Hey guys, For those who followed the tutorial but couldn't run it, here's what the problem might be and how to solve it: At the moment I'm talking about (31/08/2021) there is flutter plugin version 0.3.2, and I tried using it in sonarqube 9.0, and unfortunately this sonar version has problems for this plugin. So the version that runs normally will be exactly the same as the video= Sonarqube 8.8 and flutter plugin 0.3.1 Hope it helps more people, thanks for the tutorial, it was awesome! I'm Brazilian and your English was perfectly paced and calm, I understood 100% of everything you said, thank you!

@FlutterExplained

2 жыл бұрын

Thank you for the support here, I pinned your comment so hopefully everyone who needs it gets access to it. 🙂

@ZeroOneTV97

2 жыл бұрын

@@FlutterExplained many thanks! 🙏🏻

Extremely perfect. Thank you so much!!! Still works perfectly

I'm using sonarqube for one of my microservices. I'm upgrading the code on to spinnaker and getting failed tests so this helps to understand what each thing does on the dashboard.

Thank you for this :)

Thank you for this fantastic video, 😆

@FlutterExplained

2 жыл бұрын

Glad you enjoyed it and could make good use of it!

Amazing 😍😍😍

Thanks, for such detailed guide, added it to my CI/CD flutter project. Waiting for native support for dart from sonar team.

@FlutterExplained

2 жыл бұрын

If you do not like to wait in the meantime there is also a very promising new project around a community plugin that you could check out: github.com/insideapp-oss/sonar-flutter

@user-xr9nq1sd2m

2 жыл бұрын

@@FlutterExplained yes, I use it just now, and it works pretty well, but official support will be great

Thanks!

Code coverage % is always displayed as zero. Any inputs on how to fix this?

thank you , so much

@FlutterExplained

Жыл бұрын

Always welcome

Thank you for a very informative video. From what I can see Sonarqube is getting more and more popular. I havent used it yet but I think I will start with the community edition. In the project Im workig we're using over 95 librarier for Python . Does Sonarqube check if libraries are up to date?

@FlutterExplained

3 жыл бұрын

Good question, but no I guess it will not check the dependencies :)

@alexandregigleux4484

3 жыл бұрын

Hey! I can confirm we (SonarSource) don't raise any warnings saying your dependencies are not up to date. This is called SCA and we don't provide yet such feature. For Python we have a powerful SAST engine that can find injection vulnerabilities in your code. You can try it for free at SonarCloud.io

Is it possible to integrate this with codemagic workflow ?

This is great video, but i wanna ask. Why my code smell report is 0 Code Smell? i already using same version sonarqube, sonar scanner, and plugin flutter sonar.

@FlutterExplained

2 жыл бұрын

Mhhh, it could be that you have awesome code. If we take that appart it could be that the plugin is not correctly working or that your code was not correct scanned. Are the other metrics work ok? Maybe it is a rule setting that you have to adjust.

@acinom_channel1584

2 жыл бұрын

@@FlutterExplained hi thanks for the reply. But i at my ide i got 48 code smells. When in run sonar scanner i got this error message : ERROR: org.buildobjects.process.StartupException: Could not startup process 'flutter analyze'. Can you pls help me?

Hi folks! I've already follow the tutorial and the coverage don't appear. I need another config?

Thank you for tutorial. But I have problem. I followed tutorial, when I wrote terminal in Android studio I am getting the error. Project root configuration file: NONE

I played with SonarQube some days ago, but not in production yet.

@FlutterExplained

3 жыл бұрын

Great, I use it usally in JS and Web Projects but I like the community edition at least to get an basic understanding and a visible indication :). I really hope SonarSource will support it in the future.

How can I get a similar home setup, the seat and monitors

Great video -- I also have the sonar scanner running on my flutter project on an azure pipeline. The part which isnt very clear is whether the scanner is also checking the external plugins that are used within the flutter app: for example, a camera plugin. I ran the scanner on my current work flutter project and I was a bit surprised that there were no security vulnerabilities, etc. From the web report generated by the scanner, there are many sections: duplication, size, complexity, issues, coverage, etc -- and when I click on the Overview tab within those sections, it just jumps into a code, with very little info. For example, I click on Code Smells inside of Maintainability, and how shows one particular bloc file, with New Code Smells: 0. My flutter project has over 200 files, and 100+ folders. So, it isnt small and probably has some flaws. Does all the sonarqube features require the non-community licence? I noticed that the enterprise edition provides the security reports. Any insights before I try the 14 day trial?

@Choser-nl8vi

16 күн бұрын

I've tried on Sonar Qube Enterprise Edition, with plugin version 0.5.1 and can't get security reports, does anyone know if is this a problem with the extension? or some extra configuration needs to be made?, documentation does not mention at all.

