Questions tagged [sonarqube]
SonarQube is the open source platform, to continuously inspect code quality of applications. It allows developers to detect bugs and vulnerabilities as well as to decrease code smells or bad practices, in more than 20 different languages.
sonarqube
11,987
questions
281
votes
7
answers
390k
views
Turning Sonar off for certain code
Is it possible to turn off sonar (www.sonarsource.org) measurements for specific blocks of code, which one doesn't want to be measured?
An example is the "Preserve Stack Trace" warning which Findbugs ...
- 6,449
242
votes
16
answers
458k
views
SonarQube Exclude a directory
I am trying to exclude a directory from being analyzed by Sonar. I have the following properties defined in my sonar-project.properties file:
sonar.sources=src/java
sonar.exclusions=src/java/test/****...
- 2,561
166
votes
14
answers
166k
views
How to configure multi-module Maven + Sonar + JaCoCo to give merged coverage report?
I've searched up and down the internet for this one. There's lots of half-answers out there, to do with Maven properties such as ${sonar.jacoco.reportPath}, or org.jacoco:jacoco-maven-plugin:prepare-...
- 18k
139
votes
12
answers
213k
views
How to disable warning on Sonar: Hide Utility Class Constructor?
I'm getting this warning on Sonar:
Hide Utility Class Constructor:
Utility classes should not have a public or default constructor
My class:
public class FilePathHelper {
private static String ...
- 6,008
130
votes
5
answers
100k
views
SonarQube And SonarLint difference
How exactly is sonarQube different from SonarLint ? SonarQube has a server associated with it and Sonar lint works more like a plugin. But what are their specific difference ?
- 2,189
128
votes
8
answers
83k
views
Is SonarQube Replacement for Checkstyle, PMD, FindBugs?
We are working on a web project from scratch and are looking at the following static code analysis tools.
Conventions (Checkstyle)
Bad practices (PMD)
Potential bugs (FindBugs)
The project is built ...
- 1,337
110
votes
13
answers
81k
views
Delete a project from SonarQube
Does anyone know how to delete a project from a SonarQube server?
Thanks,
Ronen.
- 8,490
104
votes
7
answers
183k
views
Pod status as CreateContainerConfigError in Minikube cluster
I am trying to run Sonarqube service using the following helm chart.
So the set-up is like it starts a MySQL and Sonarqube service in the minikube cluster and Sonarqube service talks to the MySQL ...
- 2,756
96
votes
11
answers
341k
views
How to make Sonar ignore some classes for codeCoverage metric?
I have a Sonar profile in Maven. Everything works fine except the code coverage metric. I want to make Sonar ignore some classes only for the code coverage metric. I have the following profile:
<...
- 2,964
88
votes
5
answers
48k
views
Are there any Quality Management tools other than SonarQube [closed]
We in our organization are trying to implement a source code quality management tool. SonarQube is one such tool that we have come across, and it's quite full of features and is phenomenal. We want to ...
- 943
86
votes
10
answers
287k
views
SonarQube not picking up Unit Test Coverage
I am having issues with sonar picking up the jacoco analysis report. Jenkins however is able to pick up the report and display the results.
My project is a maven build, built by Jenkins. The jacoco ...
- 1,073
80
votes
8
answers
32k
views
JaCoCo SonarQube incompatible version 1007
I'm using SonarQube for code quality control and suddenly builds that would otherwise pass can't be analyzed and fails.
[INFO] [00:00:03.630] Analysing /mySuperProject/target/jacoco.exec ->
java....
- 991
77
votes
4
answers
45k
views
New Integer vs valueOf
I was using Sonar to make my code cleaner, and it pointed out that I'm using new Integer(1) instead of Integer.valueOf(1). Because it seems that valueOf does not instantiate a new object so is more ...
- 12.3k
77
votes
5
answers
99k
views
Why does the Maven command "mvn sonar:sonar" work without any plugin configuration in my "pom.xml"?
I have a Maven web project in my repo.
I am a Maven noob but still I understand the fact that there are plugins which we need to configure only then we could run plugin specific commands.
Facts:
...
- 2,277
69
votes
7
answers
172k
views
Configure Sonar to exclude files from Maven pom.xml
I have a project configured in maven and the code analysis is done by SonarQube.
I am trying to configure SonarQube in the pom.xml file to exclude a few files from the code analysis. Those files can ...
- 731
68
votes
12
answers
179k
views
Please provide compiled classes of your project with sonar.java.binaries
I am struggling with an error with a multi-modules project, the struture is simple, it looks like this :
root
module a
module b
module c
pom.xml
After using the maven command line : ...
