Questions tagged [sonarqube]

SonarQube is the open source platform, to continuously inspect code quality of applications. It allows developers to detect bugs and vulnerabilities as well as to decrease code smells, in more than 20 different languages.

0
votes
0answers
6 views

how to fix 'Disable XML external entity (XXE) processing' vulnerabilities in java

I ran my java code against sonarqube and I got 'Disable XML external entity (XXE) processing' as vulnerability. I spend some time on google to resolve the issue. I have been trying alot of approach ...
0
votes
0answers
6 views

When running sonarqube java dockerised app it get error sonarqube url not reachable

I am running sonarqube from docker and it's working great for local projects, but when running it manually on a dockerized app it gives [ERROR] SonarQube server [http://my-external-server-url:9000] ...
-2
votes
1answer
37 views

how do I test constructor in java which refers to current object?

My code doesn't meet the sonarqube code coverage the following piece of constructor says it needs test in sonarqube, I have written the following code to test it but it is not covering the code? can ...
0
votes
0answers
11 views

Unable to execute sonarqube scanner with jenkins

I am unable to execute the sonarqube scanner with Jenkins pipeline script. sonarqube scanner version : 3.3.0 Please suggest. stage('SonarQube analysis 3') { steps { withSonarQubeEnv('...
0
votes
0answers
20 views

Error while analyzing java code using SonarQube Scanner

Gradle spring boot code analysis using SonarQube via Jenkins throws error. I have at the root of the Gradle spring boot project my sonar-project.properties file with the following details sonar....
-1
votes
0answers
11 views

How to troubleshot Error during SonarQube Scanner execution [on hold]

enter image description here I run sonar-scanner and in the end it's error.
2
votes
0answers
54 views

Unused local variable sonar issue inside java lambda

Sonar is giving "Remove this unused addressId local variable" error even though it is being used in my code. this.getStudentList() .forEach(student -> student.getAddressList()....
0
votes
1answer
14 views

package naming issue in sonarqube

when I run my jar in sonarqube for code coverage I m getting as rename this package name to match the regular expression the package name which is gave is routeBuilder.Can some one please let me know ...
0
votes
0answers
7 views

SonarQube Fails to Start When Upgrading to PostgreSQL10 [on hold]

I upgraded from Sonarqube 6.7 to 7.8 successfully. When I upgrade my database version from Postgres 9.6.9 to 9.6.11 it works great. I have attempted this upgrade multiple times on multiple version ...
0
votes
0answers
6 views

can sonarqube publish the result for both parent and child projects in sonar UI?

I am new to CI. My scenario is i have a project structure like below, Parentproject ---Child1 ---Child2 In otherwords, its like a multimodue project structure. Currently sonar scans both ...
1
vote
1answer
17 views

Merge coverage for Sonarqube with istabuljs/nyc

I have a typescript project that goes through a Jenkins pipeline and does all the functional tests in parallel (after building the main container). At the end of the pipeline - we create code coverage ...
0
votes
0answers
18 views

Cannot run SonarQube as Service

If I just run the StartSonar.bat everything works and starts fine. If I setup a service to run using NSSM using: Path: ..\blah\wrapper.exe Startup directory: ..\blah Arguments: -c ..\blah\conf\...
0
votes
0answers
10 views

how to make sonarqube analysis do not skip sub-modules

I integrate sonarqube analysis in Jenkins, and point it to the pom file of the parent project of a multiple projects. I expect it to scan all the sub-projects but all the sub-projects are skipped. ...
1
vote
0answers
22 views

Sonar server is not coming up

I have installed Sonar on a windows machine and when I am trying to run it am getting the below error and the sonar is not coming up. Could someone help on this. Sonar start up log (below) - *...
0
votes
1answer
23 views

Unable to select “SonarCloud/Quality Gate” in “Require approval from additional services” in branch policies

According to the tutorial written on the sonarcloud blog (https://blog.sonarsource.com/integrate-sonarcloud-with-vsts-to-boost-code-quality) and the Azure DevOps lab (https://www.azuredevopslabs.com/...
1
vote
0answers
26 views

SonarQube stops and starts using quality profiles (by itself ?)

