A plugin to enable analysis of Swift and Objective-C code quality and security.
Let us know if you want to get involved.
The plugin is designed to support Swift 5 syntax.
Feature | Tool(s) | Availability |
---|---|---|
Tests | Xcode | Swift, Objective-C |
Coverage | Xcode | Swift, Objective-C |
Complexity | SonarQube | Swift, Objective-C |
Dead code | Periphery | Swift |
Size | SonarQube | Swift, Objective-C |
Syntax highlighting | SonarQube | Swift, Objective-C |
Issues | SwiftLint, OCLint | Swift, Objective-C |
Security | mobsfscan | Swift, Objective-C |
SonarQube 9.9+ is required.
- Download the plugin binary into the
$SONARQUBE_HOME/extensions/plugins
directory. - Restart the server.
- Activate the rules in your Quality Profiles.
Xcode 13+ and SonarScanner are required. The following tools are optional:
Create a sonar-project.properties
file at the root with this content:
# Project identification
sonar.projectKey=ios_app
sonar.projectName=iOS App
sonar.projectVersion=1.0
# Source code location.
# Path is relative to the sonar-project.properties file. Defaults to .
# Use commas to specify more than one folder.
sonar.sources=iOSApp
# Tests source code location.
# Path is relative to the sonar-project.properties file. Defaults to empty.
# Use commas to specify more than one folder.
sonar.tests=iOSAppTests
## Coverage & Tests ##
# Path to the Xcode result bundle file.
# The path is relative to the project base directory.
# Defaults to build/result.xcresult
#sonar.apple.resultBundlePath=custom/path/to/file.xcresult
## Periphery ##
# Index Store folder path.
# This matches the parameter "-derivedDataPath" in xcodebuild (see below).
# Warning: starting Xcode 14 the folder "Index" is renamed "Index.noindex".
sonar.apple.periphery.indexStorePath=derivedData/Index/DataStore
## OCLint ##
# Path to the JSON Compilation Database folder
# The path is relative to the project base directory.
# Defaults to build/json_compilation_database
# sonar.apple.jsonCompilationDatabasePath=custom/path/to/folder
## Misc ##
# Encoding of the source code. Default is default system encoding.
sonar.sourceEncoding=UTF-8
For a complete list of available options, please refer to the SonarQube documentation.
Use the following commands from the root folder to start an analysis:
# Don't forget to add -workspace to the build command if your project is part of a workspace
# Don't forget to activate 'Gather coverage' option in the app scheme or add '-enableCodeCoverage YES' to the following command
# Run tests
xcrun xcodebuild \
-project MyApp.xcodeproj \
-scheme MyApp \
-sdk iphonesimulator \
-destination 'platform=iOS Simulator,name=iPhone 11 Pro' \
-derivedDataPath ./derivedData \
-resultBundlePath build/result.xcresult \
OTHER_CFLAGS="\$(inherited) -gen-cdb-fragment-path build/compilation_database" \
-quiet \
clean test
# Run the analysis and publish to the SonarQube server
# Don't forget to specify `sonar.host.url` and `sonar.token` in `sonar-project.properties` or supply it to the following command.
sonar-scanner
The plugin assumes the Periphery configuration is properly settled for your project, in the Periphery configuration file. The required information are the project, the schemes and the targets. You also need to provide the workspace, if you have one.
workspace: path/to/workspace.xcworkspace # optional
project: path/to/project.xcodeproj
schemes:
- MyScheme
targets:
- MyTarget
On macOS, the system will block usage of OCLint. In order to get rid of the manual verification of each of them, use the following commands:
sudo xattr -dr com.apple.quarantine /usr/local/lib/oclint/rules/lib*
sudo xattr -dr com.apple.quarantine /usr/local/lib/oclint/reporters/lib*
If you have trouble running the Sonar Scanner, you can run it in verbose mode, to get more logs and information. You can either:
- add
sonar.verbose=true
to yoursonar-project.properties
- add the option
X
to the command, like so:sonar-scanner -X ...
Any help is welcome, and PRs will be greatly appreciated!
Have a look at the developer guide to get started.
This plugin is released under the GNU LGPL v3 license. See the LICENSE file for more information.