11,928 questions
-3
votes
0
answers
25
views
Turn off coverage for certain lines in Java [duplicate]
I am using SonarQube and this is in the report:
It doesn't make sense it shows that annotation in the first place. I tried turning the coverage off with configuration and adding the comments, like:
...
- 13.5k
0
votes
0
answers
66
views
sonar failed: An API incompatibility was encountered while executing org.sonarsource.scanner.maven:sonar-maven-plugin
I used sonar-maven-plugin 3.11.0.3922 on a java program which was compiled with jdk1.8.0_391_x64, but got the "sonar failed: An API incompatibility was encountered while executing org.sonarsource....
- 606
Best practices
0
votes
0
replies
35
views
I want to avoid black duck scan
In my current project, our team is using Databricks, ADLS, a web app, and Power BI. We will complete development and then migrate the code to GitHub. Later, we plan to perform Black Duck scans. ...
- 27
0
votes
1
answer
110
views
How to properly re-throw an exception cause without causing SonarQube errors in Java?
I'm working on a Java method that handles multiple exceptions, and in some cases, I want to re-throw the original exception stored as the cause of an ExecutionException. Specifically, I have a piece ...
- 490
1
vote
2
answers
111
views
Does SONAR's cpp:S5213 rule imply that functions accepting lambdas must be implemented in the .h file?
SONAR's cpp:S5213 rule says that
Template parameters should be preferred to "std::function" when configuring behavior at compile time
We have tried implementing that by replacing std::...
- 6,309
2
votes
1
answer
88
views
SonarQube shows 0% coverage for Angular (LCOV exists) while .NET coverage is OK
I run a single batch script to analyze a mixed solution: .NET backend + Angular frontend.
The .NET coverage (OpenCover) is imported correctly, but Angular/TypeScript coverage always shows 0% in ...
- 28.6k
0
votes
0
answers
43
views
Filtering SonarQube Issues in Visual Studio 2022
I'm using SonarQube with Visual Studio 2022 (connected mode) and looking for the best way to filter SonarQube issues in the error list.
Goal: easily isolate SonarQube issues from compiler warnings, ...
- 347
0
votes
1
answer
64
views
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.2:sonar
I want to analyze my code project with sonarqube. When i try this command:
mvn clean verify sonar:sonar -Dsonar.projectKey=country-service -Dsonar.projectName='country-service' -Dsonar.host.url=http://...
0
votes
0
answers
61
views
Scan helm files that contain invalid yaml
I have a Helm chart that I need to scan via SonarQube. The issue is, whenever I scan my Chart it flags up a host of errors because the YAML Analyser does not know how to interpret the templating.
For ...
- 607
1
vote
2
answers
139
views
Cannot run Sonar analysis on Kotlin source code using Gradle plugin in Jenkins
Using Sonarqube Gradle plugin version 6.2.0.5505 (latest: https://plugins.gradle.org/plugin/org.sonarqube/6.2.0.5505) , the analysis of Kotlin source code fails when running on my Jenkins instance, ...
- 12.2k
0
votes
1
answer
36
views
Does this Helmet CSP violate itself with contradicting directives?
I'm building a website that will be using Helmet's CSP's, however, the current CSP I have coded seems to not agree with SonarQube.
Here is my current CSP in my app.ts:
app.use(
helmet....
- 1
8
votes
0
answers
426
views
Is there a safe way to create directories with std::filesystem?
I have compared the description of POSIX mkdir against
the description of std::filesystem::create_directory,
the specification draft for std::filesystem::create_directory, and
the specification draft ...
- 5,533
0
votes
1
answer
173
views
How to set up SonarQube SMTP without authentication?
We are using SonarQube server v2025.1.1. In the past we upgraded from former LTA versions. I'd guess the first such LTA version was 7.9.
Our SonarQube instance and our SMTP server both runs on a local ...
- 1,152
1
vote
0
answers
73
views
I'm trying to integrate sonarqube with a multi module android project.After integration I'm getting integration error
Here is the exception.
java.lang.NoClassDefFoundError: com/android/build/gradle/api/BaseVariant
at org.sonarqube.gradle.SonarQubePlugin.lambda$getAndroidCompileTasks$16(SonarQubePlugin.java:179)
...
0
votes
0
answers
56
views
How to remove method or line from sonarqube check in Go?
have a correct method to remove unique method or line from check coverage sonar? like //NOSONAR?
I've tried but I wouldn't like to have to use sonar.exclusions= in my sonar-project.properties file
0
votes
1
answer
68
views
Relevance of Sonarqbue Rule kotlin:S5612 Lambdas should not have too many lines
As a team using SonarQube for code analysis on our Jetpack Compose projects, we're frequently running into kotlin:S5612 (lambdas exceeding 20 lines) as a major code smell. The nature of Compose's ...
- 244
0
votes
0
answers
65
views
How to extract the number of passed and failed test cases from Jenkins CI pipeline?
I am currently running my test cases in a Jenkins CI pipeline. Now, I want to extract test case results—specifically the number of passed and failed tests.
