Repository for Powershell language plugin for SonarQube.
Fork notice: This project is a fork of gretard/sonar-ps-plugin, which is no longer actively maintained. This fork aims to continue development and keep the plugin compatible with newer versions of SonarQube.
Currently the plugin supports:
- Reporting of issues found by PSScriptAnalyzer
- Cyclomatic, Cognitive, and Halstead complexity metrics
- Reporting number of lines of code and comment lines metrics
This plugin calculates several complexity metrics for PowerShell scripts:
- Cyclomatic Complexity: Measures the number of linearly independent paths through a program's source code.
- Cognitive Complexity: A measure of how hard the control flow of a script or file is to understand. It increments for conditionals (
if,switch), loops (for,foreach,while),catchblocks, and logical operators (-and,-or,-xor). It also adds a nesting penalty for nested structures. - Halstead Metrics: Measures structural complexity based on the number of operators and operands. It includes custom metrics for Halstead Difficulty, Halstead Volume, and Halstead Effort.
- Download and install SonarQube
- Download the plugin from the releases and copy it to SonarQube's
extensions/pluginsdirectory - Start SonarQube and enable rules
- Prepare build agent machines:
The plugin requires PSScriptAnalyzer 1.24.0. You can either install it manually or let the plugin handle it.
The plugin handles the installation of the latest PSScriptAnalyzer (minimum 1.24.0) automatically.
If you prefer to manage the module yourself, disable auto-installation and ensure the module (>= 1.24.0) is present:
- Scanner Command:
-Dsonar.ps.psscriptanalyzer.autoinstall=false - WINDOWS:
Install-Module -Name PSScriptAnalyzer -RequiredVersion 1.24.0 -Scope "CurrentUser" -Force - LINUX:
pwsh -Command "Install-Module -Name PSScriptAnalyzer -RequiredVersion 1.24.0 -Scope CurrentUser -Force"
The following options can be overridden either in SonarQube Administration or in project configuration files:
| Property | Description | Default |
|---|---|---|
sonar.ps.file.suffixes |
File extensions detected as PowerShell files | .ps1,.psm1,.psd1 |
sonar.ps.executable |
PowerShell executable path | powershell.exe |
sonar.ps.tokenizer.skip |
Skip tokenizer (may be time consuming) | false |
sonar.ps.tokenizer.timeout |
Max seconds to wait for tokenizer results | 3600 |
sonar.ps.plugin.skip |
Skip plugin entirely (no sensors run) | false |
sonar.ps.psscriptanalyzer.autoinstall |
Automatically install PSScriptAnalyzer (min 1.24.0) if missing | true |
sonar.ps.external.rules.skip |
Comma-separated repo:ruleId pairs to skip reporting |
(none) |
| Plugin version | SonarQube | PSScriptAnalyzer | Java |
|---|---|---|---|
| 1.0.2 | 26.1+ | 1.24.0+ | 21+ |
| 0.5.3 | 8.9.2+ | 1.20+ | 17+ |
| 0.5.1 | 8.9.2+ | 1.20+ | 11+ |
| 0.5.0 | 6.7.7+ | 1.18.1 | 8+ |
Requirements: JDK 21+, Maven, PSScriptAnalyzer
# Build the plugin
mvn -f sonar-ps-plugin/pom.xml packageThe built JAR will be located in sonar-ps-plugin/target/.
Contributions are welcome! Please read CONTRIBUTING.md for details.
This project is licensed under the GNU Lesser General Public License v3.0 — see LICENSE for details.
Original work by gretard.