We are using SonarQube to analyse the code that we checkin to TFS. Every time a developer performs a checkin, the new/changed code is being analysed. This mechanism did well for us, until last friday. ...
0
votes
1answer
28 views

Sonar-Scanner : Error java/lang/NoClassDefFoundError: java/lang/Object

I'm trying to set up Sonarqube for the project. I managed to configure it about a month ago but there I encounter an error. The error may occur for other things than Sonarqube, so if you know how to ...
0
votes
1answer
38 views

Sonarqube 7.8 Docker Image not able run after changing from jdk8 to jdk11

I am upgrading my Sonarqube server from 6.7 to 7.8-community since the latest version can run on openjdk 11. The docker image Sonarqube has hosted is running on openjdk 8. I am trying to make the ...
0
votes
0answers
12 views

Sonarqube 7.7 doesn't start when I use sonar.web.context

I downloaded the latest version of Sonarqube to try the new capabilities and it worked well. I have developed some custom pages and they use the context to build some urls. My problem is that when I ...
0
votes
0answers
14 views

Sonarqube Failed with error - Not indexing due to symlink loop : src/project/WebApp/links/bash

Sonarqube scanner Failed with error - Not indexing due to symlink loop : /app/localstorage/BuildAgent4/work/4f6fd1fasdae3/src/project/WebApp/links/bash I have checked the path of the symbolic link ...
0
votes
0answers
14 views

how to use SonarQube API to get comments percentage of a project?

I need to know how to use SonarQube API to get comments percentage of a project ? I have read the documentation here, but i don't really know, how to use it. I have tried to enter this link (http://...
0
votes
0answers
14 views

SonarQube SSO with AD FS

we're trying to implement SonarQube with AD FS. I understand this is SPIndipidated Sign On rather then IDp. From the documentation I'm not too sure what SonarQube is expecting as the parameters and ...
0
votes
0answers
15 views

Travis CI SonarCloud - How to choose what quality profile to be enabled?

From the Job log it looks like Travis enable all Sonar way that is available ... INFO: Quality profile for css: Sonar way INFO: Quality profile for java: Sonar way INFO: Quality profile for js: Sonar ...
2
votes
0answers
43 views

No cobertura code coverage in SonarQube, Azure DevOps displays it right

We have a product written in Java that is built using Azure DevOps. The issue being faced is SonarQube showing 0.0% code coverage. Azure DevOps publish code coverage task is able to pick up the ...
-1
votes
1answer
46 views

Refactor this function to reduce its Cognitive Complexity - Tagged as Critical issue

I am using SonarQube Version – 6.7.7(LTS) and Python language analyzer plugin version - sonar-python-plugin-1.13.0.2922.jar. Completed the sonar analysis successfully, then I could see “Refactor ...
0
votes
0answers
24 views

How do I get SonarQube to count spock/groovy unit tests?

I am trying to configure SonarQube to report an accurate count of the unit test cases in my repository, currently it is only showing the java jUnit test cases. SonarQube reports the java jUnit test ...
1
vote
0answers
15 views

How can I look at modules using SonarQube 7.7?

I've been previously using SonarQube 6.7 but got it now upgraded to version 7.7. As stated in SonarQube 7.6 release notes: Tracking code quality is as easy as following your project structure. ...
1
vote
1answer
20 views

How much time is spent on computation for limited while-loops using end's condition restriction MSC01-J (SonarQube)

According to the MSC01-J An infinite loop is one that will never end while the program is running, i.e., you have to kill the program to get out of the loop. Whether it is by meeting the loop's end ...
-2
votes
0answers
15 views

How can I analyse java project in sonarqube only with project path

I am developing a spring boot web application which will analyse the java project provided the java project path to which analysis should be done...I need to get the analysis review of this project ...
1
vote
0answers
18 views

Can not update or save settings on SonarQube behind Nginx reverse proxy

I've an instance of sonarqube and nginx both in docker. Sonarqube is behind nginx and it works fine, I can access it BUT I can not update anything in sonarqube UI such as installing plugins in ...
0
votes
0answers
34 views

Sonar-Bitbucket with Maven project-root not equal to repo-root?

We have a Bitbucket project, which contains a maven project under /project/$PROJECTNAME. We can scan this project with maven-sonar just fine, and get scan results in Sonar. The paths in Sonar are all ...
0
votes
0answers
21 views

Sonarqube integration with codecommit not working

I want to integrate sonarqube with codecommit. My sonarqube server is running on one linux server. I want to analyze my code using sonarqube as soon as someone check-in the code in codecommit. How can ...
1
vote
0answers
21 views

List of organizations given an user id or username

I am trying to obtain a list of organizations that belongs an userId or username from the sonarcloud api. The uri I want to expose looks like https:///users/{userId,username}/organizations. Do you ...
0
votes
0answers
23 views

Maven sonar scan failing for SonarQube 7.7 with sonar-groovy 1.6-RC1

I am getting below error with sonar maven plugin 3.6.0.1398 for SonarQube 7.7 with sonar-groovy 1.6-RC1, is there a patch for this issue? Failed to execute goal org.sonarsource.scanner.maven:sonar-...
0
votes
0answers
17 views

Issue while running sonarqube analysis for one of .net project

Want to run sonarqube analysis for one of .net project. I have downloaded latest sonarqube community edition.Can anybody guide through step by step implementation SonarQube configuration Currently i ...
0
votes
0answers
12 views

How to skip the sonarqube cognitive complexity for the parent function?