Does Jenkins provide an API to fetch this ...
0
votes
1
answer
104
views
Retrieving SonarQube Project Key and Name Used in Jenkins Build via API
I’m currently running SonarQube code analysis through Jenkins as part of my CI pipeline. In the Jenkins pipeline, I’m passing the SonarQube project name, project key, and authentication token to ...
0
votes
0
answers
23
views
Jenkins pipline pulls 6 Sonar issues where in SonarQube GUI there are no issues visible fot that projects
Our Jenkins pipeline uses api to pull from the SonarQube the number of issues related to the project. Our pipeline script is set up to search the following severities:
INFO, MINOR, MAJOR, CRITICAL, ...
- 69
1
vote
0
answers
100
views
Why is SonarCloud `reportPaths` property not receiving wildcards?
According to the Sonar Cloud Documentation it is possible to use wildcards in the sonar.javascript.lcov.reportPaths following the Test Coverage parameters guideline for wildcards. However, when trying ...
- 241
0
votes
1
answer
82
views
How to run SonarQube analyses in a repository with React and React Native projects?
In my company we use SonarQube, we have one repository with a src folder where we have web, mobile and shared folders, we have one Jest config to run web React tests and another Jest config to run ...
- 1,302
0
votes
0
answers
39
views
Updates are not getting reflecting in the sonar server even after deploying the latest custom sonar
I’m working with a custom Quality Profile for the Natural language in SonarQube. so even after deploying the latest version of the plugin on the quality default profile its showing “Sonar way (...
0
votes
0
answers
91
views
Pull JaCoCo Code Coverage Report from the SonarQube to Be Able to See Code Coverage During PR Review
Environment
Bitbucket Data Center v8.17.0
Bamboo 8.2.9
SonarQube v2025.1.1
Current Setup
Hi Atlassian Community!
I currently have the following workflow implemented:
Create Pull Requests in ...
- 13
0
votes
0
answers
16
views
SonarQube not detecting code duplication between two nearly identical methods
I'm using SonarQube to analyze C# code, and I created two almost identical methods to test if duplication is detected. However, the report does not show any duplication percentage or warning.
Here's ...
0
votes
0
answers
43
views
How to retrieve and modify the Project Name from SonarQube's DevOps Platform Integration via API
I'm working with SonarQube and Azure DevOps integration, and I need to retrieve the Project Name value that appears in the DevOps Platform Integration section for a given project.
I would like to ...
0
votes
0
answers
34
views
Assistance in formatting curl command in Jenkin's pipeline to call SonarQube
In a pipeline (Jenkins Version 2.496) script block;
I have an environment params variable defined with 4 & to pass multiple values;
SET tools_params=mainBranch=%default_branch%^&...
- 161
0
votes
1
answer
79
views
How to test(make sure it comes under Sonar coverage) Catch blocks?
I am new to NUnit(3.4+) and somehow not able to solve the below simple issue :)
I want to make sure the catch blocks are covered in Sonar coverage and for that want to write a Nunit test case. I have ...
- 31
0
votes
0
answers
43
views
Gitlab Merge happening despite update_sonar job failing
I have the following update_sonar job in my CI pipeline:
stage: update_sonar
allow_failure: false
image: sonarscanner:4.7-n14
tags:
- "ocp_l"
script:
- sonar-scanner
-...
- 90
0
votes
0
answers
72
views
Is any way to disable all SonarQube Rules easily in vscode?
In my college the teachers tell us to use sonarQube in eclipse. They only want a few rules actived and in eclipse it's possible to disable all the rules without being one by one. I want to disable all ...
0
votes
0
answers
57
views
SonarQube scanner passing the gitlab commit pipeline but failing the merge
I have the following update_sonar job in my CI pipeline:
stage: update_sonar
allow_failure: false
image: sonarscanner:4.7-n14
tags:
- "ocp_l"
script:
- sonar-scanner
-...
- 90
1
vote
1
answer
82
views
Why does the SonarQube LDAP plugin create a new user instead updating the existing user's email address?
We are using SonarQube 9.9 with LDAP authentication and authorization configured.
Recently, our users received a mass update of email addresses on the LDAP server side (which are Active Directory ...
- 1,152
0
votes
0
answers
29
views
Sonar code coverage with both Unit and Integration test inclusion
We have a multimodule project which has 4 module
All IntegrationTest cases are written in a separate module which has no source code only src/test/java folder.
All UnitTest are written in other 2 ...
-1
votes
3
answers
1k
views
How to merge lcov.info files to make a consolidated coverage report?
I have two projects (actually, a project and its sidecar) in the same repository - the server (root) and aux/sidecar (at aux/sidecar folder). I generate coverage for them using jest --coverage calls, ...
- 2,847
0
votes
0
answers
66
views
Is sonar.projectKey security sensitive?
I'm responsible for reviewing some code delivered privately that may get published openly (e.g. in a public Github repository). We've seen deliveries in the past that included unambiguously sensitive ...
