10

I am getting a lot code smells from lombok generated code in Sonar. F.E.:

Method Dto.hashCode() stores return result in local before immediately returning it


Dto.equals(Object) is excessively complex, with a cyclomatic complexity of 58

How can I point out sonar that this should be skipped from analyze?

UPDATE

I've tried it already. My lombok.config file in root directory is:

config.stopBubbling = true
lombok.addLombokGeneratedAnnotation = true
lombok.equalsAndHashCode.callSuper = call

It doesn't helps

I've tried it already: sonarqube + lombok = false positives I've updated: sonar-project.properties in root directory to:

sonar.sources=src/main
sonar.tests=src/test
sonar.language=java
sonar.java.binaries=build/classes
sonar.junit.reportPaths=build/test-results/test/
sonar.jacoco.reportPaths=build/jacoco/jacocoTest.exec
sonar.java.libraries=.gradle/caches/**/lombok-*.jar

It doesn't work either.


Please don't close it. It is not duplication.

masterdany88
  • 5,041
  • 11
  • 58
  • 132
  • 1
    Possible duplicate of [sonarqube + lombok = false positives](https://stackoverflow.com/questions/46362965/sonarqube-lombok-false-positives) – Ori Marko Oct 07 '19 at 10:43
  • thanks @user7294900. I've also tried this solution. Did not help. I will update question – masterdany88 Oct 07 '19 at 11:02

3 Answers3

2

I just had the same issue. I am using sonar-scanner and figured out that it needs to set Lombok jar file using command line argument.

For example:

sonar-scanner -D sonar.java.libraries=/home/gitlab-runner/.gradle/caches/modules-2/files-2.1/org.projectlombok/lombok/1.18.10/625fc0055674dff70dbc76efa36d0f2c89b04a24/lombok-1.18.10.jar

Now SonarQube does not show any issues related with Lombok annotations.

xsiraul
  • 414
  • 1
  • 5
  • 16
  • solved my problem, but the problem for me was sonar.java.libraries=m2/repositories and my lombok jar was in m2/repositories/org/projectlombok/lombok/lombok-1.18.24.jar – fbm fatma Sep 06 '22 at 15:43
1

Methods generated by lombok need to be annotated with @Generated. Sonarqube will then ignore them.

Just add a file lombok.config in the project root directory, with the following content:

lombok.addLombokGeneratedAnnotation=true
Benoit
  • 5,118
  • 2
  • 24
  • 43
0

Be sure that lombok.jar is well inside the directory referenced in the sonar.java.libraries property.

I had the same problem, I added the property but I had put a reference to the directory of my runtime package that did not contains the lombok.jar!

lombok.jar is used at compile time and useless at runtime so we avoid to add it inside this directory.

Matthieu Saleta
  • 1,388
  • 1
  • 11
  • 17