.version>1.8</jdk.min.version>
 		<cim.url></cim.url>
 		<ws.version>v9</ws.version>
@@ -28,7 +28,7 @@
 
 	<organization>
 		<name>Synopsys, Inc.</name>
-		<url>http://www.coverity.com</url>
+		<url>https://www.synopsys.com/</url>
 	</organization>
 
 	<developers>
@@ -37,11 +37,6 @@
 			<name>Andrew Cho</name>
 			<email>[email protected]</email>
 		</developer>
-		<developer>
-			<id>jbriggs</id>
-			<name>Joel Briggs</name>
-			<email>[email protected]</email>
-		</developer>
 		<developer>
 			<id>shami</id>
 			<name>Shami Willms</name>
@@ -162,7 +157,13 @@
 			<artifactId>jaxws-api</artifactId>
 			<version>2.3.1</version>
 		</dependency>
-    </dependencies>
+		<dependency>
+			<groupId>org.codehaus.staxmate</groupId>
+			<artifactId>staxmate</artifactId>
+			<version>2.0.1</version>
+		</dependency>
+
+	</dependencies>
 
 	<build>
 		<plugins>
@@ -393,11 +394,36 @@
 
 	</profiles>
 
+	<pluginRepositories>
+		<pluginRepository>
+			<id>central</id>
+			<name>Central Repository</name>
+			<url>https://repo.maven.apache.org/maven2</url>
+			<layout>default</layout>
+			<snapshots>
+				<enabled>false</enabled>
+			</snapshots>
+			<releases>
+				<updatePolicy>never</updatePolicy>
+			</releases>
+		</pluginRepository>
+	</pluginRepositories>
+
 	<repositories>
-        <repository>
-            <id>sonar-plugin-local</id>
-            <name>sonar-plugin-local</name>
-            <url>http://artifactory.internal.synopsys.com:8081/artifactory/simple/sonar-plugin-local</url>
-        </repository>
+		<repository>
+			<id>central</id>
+			<name>Central Repository</name>
+			<url>https://repo.maven.apache.org/maven2</url>
+			<layout>default</layout>
+			<snapshots>
+				<enabled>false</enabled>
+			</snapshots>
+		</repository>
+		<repository>
+			<id>sonar-plugin-local</id>
+			<name>sonar-plugin-local</name>
+			<url>http://artifactory.internal.synopsys.com:8081/artifactory/simple/sonar-plugin-local</url>
+		</repository>
 	</repositories>
+
 </project>

src/license/coverity_license/header.txt

@@ -1,6 +1,6 @@
 /*
  * Coverity Sonar Plugin
- * Copyright (c) 2017 Synopsys, Inc
+ * Copyright (c) 2021 Synopsys, Inc
  * [email protected]
  *
  * All rights reserved. This program and the accompanying materials are made

src/main/java/org/sonar/plugins/coverity/CoverityPlugin.java

@@ -1,6 +1,6 @@
 /*
  * Coverity Sonar Plugin
- * Copyright (c) 2020 Synopsys, Inc
+ * Copyright (c) 2021 Synopsys, Inc
  * [email protected]
  *
  * All rights reserved. This program and the accompanying materials are made
@@ -20,7 +20,6 @@
 import org.sonar.plugins.coverity.batch.CoveritySensor;
 import org.sonar.plugins.coverity.server.CoverityProfiles;
 import org.sonar.plugins.coverity.server.CoverityRules;
-import org.sonar.plugins.coverity.ui.CoverityWidget;
 import org.sonar.plugins.coverity.server.CppLanguage;
 import org.sonar.plugins.coverity.ws.CIMClientFactory;
 
@@ -152,9 +151,6 @@ private List getExtensions() {
                 CoverityProfiles.class,
                 CppLanguage.class,
 
-                //UI
-                CoverityWidget.class,
-
                 //Base
                 CoverityPluginMetrics.class
         );

src/main/java/org/sonar/plugins/coverity/batch/CoverityScanner.java

@@ -1,6 +1,6 @@
 /*
  * Coverity Sonar Plugin
- * Copyright (c) 2020 Synopsys, Inc
+ * Copyright (c) 2021 Synopsys, Inc
  * [email protected]
  *
  * All rights reserved. This program and the accompanying materials are made

src/main/java/org/sonar/plugins/coverity/batch/CoveritySensor.java

@@ -1,6 +1,6 @@
 /*
  * Coverity Sonar Plugin
- * Copyright (c) 2020 Synopsys, Inc
+ * Copyright (c) 2021 Synopsys, Inc
  * [email protected]
  *
  * All rights reserved. This program and the accompanying materials are made

src/main/java/org/sonar/plugins/coverity/defect/CoverityDefect.java

@@ -1,6 +1,6 @@
 /*
  * Coverity Sonar Plugin
- * Copyright (c) 2020 Synopsys, Inc
+ * Copyright (c) 2021 Synopsys, Inc
  * [email protected]
  *
  * All rights reserved. This program and the accompanying materials are made

src/main/java/org/sonar/plugins/coverity/defect/CoverityDefects.java

@@ -1,6 +1,6 @@
 /*
  * Coverity Sonar Plugin
- * Copyright (c) 2020 Synopsys, Inc
+ * Copyright (c) 2021 Synopsys, Inc
  * [email protected]
  *
  * All rights reserved. This program and the accompanying materials are made

src/main/java/org/sonar/plugins/coverity/metrics/CoverityPluginMetrics.java

@@ -1,6 +1,6 @@
 /*
  * Coverity Sonar Plugin
- * Copyright (c) 2020 Synopsys, Inc
+ * Copyright (c) 2021 Synopsys, Inc
  * [email protected]
  *
  * All rights reserved. This program and the accompanying materials are made

src/main/java/org/sonar/plugins/coverity/metrics/MetricService.java

@@ -1,6 +1,6 @@
 /*
  * Coverity Sonar Plugin
- * Copyright (c) 2020 Synopsys, Inc
+ * Copyright (c) 2021 Synopsys, Inc
  * [email protected]
  *
  * All rights reserved. This program and the accompanying materials are made