3rd party tool to scan the code

[nagarjuna]

We are using the progress (Open Edge) programming language and running the CI in azure pipelines we are planning to run a scan in sonar cloud, but sonar cloud does not support by the progress language.

1. To run code analysis need 3rd part tool, can you please mention those tools
2. How to use in sonar cloud/azure pipeline please explain
3. how to convert report to the Generic Issues format in sonar cloud.

I asked CABL (Code Analyzer for ABL) tool but it's not supported by the sonar cloud

Please suggest.

 

[TomBascom]

I suggest that you use CABL. You are never going to see support for OpenEdge in SonarCloud.

 

[nagarjuna]

I am asking if there is any tool available that tool get prepares a report then we can convert that report to a generic issue format and run the Azure pipeline then that report we can see in Sonarcloud

 

[TomBascom]

Does CABL not "prepare a report"?

 

[nagarjuna]

CABL issues are pushed directly to SonarQube, you'd have to extract them using the SonarQube API. Painful, but can be done. But then, I'm almost sure that you won't be able to correctly import the files into SonarCloud due to the lack of support for OpenEdge file format.

 

[TomBascom]

So it sounds to me like you need to convince SonarCloud to support OpenEdge (good luck with that!) Or not use SonarCloud since they don’t support OpenEdge.

 

[nagarjuna]

Thanks,

Apart from CABL is there any option to use Sonarcloud for openedge language code analysis

 

[peterjudge]

But then, I'm almost sure that you won't be able to correctly import the files into SonarCloud due to the lack of support for OpenEdge file format.

I don't know the details on the CABL implementation, but why would you expect the report output - that's in SonarQube - to be in an OpenEdge format?

 

[nagarjuna]

We are using the open-edge language and all tools are cloud so our CI is Azure Pipelines and the scan is Sonarcloud. Sonar Cloud won't support OpenEdge language then how we can achieve scan Sonarcloud

Please suggest
Thanks

 

[Rob Fitzpatrick]

I don't know the details on the CABL implementation, but why would you expect the report output - that's in SonarQube - to be in an OpenEdge format?

Exactly. I think the question to be explored is whether the SonarQube analysis data can be imported into SonarCloud. I wouldn't expect it to matter which language is the target of the analysis.

According to this thread in the Sonar Community, they both use the same analysis engine, so it would be reasonable to expect some integration or at least compatibility between them. I think that forum would be the place to ask.

 

[nagarjuna]

Yes, but SonarQube is selfhosted server then we can install CABL tool (Plugin) then we can import report with use of SonarQube APIs. but this flexibility not available in sonar cloud. we have to do code ->azure devops then we can import code analysis report then convert in the azure pipeline script itself like (generic issue data) the pushed into the sonar cloud. please suggest anyone is there any option.

Thanks,

 

[Rob Fitzpatrick]

Again, this isn't an OpenEdge question.

It sounds like your problem can be summarized as follows:

• My application code is written in Language X (which happens to be OpenEdge ABL, but that shouldn't matter).
• I want to perform code analysis.
• I am planning to implement CI in Azure Pipelines and use SonarCloud for analysis.
• SonarCloud does not support Language X, however SonarQube does with a third-party plugin.
• Can I scan my code in SonarQube and import the analysis data into SonarCloud for integration with my CI process?

I think the place to explore this problem further would be the community for these platforms: https://community.sonarsource.com

Alternatively, you might want to ask Riverside Software whether their CABL plugin can be used in SonarCloud directly, which would eliminate the need to integrate with SonarQube.

 

[nagarjuna]

I got a reply from Sonarcloud.. !

Hi,

We don’t support Progress/ OpenEdge. You would need to run a 3rd-party tool before analysis, convert its report to the Generic Issues format, and feed that into analysis.

Thanks

 

[Rob Fitzpatrick]

It sounds like you didn't explain to them that the "third-party analysis" in question would be coming from SonarQube.

 

[nagarjuna]

No, there are given answer to me I am posting the sonar community

Link: Progress programming, openedge programing languages are supported by SonarCloud..!

 

[Rob Fitzpatrick]

I looked at the thread. You didn't describe what you intend to do. You didn't mention SonarQube or CABL at all.

I tried to help. I think I'm done here.

 

[TomBascom]

Sorry, there is no magic pixie dust that will add support for OpenEdge to SonarCloud. (I said as much is the first reply to this thread.)

You might as well ask when Oracle will start supporting OpenEdge.

If you want Sonar style code analysis of OpenEdge, CABL is the solution. I'm terribly sorry that CABL is not part of SonarCloud but the fact remains that it is not. There are no other solutions that we are keeping secret from you.