sonarqube

问题 Should I take this security warning seriously, this warning shows up in every controller https://rules.sonarsource.com/java/RSPEC-4529 when I declare a controller like this @RequestMapping(path = "/profile", method = RequestMethod.GET) public UserProfile getUserProfile(String name) { ... } and this warning shows up in the application class https://rules.sonarsource.com/java/RSPEC-4823 @SpringBootApplication public class Application { public static void main(String[] args) { SpringApplication

问题 I'm trying to run sonar on my Maven 3 project. I am using SonarQube 5.0 with all the latest plugins installed (Java 3.0, Findbugs 3.1, Codecheck 2.2). Additionally, I'm using the latest maven-sonar-plugin to launch. I'm fairly new to sonar, so I am not entirely sure if I need special configuration to get the Sonar scanning to work. I started with the following error: java.lang.ClassFormatError: JVMCFRE074 no Code attribute specified; class=javax/servlet/ServletException, method=<init>()V, pc

问题 we are using SonarQube version 5.6.3 and it is installed on linux server( CentOS release 6.8 ). Even after marking issue as "Won't Fix" manually, the issue seems to get open after another analysis in jenkins ( Jenkins ver. 1.642.3 ) . Out of many engagements (appprox. 100+), One engagement holds its project snapshot from August 2015 to till date. I was thinking of deleting the snapshot, but engagement wants an another alternative. I am not sure what is causing this issue. Does anyone has the

问题 I am scanning a ui project. The source code is in typescript . gulp test-coverage generates .js files (which are then scanned for coverage). (each .ts file gets a .js file right next to it, in the same location) I am pointing the scanner to the lcov.info file as follows: sonar.javascript.lcov.reportPaths=test-coverage/lcov.info The problem : The lcov.info , provides coverage information for .js files For some reason, SonarQube also provides coverage information for the *.ts files (although

问题 I'm trying to configure SonarQube analysis in a github project. I've followed the official travis ci documentation but SonarQube analysis is not performed. I'm getting the following message: "Skipping SonarQube Scan because it is not running in a secure environment" pull request link: https://github.com/zakshya/cronos/pull/4 Full build log: https://s3.amazonaws.com/archive.travis-ci.org/jobs/216125526/log.txt Does some one encountered this problem ? I'm i missing some config ? 回答1: As

问题 I'm new to Sonar, and i was trying to install Sonar 2.8 on my server (Linux 64 on HP-UX) When i tried to launch it (sonar.sh start) i got the following message [myHomeDirectory]/sonar/2.8/bin/linux-x86-64/./wrapper: Execute permission denied. what drives me crazy is that i've putthe whole package on 777 permissions, so i really don't understand what's exactly happening. Can anyone help with this please ? Thanks in advance ! 回答1: I hit a similar issue hence why I came to this post. I was

问题 The following code sample generates a SonarQube warning: Make "field" transient or serializable. public class Test<A extends Serializable> implements Serializable { private static final long serialVersionUID = 1L; private final A field; public Test(A field) { this.field = field; } } Is there any workaround for this? 来源： https://stackoverflow.com/questions/38432990/sonarqube-does-not-recognise-serializable-generic-types

问题 I'm trying to output some test coverage (lcov) reports from istanbul into sonarqube to analyse our test coverage using thoughtworks GO. There is a coverage/html folder being output but sonarqube reports the following error No coverage property. Skip Sensor. Here's my properties file, what am I missing ? sonar.projectKey=transformers.allspark.ui sonar.projectName=Transformers Allspark UI sonar.projectVersion=1.0 sonar.host.url=https://sonarqube-security.test.ctmers.io sonar.sources=. sonar

问题 Currently I'm trying to do a Integration Test + Clover +Sonar I was available to do so (I can see in sonar the total coverage,(IT + Unit testing) together ) The issue is pretty much that the source been upload to sonar are the ones clover generates to do his thing. [INFO] [16:16:57.566] Working dir:/Users/cortiz/dev/company/tmp/profile/server/target/sonar [INFO] [16:16:57.566] Source dirs:/Users/cortiz/dev/company/tmp/profile/server/target/clover/src-instrumented [INFO] [16:16:57.566] Test

问题 I am running SonarQube 5.6.3, I am able to get the output UI. I want the report to be generated as a pdf. Is there any free plugin with features like what the Governance plugin offers? 回答1: As far as I know, no open-source plugin offers this feature. 回答2: Yes there is a free utility that creates a PDF from a web page. Check out wkhtmltox/bin/wkhtmltopdf. We use this for all Sonar dashboard reports. 来源： https://stackoverflow.com/questions/40105752/is-there-a-plugin-equivalent-to-governance