sonar.cxx.cppcheck.reportPaths

Overview

Sensor to read reports from the Cppckeck tool. Cppcheck is an analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools, it doesn't detect syntax errors. Instead, Cppcheck detects the types of errors and code smells that are normally not detected by compilers.

Note: The plugin itself does not run the tool, you have to do that yourself beforehand. The sensor only reads the report generated by the tool!

Supported versions

Link to the tool page: http://cppcheck.sourceforge.net/
The sensor supports rules from Cppcheck with version 2.2.
The report must be generated with XML file version 2 (--xml-version=2).

Create report

In order to run Cppcheck and generate a fitting report, make sure:

to call it from the projects root directory, so that the paths in the report fit
to pass all include directories (using -I <path>) as otherwise the analysis will be incomplete
that the parameter matches the sonar.sources list in sonar-project.properties
to create a XML-report using the parameter --xml-version=2 for version 2
to get the report from the standard error channel

A Cppcheck run may take a while on a big code base. To cut down analysis times, check the following options:

use -j N option to run N workers in parallel
use only checks you're interested in via the option --enable=<check>
restrict checking of preprocessor configurations using the options -D -U
start with project include folders (-I) without system include folders. System include folders and include folders of big libraries like Boost, XERXES, ... make Cppcheck run much slower.

Sample command lines:

cppcheck --xml-version=2 file1.cpp 2> report.xml
cppcheck -v --enable=all --xml -I[include directory] [sources] 2> report.xml

Example of a report file

If the tool was executed successfully, a report like the example below should be generated:

<?xml version="1.0" encoding="UTF-8"?>
<results version="2">
    <cppcheck version="2.20">
    <errors>
        <error id="someError" severity="error" msg="short error text"
            verbose="long error text" inconclusive="true">
            <location file=".\file1.cpp" line="1"/>
        </error>
    </errors>
</results>

Configure plugin

First check if the file extensions read in by the plugin are set (sonar.cxx.file.suffixes).
The rules for which you want to generate issue must be activated in the Quality Profile of your project. You can find instructions on how to do this under Manage Quality Profiles.
Set the analysis parameter sonar.cxx.cppcheck.reportPaths in the configuration file sonar-project.properties of your project.
Execute the SonarScanner to transfer the project with the report to the SonarQube server.

Sample for sonar-project.properties:

sonar.cxx.cppcheck.reportPaths=cppcheck.xml

Troubleshooting

If scanning is failing, check items listed under Troubleshooting Configuration.
If no issues are displayed for your source code in SonarQube, check the items listed under Troubleshooting Reports.
In the case of incomplete scans, Detect and fix parsing errors gives advice on how to fix this.

Wiki Home Issue Tracker Releases Contributors License

sonar.cxx.cppcheck.reportPaths

Overview

Supported versions

Create report

Example of a report file

Configure plugin

Troubleshooting

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!