cargo-sonar
cargo-sonar help you to use the tools of the Rust community and report the information to Sonarcloud (or Sonarqube).
You can even set it up in a Continuous Integration so this report is automatically forwarded to Sonar.
Table of contents
Installation
From source
git clone https://gitlab.com/woshilapin/cargo-sonar
cd cargo-sonar
cargo install --path .
cargo sonar --help
From crates.io
cargo install cargo-sonar
cargo sonar --help
From Docker/Podman
export CONTAINER_ENGINE=docker # or CONTAINER_ENGINE=podman
${CONTAINER_ENGINE} pull docker.io/woshilapin/cargo-sonar
${CONTAINER_ENGINE} run docker.io/woshilapin/cargo-sonar --help
Use
cargo-sonar is only a tool to convert reports from other tools into Sonar compatible report (see Supported tools).
Once the Sonar report is generated, it can be sent to sonarcloud.io or any SonarQube instance with sonar-scanner.
First generate a report from any supported tool, for example clippy.
cargo clippy --message-format > my-clippy-report.json
Then convert this report.
cargo sonar --clippy --clippy-path my-clippy-report.json
This creates a file sonar.json.
You can now configure sonar-scanner with sonar.externalIssuesReportPaths=sonar.json in your sonar-project.properties file.
Supported tools
cargo-clippy
cargo clippy --message-format=json -- --warn clippy::pedantic > clippy.json
cargo-audit
cargo audit --json > audit.json
Examples
The best example out there at the moment is the project cargo-sonar itself.
In the CI, you can see the generation of the clippy report and the audit report.
Then, cargo sonar is executed followed by sonar-scanner with the sonar-project.properties configuration file.
The final result can be seen on sonarcloud.io.
Todo list
- add
cargo-denyparsing - add
cargo-outdatedparsing - add
cargo-geigerparsing - create a Github Action (see Docker Github Action)