1,489 questions
0
votes
0
answers
42
views
Bamboo checkout of bitbucket repo not generating .git folder for SonarQube Scan [closed]
I am trying to scan my source code present in BitBucket with SonarQube through my Bamboo pipeline. I am using the out-of-box module present in Bamboo for checkout.
Problem: The checkout is not ...
- 427
0
votes
1
answer
70
views
Problem with injecting value to the static variable
With the entered code here, I am trying to build a project on springboot. I am using AES encryption in my project. I am keeping the password(key) of AES in the application properties. The variable ...
0
votes
0
answers
56
views
How to remove method or line from sonarqube check in Go?
have a correct method to remove unique method or line from check coverage sonar? like //NOSONAR?
I've tried but I wouldn't like to have to use sonar.exclusions= in my sonar-project.properties file
0
votes
1
answer
112
views
Retrieving SonarQube Project Key and Name Used in Jenkins Build via API
I’m currently running SonarQube code analysis through Jenkins as part of my CI pipeline. In the Jenkins pipeline, I’m passing the SonarQube project name, project key, and authentication token to ...
1
vote
0
answers
104
views
Why is SonarCloud `reportPaths` property not receiving wildcards?
According to the Sonar Cloud Documentation it is possible to use wildcards in the sonar.javascript.lcov.reportPaths following the Test Coverage parameters guideline for wildcards. However, when trying ...
- 241
0
votes
0
answers
41
views
Updates are not getting reflecting in the sonar server even after deploying the latest custom sonar
I’m working with a custom Quality Profile for the Natural language in SonarQube. so even after deploying the latest version of the plugin on the quality default profile its showing “Sonar way (...
0
votes
0
answers
35
views
Assistance in formatting curl command in Jenkin's pipeline to call SonarQube
In a pipeline (Jenkins Version 2.496) script block;
I have an environment params variable defined with 4 & to pass multiple values;
SET tools_params=mainBranch=%default_branch%^&...
- 161
0
votes
0
answers
44
views
Gitlab Merge happening despite update_sonar job failing
I have the following update_sonar job in my CI pipeline:
stage: update_sonar
allow_failure: false
image: sonarscanner:4.7-n14
tags:
- "ocp_l"
script:
- sonar-scanner
-...
- 90
0
votes
0
answers
95
views
How to Disable FindBugs Sensor/Scanning or Fix Unsupported Class File Major Version Error in SonarQube with Java 21?
We recently upgraded our codebase from Java 17 to Java 21. During our Maven build, we use the following Azure pipeline tasks to run SonarQube:
- task: SonarQubePrepare@7
inputs:
SonarQube: '...
- 602
0
votes
0
answers
120
views
How can I set up a CI pipeline in gitlab with sonarqube?
I try to set up a simple CI pipeline in gitlab with sonarqube. I don't know how I can start the sonarqube server inside the CI pipeline and access it.
I tried the following CI pipeline:
image: ...
0
votes
1
answer
107
views
Jenkins/Sonarqube: Fetch target branch in multibranch pipeline?
I am running a Jenkins a multibranch pipeline with SonarQube scanner. It looks like the scanner requires target branch of the PR to be fetched in order to run the analysis but Jenkins is only fetching ...
- 406
0
votes
0
answers
36
views
Sonar + Devops + PHP - How to analyze projects that doesn’t have a “Build” stage?
How can I analyze a PHP project that doesn’t have a “Build” stage? I have the following pipeline:
trigger:
branches:
include:
- '*'
pool:
vmImage: 'ubuntu-latest'
variables:
# Sonar-...
- 11.5k
0
votes
1
answer
296
views
org/sonar/batch/bootstrapper/EnvironmentInformation has been compiled by a more recent version of the Java Runtime
I'm trying to integrate SonarQube scanner into a TeamCity build configuration. I have installed the Sonar Runner plugin and set the build step to use scanner version 4.2.0, and run a build with the ...
- 506
0
votes
0
answers
103
views
NoSonar feature for custom sonar plugin for the language that is not supported the conventional sonar server
I am working on a custom SonarQube plugin for a programming language that are not supported by the conventional sonar plugin.
My current task is to implement a feature where lines containing a ...
1
vote
0
answers
94
views
Maven dependency and Sonar Qualys vulnerabilities
I need to know how I can find the JARs without the vulnerabilities.
I have an application, lets say, service A, now when I build this application, Sonar points to the list of vulnerabilities and ...
- 1,596
4
votes
1
answer
669
views
Exclude directory from SonarQube analysis
When I open a PR on GitHub, SonarQube Cloud checks the source code and reports any problems. I also have the IntelliJ plugin "SonarQube for IDE" installed. By connecting the IDE plugin to ...
- 188k
0
votes
1
answer
75
views
Sonarscanner tekton task is throwing ERROR: Error during SonarScanner execution java.lang.UnsupportedClassVersionError
SonarQube scanner tekton task https://hub.tekton.dev/tekton/task/sonarqube-scanner in default configuration is throwing following exception while scanning project in Go:
step-sonar-scan
INFO: Scanner ...
