Skip to content

SCANPY-237 Add dry run mode to Pysonar scanner#301

Open
marc-jasper-sonarsource wants to merge 6 commits intomasterfrom
MJ/SCANPY-237
Open

SCANPY-237 Add dry run mode to Pysonar scanner#301
marc-jasper-sonarsource wants to merge 6 commits intomasterfrom
MJ/SCANPY-237

Conversation

@marc-jasper-sonarsource
Copy link
Contributor

@marc-jasper-sonarsource marc-jasper-sonarsource commented Mar 18, 2026

No description provided.

@sonar-review-alpha
Copy link

sonar-review-alpha bot commented Mar 18, 2026
edited
Loading

Summary

Adds dry-run mode to the Pysonar scanner, allowing users to validate configuration without connecting to a SonarQube server or submitting analysis. The feature includes configuration reporting, coverage report validation with detailed error messages, and exit codes for CI/CD integration. Enabled via --dry-run flag, property -Dsonar.scanner.dryRun=true, or environment variable SONAR_SCANNER_DRY_RUN=true.

What reviewers should know

Start by reading DRY_RUN_MODE.md to understand the user-facing feature. The implementation has three main components: (1) entry point in __main__.py:run_dry_run() checks if dry-run is enabled and exits early, (2) dry_run_reporter.py provides the core logic—DryRunReporter formats output, ValidationResult tracks errors/warnings, and CoverageReportValidator checks coverage files for existence, readability, and Cobertura XML format, (3) configuration plumbing in cli.py and properties.py adds the flag. The validation provides clear, actionable error messages (not found, not readable, invalid XML, wrong root element) which is critical for the stated use case of troubleshooting configuration. Tests in test_dry_run.py cover all validators and the integration path; also update existing configuration loader tests to expect the new property.

  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@hashicorp-vault-sonar-prod
Copy link

hashicorp-vault-sonar-prod bot commented Mar 18, 2026
edited by atlassian bot
Loading

SCANPY-237

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 18, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conclusion: There's one clear user-facing bug that needs fixing before merge — warnings are silently dropped when validation passes — and a minor TOCTOU issue in the file-open logic.

🗣️ Give feedback

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 18, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

@sonarqube-next
Copy link

sonarqube-next bot commented Mar 18, 2026

Quality Gate passed Quality Gate passed for 'Python Scanner'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
93.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

sonar-review-alpha[bot]
sonar-review-alpha bot reviewed Mar 18, 2026
View reviewed changes
Copy link

@sonar-review-alpha sonar-review-alpha bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! ✅

🗣️ Give feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marc-jasper-sonarsource