my project generates at runtime source code from thrift file. Is there a way to avoid Sonarqube analyzes this source code automatically generated? This because I have some code smell and bug detected by Sonarqube in that generated code I can't modify and correct.
Yes. Excluding the source files or any other files from sonar analysis is possible, by using sonar.exclusions property in your sonar.properties
For example, if your source file generated is xyz.java in some folder say target, so you can exclude the file, like this
sonar.exclusions=**/target/*.java
or you can give the file name directly
sonar.exclusions=**/target/xyz.java
You can find more details here: https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/
Related
I am currently trying to write a sonarqube plugin which will analyse all the dependency packages from all .csproj files in the directory against a pre-defined list.
However, I cannot get the sonarqube to include the project files to the sensorContext.fileSystem.inputFiles by adding .csproj to sonar.cs.file.suffixes
A roundabout way I did is searching manually for those files using the regular path traversal method but a drawback is I cannot create the issue on the file itself.
I hope that someone know an official way to make this work
I was trying to scan a java bytecode by following instructions given in this link
Looks like sonar scanner looks for property sonar.source as it is a mandatory property so it gives error... but in this case i don't have source code as i am doing scanning on binaries files.
So i put the sonar.source property in the property file but didn't mention folder name. In this case i am not getting any report out of it however the scan is running fine through scanner. When i looked into the output of the scanner it shows zero files indexed not sure why.
TLDR: if you only have the bytecode, then you can't analyze.
The SonarQube platform analyzes and reports on the quality of source code. For some languages, such as Java, binaries are also used to get a fuller, more precise analysis. But at root, SonarQube is about source code quality.
That's why sonar.sources is a required property: there's no scan without source code. If you're not providing an accurate path to the project's Java source files, then... of course no files are indexed.
The code base I am working with has a lot of generated code. In addition, there are also some deprecated files that I would want to exclude from SonarQube analysis. I've read up the documentation and looked at some answers on here about that, but it does not help in my case.
I have a multi-module maven project. So I have multiple projects in my workspace that are all part of a large application. Say I want to exclude this file:
/home/username/workspace/com.mst.rtra.importing.message/bin/com/mst/rtra/importing/message/idl/parse/idlparser.java
I don't really know how to write this in the exclusions settings on SonarQube because of how long the filepath is. Also, what if I want to exclude another file, but from a different module, say :
/home/username/workspace/com.mst.rtra.interpreter.create/
I am confused about I should write this in the exclusions box in project settings. Should I write the absolute file path due to the multi-module nature of this project? Or is there some other convention used?
In addition, if I want to exclude generated files from analysis, I would need to put file:/generated-sources/ as I saw in another answer. However, after analysis, I can still view the analysis results of those files when I open up the project in SonarQube dashboard.
We use ant rather than maven, and an older version of the Sonar ant task at that. But what works for us is setting a sonar.exclusions property in our build.xml, which accepts wildcards for filenames. For example:
<property name="sonar.exclusions" value="**/com/ex/wsdl/asvc/*.java,**/com/ex/wsdl/bsvc/*.java"/>
That skips analyzing all the code generated from a wsdl file for two services. You ought to be able to do something similar for maven.
i've configured my checkstyle plugin with customized checkstyle.xml and it works fine with the java classes but having a lot of warnings with the xml files can anyone suggest how to disable the check style from any xml file in my application.
thanks in advance.
I can think of two ways to do that:
You could suppress findings from non-Java files. This works very well inside and outside of your IDE.
If you are using Eclipse, you can also configure Eclipse not to feed the non-Java files to Checkstyle. In order to do that, right-click your project and click Checkstyle. Uncheck use simple configuration. Specify a file set using \.java$ as regexp. You will see the list of files in the bottom half of the dialog window change to only Java files.
In earlier versions of Checkstyle, I think I remember that there also was a file name filter in the configuration XML, but I can't seem to find it in the docs now, so maybe that feature is no more.
There is a basedir property at the start of the Checker module in the check style config file. Uncomment it if it is commented.
Set it's value to the folder you want to apply your checkstyle rules to.
E.g. src folder of any eclipse project only contains java files.
<!-- If you set the basedir property below, then all reported file names
will be relative to the specified directory. See http://checkstyle.sourceforge.net/5.x/config.html#Checker -->
<property name="basedir" value="/MyEclipeProject/src"/>
I'd like to generate some resources (JavaHelp search index in this case), but I can't seen to see where those generate files should go to get into the jar. I put them in target/generated-sources, but they are ignored. Should it be target/classes?
/generated-sources directory is used by various tools generating sources (duh!), like xjc or wsdl2java. This directory is later included in the compilation phase.
/target/classes is everything that should be included in the final JAR, which answers your question. Also the contents of /src/main/resources is included, but this directory is typically part of version control and is not meant for generated artifacts.
It turns out that generated-source directories are not automatically included in the jar. However, Intellj assumes there are and treats them as such, hence my confusion.
You need to use the Maven build helper plugin to fix this issue, for example:
https://github.com/alexec/javahelp-skeleton/blob/master/pom.xml