Thank you for tutorial. But I have problem. I followed tutorial, when I wrote terminal in Android studio I am getting the error. 'sonar-scanner.bat' is not recognized as an internal or external command, operable program or batch file

@FlutterExplained

3 жыл бұрын

That is a quite typical System Variable problem, did you download and unzipped the sonar-scanner.bat file? Then you will need to add it to your System Environment Variables. I explain that for windows at 8:30. I hope that helps :)

@dharmikthakkar8072

2 жыл бұрын

Set Enviroment Variable

@dorkor3729

Жыл бұрын

Hi, have You fixed Your problem? I have the same and from 3 days I'm trying to fix it.. And yes I have added it to system environment var. How did You fixed it?

I am using sonarqube in docker, now how can I follow these instructions?

how is it different from dart code metrics check, does it provide additional code quality standards, or just for a GUI interface. For me and my team its not worth it. We are always looking for most strict code quality process. Let us know how we can improve it more

@FlutterExplained

Жыл бұрын

Great question, I had no specific look for now in dart code metrics check and will have now a deeper look. I believe at the moment because it is not fully supported. But in general it is not only about the UI it also includes some deployment and task features into it. For full supported languages like Typescript / Java etc. it also offers more features like task management, if you enter your passwords or if you have malfunctioning code. Also security it gives you additional insights in security issues.

@akshaybengani

Жыл бұрын

@@FlutterExplained Ok great, thanks

Can we define our own rules to sonar? And how complex they may be?

@FlutterExplained

3 жыл бұрын

Great question, I have to admit I have never done it myself. But I checked the documentation and it looks like there are a large amount of possibilities. docs.sonarqube.org/latest/extend/adding-coding-rules/

if i add .jar file into plugin and again run this command 'C:\sonarqube\bin\windows-x86-64\StartSonar.bat' so it's return error

imho SonarQube will be relevant only if and when will support github actions

@FlutterExplained

3 жыл бұрын

Thanks for your honest opinion. I guess the Scanner is already implemented inside of GitHub Actions. I am not sure though if it works already with a failing quality gate. I will investigate a little bit :)

@alexandregigleux4484

3 жыл бұрын

This is officially supported: github.com/marketplace/actions/official-sonarqube-scan

can someone please tell me, why earphone when he is recording over a microphone !!!

@FlutterExplained

Жыл бұрын

Sure with pleasure, it is to make sure that my voice is correctly hearable and there are no interference like for example my daughter shouting in the background. Else I would be not sure if the background is silent enough. Hope that answers your question :)

will these instructions work for M1 mac?

@FlutterExplained

2 жыл бұрын

Hi Deva, for me all of them work and they worked well. Feel free to let me know your experience if you have tried it :)

Wann machst du das Viedeo?

@FlutterExplained

3 жыл бұрын

Bin dran :)

Waaaaw 😅

Hello I'm Lena.🙋‍♀️😉

@FlutterExplained

3 жыл бұрын

Welcome Lena :), ich hoffe es geht dir gut. Grüße von K.

@lenaklus4844

3 жыл бұрын

Mir geht es gut.👍👌😉😃🤣😊

@lenaklus4844

3 жыл бұрын

Und warum heißt du K?🤨🤔

@lenaklus4844

3 жыл бұрын

Denke noch an das Video 😉

Please use McaOS, thanks

: Error during SonarScanner execution org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property. Please help me to resolve the asap @ Flutter explained

@cranforddev4114

Жыл бұрын

anyone please help me

"The main branch has no lines of code." can not solve this,

Great installation tutorial. Love you direct, no-fluff approach. However, you did not talk at all about SECURITY in this video and code quality was so general and high-level that I did not get a sense of the value SonarQube gives me. Sorry, cannot give you thumbs up with this title. If you change it to SonarQube Local Installation and Top Level Code Quality Features, I would definitely give you a thumbs up. Keep in mind that when you put a title, people come with some expectations - for me that was about security and I mostly wasted my time because you did not cover it.

@FlutterExplained

Жыл бұрын

Hi George, first of all, let me apologise for your lost time and that you did not find the answer you searched for. You made great suggestions, and I will see what I can do so that no more people fall into the same trap. As an answer to your security concerns, I can tell you that probably something like snyk is better for you than a static code analyser. snyk.io/ Static Code analysers are more about shallow code security topics and should not take for a holy grail. Like do not commit passwords, there is HTTP instead of HTTPS used etc. I hope that helps you and sorry again for the inconvenience.

What happened to the SECURITY part? Sorry, thumbs down :(

Starting SonarQube... Unrecognized option: --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED Error: Could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit. Iam getting this error.please someone help @FlutterExplained