JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
General
Third-Party External

Using CodeSonar With Hudson

Hudson is a continuous integration (CI) tool that is available for Windows and Linux.

Where appropriate, references to the Hudson Continuous Integration website and The Hudson Book are provided.

Note: The Hudson project has been discontinued and archived. This page is provided for users who are already using Hudson and wish to integrate with CodeSonar. If you are not already using Hudson, we recommend using a different CI tool. For example, there is a CodeSonar integration for Jenkins, which is the successor to Hudson.

Before you start

The Hudson project has been discontinued and archived. If your development group is not currently using Hudson, we recommend using a different CI tool, such as Jenkins (which is the successor to Hudson).

This page is provided for users who are already using Hudson and wish to integrate with CodeSonar.

Integrate a Hudson Job with CodeSonar

There are three main steps.

A. Set up a Hudson job to build your software

  1. Using a web browser, navigate to the Hudson dashboard at http://localhost:8080.
  2. Click New Job (in the menu at the left of the dashboard).
  3. Provide basic job information:
    1. Enter a name for the job.
    2. Select Build a free-style software job.
    3. Click OK.
    Hudson will display a "Job Configurations" page.
  4. Under Build, click Add build step, and select one of the options from the menu that pops up:
  5. Specify the build details required for the option you selected in the previous step.
  6. Click Save.
    Hudson will display a page about your new job - this is the "Job Dashboard".
  7. Test your new job.
    1. Click Build Now. Hudson will execute your specified build command.
      When the build command has completed, Hudson will update the Build History, including a colored dot to indicate whether or not the build was successful.
    2. Whether or not the build was successful, check the Latest Console output to ensure that the build proceeded as you expected.
    3. If necessary, click Configure and adjust your specified build step or steps, and make any other changes necessary to get your job running correctly.
  8. Once your Hudson job is correctly building your software, go on to the next section to integrate the CodeSonar analysis into your build.

    The next step is B. Make sure CodeSonar is ready to analyze your software.

B. Make sure CodeSonar is ready to analyze your software

  1. Make sure that $CSONAR/codesonar/bin is in the PATH of the user who is running Hudson.
  2. Start the CodeSonar hub to use for recording the analysis results (if it is not already running).
    The remainder of these instructions will refer to the hub location as host:port.
  3. Establish a project directory and project name for the CodeSonar project that will be built and analyzed. In either case, make sure the project directory has a suitable location and read/write settings. If Hudson is running with different OS credentials to your own, remember to take this into account. The remainder of these instructions will refer to the project directory as projdir and the project name as proj-name.
  4. If the project directory does not include a general project configuration file (for example, because you just created the directory in the previous step), create one now:
    codesonar create-conf projdir/proj-name
  5. Edit the general project configuration file (projdir/proj-name.conf) to specify your required configuration parameter settings (unless the factory settings are suitable). In particular:
  6. Make sure there is a CodeSonar launch daemon running on the analysis machine, with the same owner as the Hudson process.
  7. Go on to C. Incorporate the CodeSonar build/analysis in your Hudson job.

C. Incorporate the CodeSonar build/analysis in your Hudson job

  1. View the Job Dashboard for the Hudson job that is building your software.
  2. Click Configure to open the Job Configurations page.
  3. Edit the Build section to integrate the CodeSonar build/analysis.
    C and C++ projects For every existing build step that involves C/C++ compilation, edit the build step to incorporate the CodeSonar build/analysis command (see Build and Analysis for C/C++ Projects for more information). If the current build step or steps contain one command that involves C/C++ compilation, this will involve constructing a single codesonar analyze command. Otherwise there are two possible approaches:
    • Accumulate components into a CodeSonar project by constructing a codesonar build command for each software build command that involves C/C++ compilation, then add a final codesonar analyze command to analyze the project.

      or

    • Replace the text of the build step or steps with an invocation of a shell script or batch file with equivalent contents, then construct a single codesonar analyze command based on that invocation.

    The codesonar analyze command must include either the -foreground option or the wait option (but not both). Note that -foreground cannot be used with -remote analysis-launchd.

    See Example 1 and Example 2.

    Java projects Add a new, final build step that executes the CodeSonar Java build/analysis with a suitable cs-java-scan command (see Build and Analysis for Java Projects for more information). The codesonar analyze command must include either the -foreground option or the -wait option (but not both). Note that -foreground cannot be used with -remote analysis-launchd.

    See Example 3.

    Mixed Java and C/C++ projects Combine the approaches for Java-only and C/C++-only projects:
    1. Edit the build steps to incorporate a codesonar build command for each software build command that involves C/C++ compilation.
    2. Add a new build step that executes codesonar build with a suitable cs-java-scan command.
    3. Add a new, final build step that invokes codesonar analyze to analyze the project.

    See Example 4 and Example 5.

