Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

How to Analyze Powershell code using Sonarqube?

SonarQube do not support Powershell language at present to analyze a Powershell code. There is no SonarQube PowerShell Plugin available as of now.

Please refer – https://www.sonarqube.org/features/multi-languages/

Alternative method is PSScriptSAnalyzer.

What is PSScriptSAnalyzer?
PSScriptAnalyzer is a static code checker for PowerShell modules and scripts. PSScriptAnalyzer checks the quality of PowerShell code by running a set of rules.

Please refer thishttps://docs.microsoft.com/en-us/powershell/utility-modules/psscriptanalyzer/overview?view=ps-modules

Can we integrate PSScriptSAnalyzer in SonarQube?

Yes. SonarQube plugins is a best way to integrate externals tools and functionality.
Refer – https://www.sonarplugins.com/ But i could not find any officual plugins for this. Later, based on more searches, i found 2 plugins which has been developed by community for the same integration.

  • Plugin #1- https://github.com/gretard/sonar-ps-plugin
  • Plugin #2- https://github.com/jairbubbles/sonar-powershell

Plugin #1 seems to be latest and updated code which we must try and see the integration.Plugin #1 is using PSScriptSAnalyzer only as a scan engine. Plugin #2 is writtern in 2016 and i feel that this has been obselete and need to be re-written.

Intro of sonar-ps-plugin

  • Reporting of issues found by PSScriptAnalyzer
  • Cyclomatic and cognitive complexity metrics (since version 0.3.0)
  • Reporting number of lines of code and comment lines metrics (since version 0.3.2)
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x