I created SonarCloud Integration for my React repository.
My sonar-project.properties file looks like this;
sonar.organization=<org_name>
sonar.projectKey=<project_key>
sonar.projectName=<project_name>
sonar.sources=.
sonar.exclusions=example/**
sonar.language=js
sonar.sourceEncoding=UTF-8
After I completed integration, I saw that SonarCloud is also getting .css files along with .js files, but I don't have any configuration to enable this. I'm only requesting my JS code to be evaluated. And a .css file showing bugs and because of this bug, my quality gate is failing. I couldn't understand why .css files are part of the process.
Is it a default behaviour? Should I exclude .css files as well?
Any help will be highly appreciated, thank you very much.
A similar issue can be found here, and the solution is simple, just exclude every CSS file:
sonar.exclusions = **/*.java
Related
I am currently trying to write a sonarqube plugin which will analyse all the dependency packages from all .csproj files in the directory against a pre-defined list.
However, I cannot get the sonarqube to include the project files to the sensorContext.fileSystem.inputFiles by adding .csproj to sonar.cs.file.suffixes
A roundabout way I did is searching manually for those files using the regular path traversal method but a drawback is I cannot create the issue on the file itself.
I hope that someone know an official way to make this work
my project generates at runtime source code from thrift file. Is there a way to avoid Sonarqube analyzes this source code automatically generated? This because I have some code smell and bug detected by Sonarqube in that generated code I can't modify and correct.
Yes. Excluding the source files or any other files from sonar analysis is possible, by using sonar.exclusions property in your sonar.properties
For example, if your source file generated is xyz.java in some folder say target, so you can exclude the file, like this
sonar.exclusions=**/target/*.java
or you can give the file name directly
sonar.exclusions=**/target/xyz.java
You can find more details here: https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/
I want javascript code present in .aspx file to get analysed with Sonar.
I have installed javascript plugin and checked its not getting analysed.
Please let me know how can javascript code can be analysed if not present in the .js file
You can add .aspx to the list of extensions that the Javascript plugin should analyze, by setting the property sonar.javascript.file.suffixes (either trough the SonarQube UI, or as a parameter to the MSBuild SonarQube Runner using the /d:sonar.javascript.file.suffixes=... syntax).
Note that in SonarQube, a file can be analyzed only by a single language plugin for now. This means that, if you decide to analyze .aspx files with the Javascript plugin, you will not be able to analyze them using the Web or CSS plugins for example.
The code base I am working with has a lot of generated code. In addition, there are also some deprecated files that I would want to exclude from SonarQube analysis. I've read up the documentation and looked at some answers on here about that, but it does not help in my case.
I have a multi-module maven project. So I have multiple projects in my workspace that are all part of a large application. Say I want to exclude this file:
/home/username/workspace/com.mst.rtra.importing.message/bin/com/mst/rtra/importing/message/idl/parse/idlparser.java
I don't really know how to write this in the exclusions settings on SonarQube because of how long the filepath is. Also, what if I want to exclude another file, but from a different module, say :
/home/username/workspace/com.mst.rtra.interpreter.create/
I am confused about I should write this in the exclusions box in project settings. Should I write the absolute file path due to the multi-module nature of this project? Or is there some other convention used?
In addition, if I want to exclude generated files from analysis, I would need to put file:/generated-sources/ as I saw in another answer. However, after analysis, I can still view the analysis results of those files when I open up the project in SonarQube dashboard.
We use ant rather than maven, and an older version of the Sonar ant task at that. But what works for us is setting a sonar.exclusions property in our build.xml, which accepts wildcards for filenames. For example:
<property name="sonar.exclusions" value="**/com/ex/wsdl/asvc/*.java,**/com/ex/wsdl/bsvc/*.java"/>
That skips analyzing all the code generated from a wsdl file for two services. You ought to be able to do something similar for maven.
I wonder if it is possible to specify different languages in the sonar-project.properties file to analyse, for example, both java script and xml, which are in the same folder?
Thanks for your help!
ADDITION
for example, I have the following project structure:
client
pom.xml
|
|-----UI
|-----pom.xml
|
|-----core
|-----pom.xml
In UI folder I have different types of files (js, html, xml) and maven java project in core folder. Can I aim sonar to UI folder so that it will check .js, .html and .xml files in this folder and subfolders recursivly? I tried to specify several languages (separated by comma) for one module, but that had no effect. Thanks!
Yes, this is possible. You can check out the following "web+Javascrip" sample project: https://github.com/SonarSource/sonar-examples/tree/master/projects/languages/multi-language/multi-language-source-files-in-same-directory
Please not that there are some requirements on Sonar and Sonar Runner versions (described in the README file).