- 18.2k
0
votes
1
answer
161
views
How to Perform SonarQube Scans on Synapse Notebooks in Azure DevOps?
I would like to run sonarqube scan on Synapse notebooks in Azure DevOps. In our Synapse notebooks, we have python, Pyspark, SQL and R codes. Our objective is to scan for vulnerabilities, code smells, ...
- 765
-2
votes
1
answer
138
views
SonarQube error Make sure that this logger's configuration is safe
Any alternative for logging.config.dictConfig(config) ? I can't bypass SonarQube quality gate due to the following SonarQube error : logging.config.dictConfig(config) : Make sure that this logger's ...
- 151
2
votes
1
answer
887
views
SonarQube PR decoration with GitHub Actions and GitHub, but inline code decoration not working?
I am using our enterprise SonarQube server and doing PR decoration using GitHub Actions. The scan and PR analysis happens fine and in the end I get the GitHub comment on PR analysis, however I do not ...
- 730
0
votes
2
answers
108
views
How can I catch a Java exception in Github Action
I've got a Github Action that runs SonarQube scanner:
- name: SonarQube analysis
continue-on-error: true
shell: bash
run: |
sonar-scanner \
-Dsonar.cfamily.build-wrapper-output=bw-...
- 9,317
3
votes
0
answers
122
views
SonarQube reporting missing coverage but not clear what is missing
I have SonarQube running on my builds to detect missing code coverage.
My .NET 8 code has a try/catch/finally block. In the Try block I connect to a FTP server using an FTP client and in the Finally ...
- 349
0
votes
0
answers
121
views
SonarQube Showing all project Issues instead from files related in PR
We have Dot Net project and we are using SonarQube to check for Code quality. Recently we did modification in azure-pipelines.yml did version update . While raising PR now SonarQube is showing ...
0
votes
1
answer
189
views
Is there a way to automate the use of sonarqube?
Currently I am working on a project that wants to integrate automated static analysis as a part of a pipeline. I simply want to just feed in a piece of code to sonarqube and have it output the results,...
- 1
0
votes
0
answers
234
views
SonarQube Still Showing Blocker Bug on Dashboard After Fix Has Been Applied
I’m facing an issue with SonarQube where a blocker bug is still reported on the dashboard for a branch I'm working on, even though the issue has been fixed in the code and it works fine in my local ...
- 86
0
votes
0
answers
310
views
SonarCloud can't find .lcov file in GitHub Actions
I am using SonarSource/sonarqube-scan-action in a GitHub Actions workflow, following the documentation, to analyze a TypeScript project, which has Jest.
My workflow has this block:
name: Build & ...
- 8,083
0
votes
0
answers
314
views
Why SonarQube Quality Gate passed despite having more issues?
Am analysing two projects in SonarQube. I am using SonarQube Community Edition with Jenkins pipelines for two projects, and I’ve encountered an issue regarding the quality gate status. Here’s a ...
- 65
0
votes
1
answer
361
views
Why Does SonarQube Pass the Quality Gate for Project A but Fail for Project B Despite Higher Overall Issues?
I'm experiencing a strange behavior in SonarQube with two long-standing projects, Project A and Project B. Both projects have existed for a while across different products, but I'm noticing a ...
- 65
0
votes
1
answer
331
views
Sonar scanner analysis is failing with ADO task version 6
We are trying to run Sonar scan with latest ADO task version v6 and it is failing with the following error. Sonar scan works with ADO task version v5.
/azp/_work/_tasks/SonarQubeAnalyze_6d01813a-9589-...
- 183
1
vote
0
answers
132
views
How to use sonar.exclusions for Delphi applications
I am trying to use SonarScanner on some Delphi 10.3 applications. I am using the sonar-delphi plugin to perform the analysis. It worked perfectly on small applications, but in more complex ...
- 11
0
votes
1
answer
243
views
Facing npm not found issue with sonarscanner latest
Recently we have updated sonarscanner image
During sonar app stage, facing this npm not found issue
npm: command not found
My sonar-app stage is like
sonar-app:
<<: *tpl_build_gcp
stage: ...
- 125
0
votes
1
answer
330
views
Why is SonarQube ignoring coverage data by gcovr from C++ files?
I have a project that is structured like this:
- 3rdParty_Lib1
- 3rdParty_Lib2
- Project_Root
--- apps/
--- include/
------ project_headers/
------ boost_headers/
--- src/
------- module1/
------- ...
- 206
1
vote
0
answers
320
views
How can I add code coverage in a DTO class?
I'm newbie in testing and received a notification from SonarCloud telling me that my DTO do not have any coverage, as it's just a class (a set of classes) I use for deserializing json I'm completely ...
-1
votes
1
answer
103
views
`sonarqube-scanner@^4.0.0` doesn’t return non-zero exit code in case of Quality Gate failure
SonarQube: Developer Edition v10.5.1 (90531)
sonarqube-scanner version: 4.0.0 or 4.0.1
Used npm package: https://www.npmjs.com/package/sonarqube-scanner
Node.js 20.14
When we run it as
npx sonarqube-...
