Questions tagged [sonarqube]

SonarQube is the open source platform, to continuously inspect code quality of applications. It allows developers to detect bugs and vulnerabilities as well as to decrease code smells or bad practices, in more than 20 different languages.

SonarQube was formerly known as Sonar.

SonarQube is the open source platform, to continuously inspect code quality of applications.

It allows developers to detect bugs and vulnerabilities as well as to decrease code smells, in more than 20 different languages.

Feature overview

Fully supports the Leak concept to make sure that the code quality of an application gets only better and better as code is added or updated over time
Available for more than 20 languages (including Java, C#, C/C++, Cobol, PL/SQL, ABAP, Javascript, PHP, Web, XML)
Built-in components for an easy integration (Maven, Ant, SVN, Git, JIRA, Mantis, Google Analytics, Redmine, Jenkins)

Resources

Tutorials & Examples

Books

11817 questions

votes

2 answers

Which sonar-maven-plugin version to use?

I am wondering which sonar-maven-plugin in which version I should use. As far as I know there is a org.codehaus.mojo version and two org.codehaus.sonar versions (sonar-maven3-plugin, sonar-maven-plugin). As far as I understand the…

maven-plugin sonarqube

asked Jan 16 '15 at 09:12

jstadler

votes

2 answers

start SonarQube server with specific jdk

Is there a way to start the SonarQube server (v. 3.7.4) with an specific jdk? My case: My java-home is set to jdk 1.8, but SonarQube server has some known problems with 1.8. So I want to start the server with jdk 1.7 (without setting my java-home to…

java sonarqube

asked Dec 19 '14 at 09:23

user871611

3,307
7
51
73

votes

1 answer

How to get SonarQube to play nicely with AngularJS?

I've been looking at using SonarQube to do quality checking on some javascript code, but this code is written using AngularJS. One of the SonarQube rules checks the number of lines in a function - which seems sensible - but in AngularJS, functions…

javascript angularjs sonarqube

asked Mar 05 '14 at 17:28

Dan King

3,412
5
24
23

votes

8 answers

Sonar - OutOfMemoryError: Java heap space

I am deploying a large Java project on Sonar using "Findbugs" as profile and getting the error below: Caused by: java.util.concurrent.ExecutionException: java.lang.OutOfMemoryError: Java heap space What i have tried to resolve this: Replaced…

sonarqube sonar-runner

asked Oct 19 '12 at 04:31

shekhar verma

votes

4 answers

Constructor injection vs Field injection

When injecting any services, I have two choices : Field injection: @Inject private MyService myService; or Constructor injection: private MyService myService; @Inject public ClassWhereIWantToInject(MyService mySerivce){ this.myService =…

java dependency-injection sonarqube cdi

asked Nov 22 '16 at 09:08

Riadh

1,088
2
12
25

votes

3 answers

Exclude JavaScript libraries from Sonar

If you look at this site analysing JavaScript with Sonar you see that there are lots of errors reported on the JavaScript libraries. http://nemo.sonarsource.org/drilldown/violations/jquery?rids%5B%5D=421365&severity=MAJOR How can I prevent Sonar…

javascript sonarqube

asked Aug 31 '12 at 19:58

opticyclic

7,412
12
81
155

votes

3 answers

Running sonar analysis with mvn sonar:sonar ignores sonar-project.properties

Latest 3.3 sonar-maven-plugin and 5.6 LTS as web server. Running sonar analysis with mvn sonar:sonar ( Scanner for Maven ) ignores sonar-project.properties file. (with many parameters https://docs.sonarqube.org/display/SONAR/Analysis+Parameters) Is…

java maven sonarqube

asked Jul 14 '17 at 05:34

Paul Verest

60,022
51
208
332

votes

3 answers

jenkins + sonar + github integration

Problem: I am setting up jenkins + sonar + github integration for automatic pullrequest static code check through sonar. My Configuration: Installed Sonar with github Installed jenkins In jenkins post-build action I have the following…

jenkins continuous-integration sonarqube static-analysis

asked Aug 17 '15 at 10:01

Bhuwan Gautam

1,229
1
11
24

votes

5 answers

What is the difference between afferent couplings and efferent couplings of a class?

Code quality metric tool like Sonar does provide the ability to drill down to a class and find out the number of: Afferent (incoming) couplings Efferent (outgoing) couplings What are these two parameters? Can you please describe with a simple…

oop sonarqube code-metrics coupling

asked Mar 07 '13 at 13:14

Geek

26,489
43
149
227

votes

6 answers

Is there a way to run sonar on projects without using the repository?

In a recent sonar test, we found over 30k total violations in our projects. I was told to spend some time to look over all of the blocker/critical violations and fix them accordingly. I was told by my mentor that to run sonar on the projects again,…

java sonarqube

asked Feb 07 '12 at 17:26

iCodeLikeImDrunk

17,085
35
108
169

votes

2 answers

Malicious code vulnerability - May expose internal representation by returning reference to mutable object

Hi I'm getting the violation as below: Malicious code vulnerability - May expose internal representation by returning reference to mutable object in my code i wrote like this public String[] chkBox() { return chkBox; } How we can solve it.

java sonarqube

asked Jan 21 '12 at 06:13

jayavardhan

votes

3 answers

How to configure sonar.coverage.jacoco.xmlReportPaths for JaCoCo/SonarQube?

SonarQube 7.7 shows the following warning for a Java project analysis: Property 'sonar.jacoco.reportPath' is deprecated (JaCoCo binary format). 'sonar.coverage.jacoco.xmlReportPaths' should be used instead (JaCoCo XML format). The Gradle based…

jenkins sonarqube jacoco

asked Nov 13 '19 at 14:49

JJD

50,076
60
203
339

votes

3 answers

How do I get Sonarcloud to run on pull requests from forks with Travis, Maven & github

While looking into my recent question Sonarcloud failure with Travis, Maven & github I realised that I was asking the wrong question. I was trying to address a symptom rather than the underlying problem. A project I work on (eclipse/scanning) uses…

java maven github sonarqube travis-ci

asked Aug 10 '17 at 11:41

Mark Booth

7,605
2
68
92

votes

6 answers

Add SonarQube coverage via shields.io badge

I have com.github.xxxxxx:xxxxxx Maven repository and I want add shields badge but I have a invalid badge: https://img.shields.io/sonar/https/sonarqube.com/com.github.noraui:noraui/tech_debt.svg Sonarqube xxxxxx project page:…

sonarqube travis-ci shields.io

asked Apr 01 '17 at 20:01

Stéphane GRILLON

11,140
10
85
154

votes

2 answers

Where is the Sonar "duplicated code" here?

I just run sonar scanner on the sample Sonar project. It gives me the message that there is "duplicated code on lines 7-20". Can anyone explain this?

java sonarqube

asked Mar 05 '17 at 20:12

John Donn

1,718
2
19
45

Prev 1 2 3

…

99 100 Next