© 2008-2017, SonarSource S.A, Switzerland.
Except where otherwise noted, content in this space is licensed under a
Creative Commons Attribution-NonCommercial 3.0 United States License.

SONARQUBE is a trademark of SonarSource SA.
All other trademarks and copyrights are the property of their respective owners.

Description

Enables the powerful SonarJS analyzer.

Prerequisites

• Node.js >=6

First Analysis of a JavaScript Project

1. Install SonarQube Server (see Setup and Upgrade for more details)
2. Install SonarQube Scanner and be sure your can call sonar-scanner from the directory where you have your source code
3. Install SonarJS (see Installing a Plugin for more details)

4. Run your analysis with the SonarQube Scanner by executing the following command from the root directory of the project:

   sonar-scanner -Dsonar.projectKey=xxx -Dsonar.sources=.

5. Follow the link provided at the end of the analysis to browse your project's quality in SonarQube UI

Further Analyses

Assuming steps 1-3 above have already been completed, you'll want to encapsulate your analysis parameters in a sonar-project.properties file at the root of your project (see a sample project on GitHub: https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner). Then subsequent analyses can simply be run with:

sonar-scanner

Configuring Quality Profiles

SonarJS provides 2 Quality Profiles out of the box: "Sonar way" (default) and "Sonar way Recommended".

"Sonar way" Profile

The "Sonar way" Quality Profile is activated by default. It defines a trimmed list of high-value/low-noise rules useful in almost any JS development context. You can check out the list of rules belonging to "Sonar way" on SonarCloud.

"Sonar way Recommended" Profile SINCE 3.0

"Sonar way Recommended" contains all rules from "Sonar way" (bugs and pitfall detection), plus more rules that mandate high code readability and long-term project evolution. You can check out the list of rules belonging to "Sonar way Recommended" on SonarCloud.

Above Predefined Rule Profiles

By using SonarQube UI you can create your own Quality Profiles and activate even more rules which are valuable in your development context. We recommend that you look at the following rules, which are highly valuable but whose activation depends on your environment and coding principles or which require some configuration.

• "Non-existent properties should not be read" S3759 (should be activated if you don't use monkey patching)
• "Non-existent variables should not be referenced" S3827 (requires configuration)
  
• "Objects should not be created to be dropped immediately without being used" ConstructorFunctionsForSideEffects (activate, if you agree that constructors should not have side effects)
• "Variables should be declared with "let" or "const"" S3504. Activate, if you use ES2015. Find more rules with tag "es2015".
• "Variables should be defined in the blocks where they are used" S2392 (forces you to declare variables in the most narrow scope)
• "Variables should not be shadowed" VariableShadowing (forces you to not shadow variables declared in outer scope)

Advanced Usage

With SonarJS, you can also:

• import Coverage Results
• import ESLint issues reports
• use Grunt to run your analysis
• create your own Custom Rules BETA

Advanced Configuration