- 1,532
0
votes
1
answer
3k
views
SonarQubePublish@6 fails when running from another stage than SonarQubePrepare, saying: "Variables are missing"
I am working on a Dev Azure pipeline which is runnig couple of stages which have tasks for preparing sonar report. The important parts of stages which I want to focus on look like:
...
- 3,196
0
votes
0
answers
112
views
Files being indexed twice in SonarCloud scan
I’m learning how to integrate SonarCloud with Github Actions in a personal project. The Github repository that I am using can be accessed by clicking here.
The solution I am developing was created ...
- 21
1
vote
1
answer
588
views
Azure Devops Pipeline, show link do Sonar report on the summary page of Pipeline Run
I have a Azure Devos Pipeline, which in one of the stages is running Sonar report. After runnig the Pipeline summary page looks like:
I would like to include the Sonar report link on this first page ...
- 3,196
0
votes
1
answer
143
views
Bitbucket pipeline conditional execution when tests fail
Having a Bitbucket pipeline that executes 2 steps:
Runs Python tests and saves report artifacts in an XML file
Runs SonarQube scanner with the above report file.
If every test is ok, the SonarQube ...
- 822
0
votes
2
answers
914
views
SonarQube 10.4.1 upgraded and I am using Java 11. How to set up my pipelines?
Project's specific JDK
In some situations, you might have to analyze a project built with a different version of Java than the one executing the analysis. The most common case is to run the analysis ...
- 77
0
votes
2
answers
469
views
Sonar-scanner token automation + I can't parse data into the index sonarqube server running in localhost:9000
Here is the github action forkflow :
- name: Start SonarQube container
run: |
docker run -d --name sonarqube -p 9000:9000 sonarqube:lts
- name: Wait for SonarQube to be ready
run: |
...
- 11
1
vote
0
answers
69
views
SonarQube quality gate passes on first scan despite expected failure
I am currently using SonarQube in the Jenkins pipeline for continuous code quality checks. However, I have noticed an issue where the SonarQube Quality Gate passes on the first scan even when it ...
- 11
3
votes
1
answer
4k
views
useState call is not destructured into value + setter pair sonarcloud issue
I am running sonarcloud in my react code.
my sample code is
interface PRScoreObject {
salesAmt?: any; // date-type is number
target?: any; // date-type is number or object with key value pair
...
- 807
0
votes
1
answer
262
views
NOT PLUGIN FOUND FOR PREFIX http in the current project and in the plugin groups [org.apache.maven.plugin, org.codehaus.mojo] available from the repo
I am running the command :
mvn sonar:sonar -Dsonar.projectKey=project-key -Dsonar.projectName=project-name -Dsonar.host.url=http://my.sonarurl.com/ -Dsonar.login=mytoken
in my environment I have:
...
1
vote
0
answers
1k
views
Unable to run sonarqube scan due to java.lang.UnsupportedClassVersionError: org/sonar/batch/bootstrapper/EnvironmentInformation
Below is jdk 17 having class version 61 as set in the Path:
C:\Program Files\Java\jdk-17\bin>java -XshowSettings:properties -version
Property settings:
file.encoding = Cp1252
file.separator ...
- 3,215
0
votes
1
answer
1k
views
SonarQube integration with Azure DevOps fails
I'm using community edition of SonarQube on my Ubuntu machine and self-hosted agent in Azure DevOps.
I tried to integrate SonarQube in the pipeline using 2 different codes but none seems to be working....
- 21
0
votes
0
answers
471
views
actions/setup-java@v3 throwing error "Trying to resolve the latest version from remote Error: getaddrinfo ENOTFOUND api.adoptium.net"
New to GitHub Actions, trying to set the pull request analysis with SONARQUBE.
getting error-
Trying to resolve the latest version from remote Error: getaddrinfo
ENOTFOUND api.adoptium.net"
...
- 5
1
vote
0
answers
14
views
SonarQube nullability check works better with Apache's method than with mine?
I'm trying to understand the following behaviour of SonarQube, which gets in the way of me using my own methods.
Apache declares this function :
package org.apache.commons.lang3;
public class ...
- 1,804
0
votes
1
answer
119
views
SOQL Injection possible - Sonarqube
I'm not able to fix this Sonarqube issue related to SOQL Injection possible, this is original code,
AggregateResultIterator class is called in Batch start method:
global without sharing class ...
0
votes
1
answer
346
views
Avoid unescaped/sanitized content in output - Sonarqube
I'm struggling to fix this Sonarqube issue related to avoid unescaped/sanitized content in output, this is original code:
<aura:component implements="force:appHostable,force:hasRecordId,...
0
votes
2
answers
143
views
Sonarqube not allowing me to set policy for S3 bucket
I'm trying to get my s3 bucket working to store access logs. Below is how I'm deploying the required policy for it using terraform.
resource "aws_s3_bucket_policy" "...
- 11