  4. Click OK.
  5. Check that everything is working properly.
    1. Click Build Now. Hudson will execute the updated job.
    2. Check that the Hudson job executed successfully, and check the Latest Console output to ensure that the build proceeded as you expected.
      • If necessary, click Configure and adjust your edits, and make any other changes necessary to get your job running correctly.
      • If the CodeSonar build/analysis is not running to completion, the manual section on Troubleshooting the build may be helpful
    3. Open the CodeSonar GUI in your web browser and inspect your analysis results.

Examples

These examples all assume the following:

CodeSonar hub location alexdesktop:7340
project directory /myfiles/csonar_projects/projX
project name ProjectX

Example 1: C/C++ project; Hudson build steps include one command that involves C/C++ compilation.

Suppose that the Hudson job build step text is:

cd /myfiles/src/projX && make normal

Then replace the build step text with:

cd /myfiles/src/projX &&
codesonar analyze /myfiles/csonar_projects/projX/ProjectX -foreground alexdesktop:7340 make normal

Example 2: C/C++ project; Hudson build steps include multiple commands that involve C/C++ compilation.

Suppose that the Hudson job build step text is:

cd /myfiles/src/projX
rm -f *.o
gcc -c A.c
gcc -c B.c
gcc -c C.c

There are several possible approaches.

Option 1 Replace the build step text with: 
cd /myfiles/src/projX
rm -f *.o
codesonar build /myfiles/csonar_projects/projX/projectX -foreground  alexdesktop:7340 gcc -c A.c
codesonar build /myfiles/csonar_projects/projX/projectX -foreground alexdesktop:7340 gcc -c B.c
codesonar build /myfiles/csonar_projects/projX/projectX -foreground alexdesktop:7340 gcc -c C.c
codesonar analyze /myfiles/csonar_projects/projX/projectX -foreground alexdesktop:7340
Option 2 Collect the build step text into a single shell script /path/to/dir/mybuildscript.sh: 
cd /myfiles/src/projX
rm -f *.o
gcc -c A.c
gcc -c B.c
gcc -c C.c
then replace the build step text with: 
cd /path/to/dir && codesonar analyze projectX -foreground alexdesktop:7340 sh -xe mybuildscript.sh
Option 3 Collect the build step text into a single batch file path\to\dir\mybuildbat.bat: 
cd \myfiles\src\projX
rm -f *.o
gcc -c A.c
gcc -c B.c
gcc -c C.c
then replace the build step text with: 
codesonar analyze projectX -foreground alexdesktop:7340 path\to\dir\mybuildbat.bat

Example 3: Java project

Suppose that the Hudson job uses Java source files from /myfiles/sources and writes Java build output to /myfiles/buildoutput/classes

Then add a new "Execute shell" build step with the following contents.

codesonar analyze /myfiles/csonar_projects/projX/ProjectX -foreground alexdesktop:7340 cs-java-scan -include-artifacts /myfiles/buildoutput/classes -include-sources /myfiles/sources

Example 4: Mixed C/C++ and Java project; single build command

Suppose that the Hudson job build step text is:

cd /myfiles/src/projX
make all

and that the Hudson job uses Java source files from /myfiles/sources and writes Java build output to /myfiles/buildoutput/classes.

Then replace the build step text with:

cd /myfiles/src/projX 
codesonar build /myfiles/csonar_projects/projX/ProjectX -foreground alexdesktop:7340 make all
codesonar build /myfiles/csonar_projects/projX/ProjectX -foreground alexdesktop:7340 cs-java-scan -include-artifacts /myfiles/buildoutput/classes -include-sources /myfiles/sources
codesonar analyze /myfiles/csonar_projects/projX/ProjectX -foreground alexdesktop:7340

Example 5: Mixed C/C++ and Java project; multiple build commands

Suppose the Hudson job build step text is:

cd /myfiles/src/projX
rm -f *.o
rm -f *.class
gcc -c A.c
gcc -c B.c
javac J.java

and that the Hudson job writes Java build output to /myfiles/buildoutput/classes.

There are several possible approaches.

Option 1 Move the build text to a Makefile, shell script, batch file, or similar, then follow the approach illustrated in Example 4.
Option 2 Replace the build step text with: 
cd /myfiles/src/projX
rm -f *.o
rm -f *.class
codesonar build /myfiles/csonar_projects/projX/projectX -foreground  alexdesktop:7340 gcc -c A.c
codesonar build /myfiles/csonar_projects/projX/projectX -foreground alexdesktop:7340 gcc -c B.c
javac J.java
codesonar build /myfiles/csonar_projects/projX/ProjectX -foreground alexdesktop:7340 cs-java-scan -include-artifacts /myfiles/buildoutput/classes -include-sources J.java
codesonar analyze /myfiles/csonar_projects/projX/projectX -foreground alexdesktop:7340

Do More With Hudson

To get the most value out of Hudson, you will probably want to take advantage of more of its features (if you are not already doing so).

Some initial suggestions:

We also highly recommend that you read 7 Ways to Optimize Jenkins/Hudson by Kohsuke Kawaguchi, who created Hudson and Jenkins.

 

To report problems with this documentation, please visit https://support.codesecure.com/.