Stack Overflow
Stack Overflow

Questions tagged [sonarqube]

SonarQube is the open source platform, to continuously inspect code quality of applications. It allows developers to detect bugs and vulnerabilities as well as to decrease code smells or bad practices, in more than 20 different languages.

SonarQube was formerly known as Sonar.

SonarQube is the open source platform, to continuously inspect code quality of applications.

It allows developers to detect bugs and vulnerabilities as well as to decrease code smells, in more than 20 different languages.

Feature overview

  • Fully supports the Leak concept to make sure that the code quality of an application gets only better and better as code is added or updated over time
  • Available for more than 20 languages (including Java, C#, C/C++, Cobol, PL/SQL, ABAP, Javascript, PHP, Web, XML)
  • Built-in components for an easy integration (Maven, Ant, SVN, Git, JIRA, Mantis, Google Analytics, Redmine, Jenkins)

Resources

Tutorials & Examples

Books

11817 questions
66
votes
7 answers

Sonar Violation: Security - Array is stored directly

There is a Sonar Violation: Sonar Violation: Security - Array is stored directly public void setMyArray(String[] myArray) { this.myArray = myArray; } Solution: public void setMyArray(String[] newMyArray) { if(newMyArray == null) { …
Junchen Liu
  • 5,435
  • 10
  • 51
  • 62
64
votes
7 answers

Configure Sonar to exclude files from Maven pom.xml

I have a project configured in maven and the code analysis is done by SonarQube. I am trying to configure SonarQube in the pom.xml file to exclude a few files from the code analysis. Those files can be identified by their class names, they contain…
pappus
  • 681
  • 1
  • 6
  • 10
62
votes
12 answers

Please provide compiled classes of your project with sonar.java.binaries

I am struggling with an error with a multi-modules project, the struture is simple, it looks like this : root module a module b module c pom.xml After using the maven command line : clean sonar:sonar deploy I have this error : Failed…
CommonPeople
  • 700
  • 1
  • 6
  • 16
60
votes
10 answers

ERROR: Sonar server 'http://localhost:9000' can not be reached

when running the following command: cmd /c C:\sonar-runner-2.4\bin\sonar-runner.bat (sonar runner is installed on the build machine) i get the following errors: ERROR: Sonar server 'http://localhost:9000' can not be reached ERROR: Error during Sonar…
Guy Salton
  • 617
  • 1
  • 5
  • 6
54
votes
2 answers

Analyzing Android Project with Lint and SonarQube

I really got an 'overflow' trying to make these things to work together. I followed instruction from here: http://docs.sonarqube.org/display/PLUG/Android+Lint+Plugin and finally got a SonarQube 5.1.1 server with Android Lint plugin 1.1 installed.…
sviklim
  • 1,054
  • 1
  • 15
  • 30
51
votes
5 answers

sonarqube + lombok = false positives

import lombok.Data; @Data public class Filter { private Operator operator; private Object value; private String property; private PropertyType propertyType; } For code above there are 4 squid:S1068 reports about unused private…
okutane
  • 13,754
  • 10
  • 59
  • 67
51
votes
6 answers

SonarQube: Invoke method(s) only conditionally

The following part of code raises a major bug at SonarQube : "Invoke method(s) only conditionally." How am I supposed to fix this? if(us != null){ logger.info("Log this: {}", us.toString()); }
Olezt
  • 1,638
  • 1
  • 15
  • 31
50
votes
6 answers

Sonarqube: Missing blame information for the following files

I am getting the warning Missing blame information for the following files during analysis by SonarQube. [INFO] [22:19:57.714] Sensor SCM Sensor [INFO] [22:19:57.715] SCM provider for this project is: git [INFO] [22:19:57.715] 48 files to be…
Amedee Van Gasse
  • 7,280
  • 5
  • 55
  • 101
50
votes
2 answers

How do I use, or set up sonar-project.properties file?

I have very little exposure to SonarQube but have been asked to make a document explaining how to set up / use "sonar-project.properties file". Any information or input would be greatly appreciated.
Charles.savin
  • 511
  • 1
  • 4
  • 4
47
votes
4 answers

SonarQube rule: "Using command line arguments is security-sensitive" in Spring Boot application

SonarQube is just showing a Critical security issue in the very basic Spring Boot application. In the main method. @SpringBootApplication public class Application { public static void main(String[] args) { …
leventunver
  • 3,269
  • 7
  • 24
  • 39
43
votes
3 answers

Sonarqube 5 - how do I mark false-positive?

I've recently installed SonarQube 5.0.1, but I can't find where to mark issues as false-positive. In the drop-down box where this option used to be, the only option is "Link to JIRA", and I'm signed in as admin. Is this feature now provided as part…
RCross
  • 4,919
  • 4
  • 44
  • 42
43
votes
4 answers

Sonar Setup Undefined Mandatory Properties

Learning how to use SonarQube and was doing a quick install from here Got all the way down to step 5. My build fails when I execute: C:\sonar-runner\bin\sonar-runner.bat I get the following error: INFO:…
SeekingAlpha
  • 7,489
  • 12
  • 35
  • 44
43
votes
4 answers

Disable Sonar duplications on Entity, DTO packages

Is there any way to disable certain metrics from selected packages in Sonar? I use Sonar to analyze my project and in Entity and DTO packages I have some code that is equal - the same field ID with annotations, etc is being reported as a duplication…
Arek
  • 1,941
  • 4
  • 22
  • 27
42
votes
1 answer

Disallow anonymous users to access Sonar

I have installed Sonar 3.5.1 and want to disable anonymous users access to the web console. I went to Security page and deleted Anyone from users and codeviewers roles. However, when I visit the web console without authentication I am still able to…
Roman Kh
  • 2,708
  • 2
  • 18
  • 16
42
votes
3 answers

Does Sonar support multiple language in same project?

I am setting up Sonar for one of my projects which is a mix of Groovy and Java. I am able to configure the project separately for either of these languages but not together. Is there any way to do this? I tried this sonar.language = java,grvy but…
rajesh
  • 3,247
  • 5
  • 31
  • 56
1
2
3
99 100