My angularjs controller file always starts with two nested function definitions. Like, define(['dependencies'], function(appName) { appName.controler('controllerName', [function main($scope) { ...
0
votes
0answers
26 views
+50

iOS Unit Test Coverage - Sonar Report - xccov

xccov tool generates the unit test coverage report for covered lines of code only. So if example.swift file has 20 lines, and 10 is covered by unit tests the coverage will be 50%. Karma (used in ...
0
votes
0answers
9 views

Sonar 7.7: Windows 2016 SonarQube service not starting

I am trying to setup Sonar 7.7 community edition on Windows 2016 64 bit, so I started by installing JDK 1.8.0.141, created a blank database db-eng-sonar on SQl Server 2016 and then I have the below ...
1
vote
2answers
61 views

Integrating Sonarqube analysis with CI build

I am trying to integrate sonarqube analysis with CI build in vsts . I am getting the error below : [![Exception in thread “main” java.lang.UnsupportedClassVersionError: JVMCFRE003 bad major version; ...
0
votes
0answers
22 views

Error when running SonarQube analysis through Jenkinsfile

I am trying to run static analysis using SonarQube for Maven project but when my jenkinsfile runs, it throws below error: [INFO] -----------------------------------------------------------------------...
0
votes
1answer
9 views

Uninstall plugin in sonarqube: can only be uninstalled as part of a SonarSource edition

I've accidently installed the branch plugin on SonarQube. We use the free commercial edition. Now it complains about: Analyses suspended. Please set a valid license for the commercial features ...
0
votes
0answers
13 views

Use the rest syntax to declare this function's arguments in Dojo

The SonarQube report suggests to Use the rest syntax to declare this function's arguments this.inherited(arguments); Based on this suggestion , I tried changing the code as below, but this do not ...
0
votes
1answer
25 views

Configure Sonarqube with SSL with NGINX as reverse-proxy - Errorcode: SSL_ERROR_RX_RECORD_TOO_LONG

I am trying to configure Sonarqube that it works with SSL. I followed the following instructions: https://docs.sonarqube.org/latest/setup/operate-server/ Below is my configuration: server { ...
0
votes
0answers
17 views

How to add sonarqube coverage analysis as a comment into bit-bucket PR (post-build) thru jenkins pipeline step?

I am setting up a jenkins-pipleline and I added a step to show sonar coverage analysis on jenkins build via the step - post { always { junit "**/target/...
0
votes
1answer
47 views

Sonarqube and postgresql when run with docker-compose don't honor the username and password on the sonar Dashboard

I want to setup sonarqube with postgresql through docker-compose and though I provide environment variables in the docker-compose.yml they don't get honored by Sonarqube. I am not able to login to the ...
0
votes
1answer
31 views

Does Jacoco include SpringJUnitClassRunner test coverage?

I have a Test.java class annotated with @RunWith(SpringJUnit4ClassRunner.class) (from spring-test-3.2.18-RELEASE.jar). I'm finding that it does not show up in Jenkins' Jacoco Coverage Report (or on ...
1
vote
0answers
37 views

SonarQube docker image does not run successfully under App Service ACI

I try to implement sonarqube continuous inspection in azure devops with help of windows container instance. After creating azure sonarqube instance (Docker sonarqube latest image) and azure sql ...
0
votes
0answers
28 views

How to merge unit test and integration tests for sonarcloud coverage

I am trying to merge the coverage for all my tests, including unit tests and integration tests. I have a multi-module app and I'm using Maven. The hierarchy looks like this : Project : - ad-...
0
votes
0answers
42 views

Docker-compose service(sonarqube) can't access other services(postgres)

I've the following sonarqube+postgres docker-compose file. It works fine on my local machines on both Docker for Windows and Docker for Mac. But when I deploy it on our live server (Ubuntu 18.04), ...
0
votes
2answers
44 views

How to “Enable front-end code coverage in sonarqube” for a Angular project

This is my dahsboard from Bamboo related to Sonarqube: https://imgur.com/a/yOq6iGp The project build result page looks like this: https://imgur.com/Z126mr7 So, I want enable somehow test coverage in ...