- 809
67
votes
7
answers
57k
views
Sonar Violation: Security - Array is stored directly
There is a Sonar Violation:
Sonar Violation: Security - Array is stored directly
public void setMyArray(String[] myArray) {
this.myArray = myArray;
}
Solution:
public void setMyArray(String[] ...
- 5,524
65
votes
11
answers
202k
views
ERROR: Sonar server 'http://localhost:9000' can not be reached
when running the following command:
cmd /c C:\sonar-runner-2.4\bin\sonar-runner.bat
(sonar runner is installed on the build machine)
i get the following errors:
ERROR: Sonar server 'http://localhost:...
- 667
64
votes
5
answers
16k
views
What's the current state of static analysis tools for Scala? [closed]
I saw a StackOverflow question regarding static analysis in Scala, but that one was answered in 2009. As you know, the Scala tools are changing very rapidly.
I was therefore wondering if someone ...
- 1,420
59
votes
2
answers
190k
views
How do I use, or set up sonar-project.properties file?
I have very little exposure to SonarQube but have been asked to make a document explaining how to set up / use "sonar-project.properties file". Any information or input would be greatly appreciated.
- 601
57
votes
6
answers
129k
views
Sonarqube: Missing blame information for the following files
I am getting the warning Missing blame information for the following files during analysis by SonarQube.
[INFO] [22:19:57.714] Sensor SCM Sensor
[INFO] [22:19:57.715] SCM provider for this project is:...
- 7,537
54
votes
2
answers
11k
views
Analyzing Android Project with Lint and SonarQube
I really got an 'overflow' trying to make these things to work together. I followed instruction from here: http://docs.sonarqube.org/display/PLUG/Android+Lint+Plugin and finally got a SonarQube 5.1.1 ...
- 1,064
53
votes
6
answers
65k
views
SonarQube: Invoke method(s) only conditionally
The following part of code raises a major bug at SonarQube :
"Invoke method(s) only conditionally."
How am I supposed to fix this?
if(us != null){
logger.info("Log this: {}", us.toString());
}
- 1,698
53
votes
5
answers
57k
views
sonarqube + lombok = false positives
import lombok.Data;
@Data
public class Filter {
private Operator operator;
private Object value;
private String property;
private PropertyType propertyType;
}
For code above there ...
- 14.1k
49
votes
5
answers
77k
views
Disable Sonar duplications on Entity, DTO packages
Is there any way to disable certain metrics from selected packages in Sonar? I use Sonar to analyze my project and in Entity and DTO packages I have some code that is equal - the same field ID with ...
- 2,011
47
votes
4
answers
26k
views
SonarQube rule: "Using command line arguments is security-sensitive" in Spring Boot application
SonarQube is just showing a Critical security issue in the very basic Spring Boot application. In the main method.
@SpringBootApplication
public class Application {
public static void main(...
- 3,359
45
votes
3
answers
46k
views
Does Sonar support multiple language in same project?
I am setting up Sonar for one of my projects which is a mix of Groovy and Java. I am able to configure the project separately for either of these languages but not together. Is there any way to do ...
- 3,387
44
votes
7
answers
63k
views
Disable rule in sonar
I want to disable a rule from Sonar so it doesn't show the results in the web page.
In my case I want to hide (or not capture) the results about trailing comments.
Is it posible to configure it ...
- 2,404
44
votes
3
answers
50k
views
Sonarqube 5 - how do I mark false-positive?
I've recently installed SonarQube 5.0.1, but I can't find where to mark issues as false-positive. In the drop-down box where this option used to be, the only option is "Link to JIRA", and I'm signed ...
- 5,068
43
votes
4
answers
54k
views
Sonar Setup Undefined Mandatory Properties
Learning how to use SonarQube and was doing a quick install from here
Got all the way down to step 5. My build fails when I execute:
C:\sonar-runner\bin\sonar-runner.bat
I get the following ...
- 7,737
42
votes
1
answer
17k
views
Disallow anonymous users to access Sonar
I have installed Sonar 3.5.1 and want to disable anonymous users access to the web console.
I went to Security page and deleted Anyone from users and codeviewers roles.
However, when I visit the web ...
- 2,735
41
votes
1
answer
10k
views
How to change the format of the LCOV report executed by Karma?
I've configured Karma to report the coverage of my JavaScript code. Here is the part of the configuration in the karma.conf.js file:
coverageReporter: {
reporters: [
{
type: 'html',
...
- 81k
40
votes
6
answers
58k
views
How to make Sonarqube exclude a .NET (C#) project from coverage measures
Sonarqube allows for individual files to be excluded from code coverage by adding patterns in the sonar.coverage.exclusions key. This can be done on a project level by adding them in the UI and even ...
- 501
39
votes
1
answer
41k
views
Do I need sonar and sonar runner for Jenkins?