- 38.4k
1
vote
0
answers
52
views
BUGS disappeared in sonarqube after I create a new branch
SonarQube Server Version: 9.9
Deployed way: Docker
Refer to the following pictures, there are some bugs in the master branch.
When I create a new branch based on the master and run the sonarqube again,...
- 211
0
votes
0
answers
58
views
Sonar works fine locally but not in Jenkins
I'm in the process of upgrading Angular from 9 to 18. So far it has been fine to get to Angular 14. However, when upgrading to Angular 15 I also had to upgrade Node, which resulted in upgrading sonar ...
1
vote
1
answer
626
views
SonarQube shows 0% coverage with .NET project using GitLab CI/CD Windows runner and Linux container
I'm trying to analyze code coverage in SonarQube for a .NET project using GitLab CI/CD. My setup is:
Windows runner for tests
Linux container for SonarQube analysis
ReportGenerator for coverage ...
- 41
0
votes
0
answers
90
views
How to Disable FindBugs Sensor/Scanning or Fix Unsupported Class File Major Version Error in SonarQube with Java 21?
We recently upgraded our codebase from Java 17 to Java 21. During our Maven build, we use the following Azure pipeline tasks to run SonarQube:
- task: SonarQubePrepare@7
inputs:
SonarQube: '...
- 592
0
votes
0
answers
65
views
Jacoco Report missing while executing mvn clean install command
I'm trying to create a jacoco report on our project The project is in java 17 version and the jacoco-maven-plugin is on version 0.8.8.In the target folder the jacoco.exec file gets created. But the ...
- 1,148
0
votes
1
answer
608
views
VS-Code with Sonar Qube (formerly Sonar Lint) - failure due to node.js
O/S is Linux Mint 21.3 (fully up-to-date)
my IDE is VS-Code 1.98.2 (latest) with various Extensions
Getting Started with C++ using VS-Code as my IDE
I am just getting started on C++ programming using ...
- 9
2
votes
0
answers
88
views
Secret detection does not work with sonarqube community edition 25.3.0 on macos x86_64 for file type ini, config, pem files
I was checking sonarqube community edition 25.3.0 on macos x86_64 and found that secret detection does not work . can someone please clarify if secret detection is available in community edition ? if ...
- 264
1
vote
1
answer
96
views
Sonarqube and Postgres running on Docker throws ‘Create initial schema’ failed and ERROR: relation "active_rule_parameters" already exists Issue
I tried to implement an example of Spring Boot with Postgres through Docker.
After running the command named docker-compose up -d --build, they are all greeen. However, I got the errors in the console ...
-2
votes
1
answer
574
views
Azure DevOps Pull Request SonarQube Quality Gate Stuck in "Waiting" Status
We are using Azure DevOps Services for our CI/CD processes and SonarQube on-prem v24 as our code analysis tool.
We want SonarQube to prioritize the analysis when a Pull Request (PR) is created in ...
- 41
0
votes
0
answers
118
views
How can I set up a CI pipeline in gitlab with sonarqube?
I try to set up a simple CI pipeline in gitlab with sonarqube. I don't know how I can start the sonarqube server inside the CI pipeline and access it.
I tried the following CI pipeline:
image: ...
3
votes
0
answers
214
views
SonarQube code coverage - exclude code not files
I have an Android project that uses Kover to measure code coverage. These results are then sent to SonarQube. This all works fine except that I want some code to be excluded from code coverage.
This ...
- 5,525
0
votes
1
answer
106
views
Jenkins/Sonarqube: Fetch target branch in multibranch pipeline?
I am running a Jenkins a multibranch pipeline with SonarQube scanner. It looks like the scanner requires target branch of the PR to be fetched in order to run the analysis but Jenkins is only fetching ...
- 406
1
vote
0
answers
54
views
AEM as a Cloud Service - SonarQube REACT Code Coverage
Context
We are implementing a hybrid implementation with AEM + REACT using AEM as a Cloud Service. We are having our REACT code coverage in *.tsx files under ui.frontend module.
We have configured &...
- 21
0
votes
0
answers
34
views
Sonar + Devops + PHP - How to analyze projects that doesn’t have a “Build” stage?
How can I analyze a PHP project that doesn’t have a “Build” stage? I have the following pipeline:
trigger:
branches:
include:
- '*'
pool:
vmImage: 'ubuntu-latest'
variables:
# Sonar-...
- 11.5k
0
votes
1
answer
308
views
How to Safely Parameterize Table Names in C# to prevent SQL Injection?
I'm using Dapper in my project and I want to pass table name as a dynamic parameter in the query.
This is my code:
var tableName = GetTableNameDynamically<TEntity>();
using (var builder = new ...
0
votes
1
answer
294
views
org/sonar/batch/bootstrapper/EnvironmentInformation has been compiled by a more recent version of the Java Runtime
I'm trying to integrate SonarQube scanner into a TeamCity build configuration. I have installed the Sonar Runner plugin and set the build step to use scanner version 4.2.0, and run a build with the ...
- 506