'how to link Spring boot Rest API unit test, integration test, owasp dependency check coverage to sonarqube
I have a new springboot rest api and i want unit test coverage of the api, integration test to reflect in sonarqube. I created a project from spring initalizer. How to proceed further
Solution 1:[1]
- First in your springboot pom file add jacoco plugin to generate unit test reports
<properties>
<java.version>11</java.version>
<spring-boot.version>2.5.6</spring-boot.version>
<dependency-check-maven.version>7.1.0</dependency-check-maven.version>
<jacoco-maven-plugin>0.8.7</jacoco-maven-plugin>
<sonar.exclusions>
**/*Application.*,
**/config/*.java,
**/model/*,
**/*exception/*,
**/*Test.*,**/*IT.*
</sonar.exclusions>
<sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
<sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
<sonar.jacoco.reportPath>${project.basedir}/../target/jacoco.exec</sonar.jacoco.reportPath>
<!-- from difference source
<coverage.exclusions.default>src/test/**,**/*Application.*,**/BackendApplication.java</coverage.exclusions.default>
<!-- Start with a ',' in case of overriding the empty additional coverage exclusions -->
<coverage.exclusions.additional>**/config/*.java</coverage.exclusions.additional>
<sonar.sourceEncoding>${project.build.sourceEncoding}</sonar.sourceEncoding>
<sonar.junit.reportPaths>target/surefire-reports</sonar.junit.reportPaths>
<sonar.coverage.exclusions>${coverage.exclusions.default}${coverage.exclusions.additional}</sonar.coverage.exclusions>
<sonar.coverage.jacoco.xmlReportPaths>target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
<sonar.dependencyCheck.htmlReportPath>target/dependency-check-report.html</sonar.dependencyCheck.htmlReportPath>
<sonar.dependencyCheck.jsonReportPath>target/dependency-check-report.json</sonar.dependencyCheck.jsonReportPath>
<sonar.dependencyCheck.securityHotspot>true</sonar.dependencyCheck.securityHotspot>
-->
</properties>
<build>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco-plugin.version}</version>
<configuration>
<excludes>
<exclude>**/*Application.*</exclude>
<exclude>**/config/*</exclude>
<exclude>**/model/*</exclude>
<exclude>**/*exception/*</exclude>
</excludes>
</configuration>
<executions>
<execution>
<id>default-prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<phase>test</phase>
<goals>
<goal>report</goal>
</goals>
</execution>
<execution>
<id>pre-integration-test</id>
<phase>pre-integration-test</phase>
<goals>
<goal>prepare-agent-integration</goal>
</goals>
<configuration>
<propertyName>failsafeArgLine</propertyName>
</configuration>
</execution>
<execution>
<id>post-integration-test</id>
<phase>post-integration-test</phase>
<goals>
<goal>report</goal>
</goals>
<configuration>
<outputDirectory>${project.build.directory}/site/jacoco-it</outputDirectory>
</configuration>
</execution>
<execution>
<id>merge-unit-and-integration</id>
<phase>post-integration-test</phase>
<goals>
<goal>merge</goal>
</goals>
<configuration>
<fileSets>
<fileSet>
<directory>${project.build.directory}</directory>
<includes>
<include>*.exec</include>
</includes>
</fileSet>
</fileSets>
<destFile>${project.build.directory}/jacoco-merged.exec</destFile>
</configuration>
</execution>
<execution>
<id>create-merged-report</id>
<phase>post-integration-test</phase>
<goals>
<goal>report</goal>
</goals>
<configuration>
<dataFile>${project.build.directory}/jacoco-merged.exec</dataFile>
<outputDirectory>${project.reporting.outputDirectory}/jacoco-merged</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${dependency-check-maven.version}</version>
<configuration>
<formats>
<format>html</format>
<format>json</format>
</formats>
<skipProvidedScope>false</skipProvidedScope>
<skipRuntimeScope>false</skipRuntimeScope>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</build>
- Next create a project in sonarqube for your api. And execute the following commands from your project terminal from your computer.
mvn sonar:sonar \
-Dsonar.projectKey=project name in sonar \
-Dsonar.host.url=https://sonar.domain.com \
-Dsonar.login=73ddeb4f164634038ce6c021d33a23d48(token generated in sonar website)
-Dsonar.java.binaries=target/classes
- Using the above maven jacoco plugin sonarqube reads the results from target and publishes the results https://docs.sonarqube.org/latest/analysis/coverage/#:~:text=Test%20coverage%20reports%20and%20test,been%20run%20and%20their%20results.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 |