I want to set up Sonar with Jenkins. But I'm not sure if the Sonar site describes two different ways to do this or if there are two necessary steps:
As far as I understood it, it's two different ways....
- 2,521
38
votes
1
answer
30k
views
SonarQube Runner vs Scanner
What is the difference btw Sonar Runner and Sonar Scanner?.
And which version of "Sonarqube" and Sonar runner is required for JDK7?
- 381
37
votes
4
answers
25k
views
The following projects do not have a valid ProjectGuid and were not built using a valid solution (.sln) thus will be skipped from analysis
When you are building a dotnet core project with SonarQube you may be facing the error in the log:
WARNING: The following projects do not have a valid ProjectGuid and were not built using a valid ...
- 9,739
37
votes
4
answers
122k
views
Sonarqube is not showing code coverage after running
I'm running sonarqube with maven.
I have installed it using following way.
Using brew, I installed mysql and sonar.
When I run I get 7 critical bugs but the code coverage for 88 tests is zero
When ...
- 3,306
36
votes
10
answers
98k
views
How to recover admin password for SonarQube
I forgot the admin password for SonarQube. Googled and found that the value for crypted_password should be updated to 8b1254c1c684c5dc904f3f174cea1cacbde4ad84 which will reset the password to admin. ...
- 391
36
votes
2
answers
19k
views
Ignore SonarQube warnings in python
How can I ignore SonarQube warnings in Python code
In Java, I can use
@SuppressWarnings("squid:S1166")
Where the ID is the SonarQube rule ID. But what syntax should I use in Python?
I've tried
# ...
- 7,683
35
votes
8
answers
61k
views
Error in sonar startup, Unable to start JVM: No such file or directory (2)
I am facing strange issue with sonarqube 5.0.1 , one one of the machine it is not starting. Here is the error log - sonar.log -
--> Wrapper Started as Daemon
Launching a JVM...
Unable to start ...
- 6,079
34
votes
3
answers
187k
views
Refactor this method to reduce its Cognitive Complexity from 21 to the 15 allowed. How to refactor and reduce the complexity
how to reduce the complexity of the given piece of code? I am getting this error in Sonarqube---> Refactor this method to reduce its Cognitive Complexity from 21 to the 15 allowed.
this....
- 626
34
votes
3
answers
52k
views
How to exclude some maven project from sonar analysis
I have many(Let say 10 (A, B, C...)) eclipse plugin which is maven based.
I have one master pom file which includes all other plugin projects.
now by building master file with sonar:sonar goal it ...
- 15.8k
34
votes
6
answers
78k
views
How to disable Sonar rules for specific files?
I've got a project I'm working on and some of the files violate some of the rules, but in ways that are not real issues, and are thus distracting noise. However, I don't want to disable these rules ...
user153275
34
votes
4
answers
93k
views
Sonar : Replace this lambda with a method reference
This code sample
Collection<Number> values = transform(
getValuatedObjects(),
input -> getValueProvider().apply(input).getValue());
violates the Sonarqube rule:
Lambdas ...
- 29.2k
34
votes
13
answers
67k
views
Stop sonar on window 64
I use sonarqube 4.3 and I can't find a script to stop sonar in windowsx86-64.
It's awkward to have StartSonar.batand nothing to stop.
When I use it on in linux-x86-64 I can use ./sonar.sh stop.
I ...
- 637
34
votes
13
answers
26k
views
Sonarqube scan error with line out of range?
[07:43:57]W: [Step 1/1] ERROR: Error during SonarQube Scanner execution
[07:43:57]W: [Step 1/1] ERROR: Line 523 is out of range in the file
src/main/java/com/company/package/File.java
(lines: 522)
...
- 1,347
33
votes
5
answers
74k
views
maven connecting to Sonar
I have maven installed on my local machine and I'm trying to test out Sonar installed on a remote box.
I found a few post online to configure settings.xml (maven\config\settings.xml) and append a ...
- 339
33
votes
2
answers
32k
views
Sonarqube, "String contains no format specifiers" when logging constant String message
SonarQube complains about "String contains no format specifiers." when using org.slf4j.Logger, in particular method "public void debug(String msg)". For example
log.info("message");
It refers to ...
- 1,710
33
votes
2
answers
27k
views
What is the difference between code coverage and line coverage in sonar
I know what the difference is between line and branch coverage, but what is the difference between code coverage and line coverage? Is the former instruction coverage?
- 18.6k
33
votes
2
answers
32k
views
Excluding Lombok classes from Sonar coverage report
Latest Jacoco plugin (still in snapshot version, 0.7.10-SNAPSHOT), has a nice new feature to filter out the Lombok generated code (https://github.com/jacoco/jacoco/wiki/FilteringOptions).
All we need ...
- 7,081