How to Enable Scanning PLSQL Scan in SonarQube

  

How to Enable Scanning PLSQL Scan in SonarQube

 PL/SQL stands for “Procedural Language extensions to the Structured Query Language”. SQL is a popular language for both querying and updating data in the relational database management systems (RDBMS). PL/SQL adds many procedural constructs to SQL language to overcome some limitations of SQL. Besides, PL/SQL provides a more comprehensive programming language solution for building mission-critical applications on Oracle Databases.

PL/SQL is a highly structured and readable language. Its constructs express the intent of the code clearly. Also, PL/SQL is a straightforward language to learn.

PL/SQL is a standard and portable language for Oracle Database development. If you develop a program that executes on an Oracle Database, you can quickly move it to another compatible Oracle Database without any changes.

PL/SQL is an embedded language. PL/SQL only can execute in an Oracle Database. It was not designed to use as a standalone language like Java, C#, and C++. In other words, you cannot develop a PL/SQL program that runs on a system that does not have an Oracle Database.

PL/SQL is a high-performance and highly integrated database language. Besides PL/SQL, you can use other programming languages such as Java, C#, and C++. However, it is easier to write efficient code in PL/SQL than other programming languages when it comes to interacting with the Oracle Database. In particular, you can use PL/SQL specific constructs like the FORALL statement that helps improve database performance.

PL/SQL architecture

The following picture illustrates the PL/SQL architecture:

If you would like to enable scanning for PL/SQL files in SonarQube, there are both commercial and open source plug-ins available. Lets see how to enable open source plug-in for SonarQube. Useful information is below:

https://github.com/felipebz/sonar-plsql

Pre-requisites:
SonarQube is already set up and running.

Steps: (Execute this step on SonarQube instance)

1. navigate to ${Sonar_Home}/extensions/plugins folder where you installed SonarQube:
cd /opt/sonarqube/extensions/plugins
2. Download the plsql opensource plug-in from the above websites by executing below command:
sudo wget https://github.com/felipebz/sonar-plsql/releases/download/2.0.0/sonar-plsql-open-plugin-2.0.0.jar
3. Stop the Sonarqube scanner.
sudo systemctl stop sonar
4. Start the Sonarqube scanner.
 sudo systemctl start sonar
5. Make sure Sonarqube is up and running

sudo systemctl status sonar

once started, you should see below message

sonar.service - SonarQube service

   Loaded: loaded (/etc/systemd/system/sonar.service; enabled; vendor preset: e

   Active: active (running) since Thu 2020-09-10 19:48:54 UTC; 21s ago

  Process: 5644 ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop (code=ex

  Process: 5786 ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start (code=

 Main PID: 5843 (wrapper)

    Tasks: 138 (limit: 4686)

   CGroup: /system.slice/sonar.service

           ├─5843 /opt/sonarqube/bin/linux-x86-64/./wrapper /opt/sonarqube/bin/

           ├─5850 java -Dsonar.wrapped=true -Djava.awt.headless=true -Xms8m -Xm

           ├─5879 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Djava.awt.hea

           ├─5931 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Djava.awt.hea

           └─5985 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Djava.awt.hea

Sep 10 19:48:53 ip-172-31-37-172 systemd[1]: Starting SonarQube service...

Sep 10 19:48:54 ip-172-31-37-172 sonar.sh[5786]: Starting SonarQube...

Sep 10 19:48:54 ip-172-31-37-172 sonar.sh[5786]: Started SonarQube.

Sep 10 19:48:54 ip-172-31-37-172 systemd[1]: Started SonarQube service.

6. If you don't see server is not starting, you might want to check the logs by executing:
cat /opt/sonarqube/logs/web.log 
7. Now login to SonarQube, Navigate to Rules section, you should see PL/SQL rules added.