sonarqube

问题 Using Java, SonarQube is complaining about switch statements on enum values not having a default: case. The reasoning given is: "The requirement for a final default clause is defensive programming. The clause should either take appropriate action, or contain a suitable comment as to why no action is taken. When the switch covers all current values of an enum - and especially when it doesn't - a default case should still be used because there is no guarantee that the enum won't be extended." I

问题 I am working on a requirement where we need to generate issues reports and export them in excel. The number of issues that are generated in the project exceed the limit of 10,000 records that are allowed by sonarqube API. I want to get all the issues and export them but when I try to get more than 10,000 records I get below response: { "errors": [ { "msg": "Can return only the first 10000 results. 12000th result asked." } ] } This makes sense as the API has a limit to return first 10,000

问题 We are using HashMap in JDK 1.7 and I face some issue during the code review with SonarQube . Please consider below samples: public class SerializationTest implements Serializable { private Map<String,String> test1=new HashMap<>(); //Serializeable private Map<ANEnum,String> test2=new HashMap<>(); //Serializeable private Map<String,ASerializeableObject> test3=new HashMap<>(); //Serializeable private Map<String,Map<String,String>> test4=new HashMap<>(); //Not Serializeable private Map<ANEnum

问题 We are using HashMap in JDK 1.7 and I face some issue during the code review with SonarQube . Please consider below samples: public class SerializationTest implements Serializable { private Map<String,String> test1=new HashMap<>(); //Serializeable private Map<ANEnum,String> test2=new HashMap<>(); //Serializeable private Map<String,ASerializeableObject> test3=new HashMap<>(); //Serializeable private Map<String,Map<String,String>> test4=new HashMap<>(); //Not Serializeable private Map<ANEnum

问题 We are using HashMap in JDK 1.7 and I face some issue during the code review with SonarQube . Please consider below samples: public class SerializationTest implements Serializable { private Map<String,String> test1=new HashMap<>(); //Serializeable private Map<ANEnum,String> test2=new HashMap<>(); //Serializeable private Map<String,ASerializeableObject> test3=new HashMap<>(); //Serializeable private Map<String,Map<String,String>> test4=new HashMap<>(); //Not Serializeable private Map<ANEnum

问题 I am making a development environnement based on Jenkins and Sonar. Both are placed on isolated gears. The Jenkins gear has been created with the Instant App option. The Sonar gear has been created thanks to these github indications. I created a Jenkins free-style job in order to analysis a Maven project. The script used on that job is based on this wordpress article. # Build script of the Job settingsPath=$OPENSHIFT_DATA_DIR/settings.xml settings="<settings>\n <localRepository>$OPENSHIFT

问题 After upgrading to 5.5 version and now the latest (5.6) SonarQube always shows the issues I create through my plugin as "Code Smell". I would like to know more about the categorization and how can I add them as other types ("Vulnerability" and "Bug"). The code where I create the issues is as follows: Issuable issuable = this.resourcePerspectives.as(Issuable.class, inputFile); if (issuable != null) { Issue issue = issuable.newIssueBuilder() .ruleKey(activeRule.ruleKey()) .line(vulnerability

问题 We are using Sonar to review our codebase. There are few violations for Unused private method, Unused private field and Unused local variable. As per my understanding private methods and private fields can be accessed outside of the class only through reflection and Java Native Interface. We are not using JNI in our code base, but using reflection in some places. So what we are planning is to do a complete workspace search for these methods and fields and if these are not used anywhere even

问题 I want to use SonarQube on my project. The project is quite a big and scanning whole files take much time. Is it possible to scan only changed files in the last commit, and provide report based only on changed lines of code? I want to check if added or modified lines make the project quality worst and I don't care about old code. For example, if person A created a file with 9 bugs and then commited changes - the report and quality gate should show 9 bugs. Then person B edited the same file

问题 I need to have relative path as value of SF: parameter in the lcov.info file generated by karma coverage. This is to enable SonarQube to gather the info to display the coverage. Currently, the SF parameter is having complete absolute path , e.g. c:\abc\xyz....\src\bar\foo.js I need to have SF: src\bar\foo.js Is there a way to achieve this? 回答1: Unfortunately it is still impossible out of the box. To fix the issue you can either: use istanbul merged with this request, process the output file