sonarqube

问题 I would like to run SonarQube analysis in a Linux container using their new support for dotnet global tools. I wonder though where is configuration (server URL, user credentials) located in such case? 回答1: This works for me nicely: FROM microsoft/dotnet:2.1.300-sdk RUN apt-get update && apt-get install -y openjdk-8-jre RUN dotnet tool install --global dotnet-sonarscanner --version 4.3.1 COPY SonarQube.Analysis.xml /root/.dotnet/tools/.store/dotnet-sonarscanner/4.3.1/dotnet-sonarscanner/4.3.1

问题 This question already has an answer here : SonarQube - Using wildcards to ignore all xml files (1 answer) Closed 2 years ago . We are using SonarQube version 4.3.2 with our Java project. We want to exclude all javascript files which are currently being analyzed. We tried excluding by using *.js in exclusion list, but it did not work. Please help. 回答1: In your sonar-project.properties , you have two ways to ignore files: sonar.exclusions=the/full/path/*.xml will ignore all .xml files in path .

问题 When I create Angular application, I am using CLI for generating components. After certain time of developing app I have style file for every component but major part of them are empty. When I check sonar I have Code smells in empty style files: Remove this empty stylesheet. Add an empty new line at the end of this file. Should I remove sonar rules or I must delete all empty style files in project and recreating them in next versions of project when I need them for component styling? What are

问题 I would like to categorize SonarQube results by severity 'major'. I have installed SonarQube plugin in intellij community edition(version 14.1.4). When i try to run the sonar Analyze -> Inspect code, The inspection window shows all the issues by rule but does not categorize the issues by major, minor and critical. I would really appreciate if anyone has achieved this using IntelliJ IDEA Community edition. 回答1: According to this open github request, it looks like it used to be there in v1, but

问题 I would like to categorize SonarQube results by severity 'major'. I have installed SonarQube plugin in intellij community edition(version 14.1.4). When i try to run the sonar Analyze -> Inspect code, The inspection window shows all the issues by rule but does not categorize the issues by major, minor and critical. I would really appreciate if anyone has achieved this using IntelliJ IDEA Community edition. 回答1: According to this open github request, it looks like it used to be there in v1, but

问题 While using the sonar runner to analyze the multi module project I frequently get the “Read Timed Out” error. I have Jenkins configured with SonarQube 5.1.1. Our project is kind of web project, we have a couple of sonar plugins for the analysis like web, css, java, findbugs, js, xml and jacoco. If I load the given link "http://172.21.145.84:9000/batch/project?key=webportal&preview=false" from browser it works, but sometimes it takes quite long to load the response data. Can anyone please give

问题 We set a lot of false-positive violations using SonarQube UI. Can you advise how to keep those false-positive violations during upgrade? We are trying to upgrade Sonar from 3.5.1 to 4.0 and it seems that the those false-positive violations were removed. 回答1: One thing you can do is export the list of false positives so that you will at least know what they are and which files/issues they are attached to. I'm not sure how to then import the list, but in the worst case you can just mark

问题 Regarding the announcement of SonarQube integration with MSBuild and Team Build, can anyone advise on the relationship between SonarQube Runner and SonarQube.MSBuild.Runner? I'm unclear whether SonarQube.MSBuild.Runner replaces SonarQube Runner or whether it sits on top of it. 回答1: @Techtwaddle is correct: the MSBuild.Runner invokes the sonar-runner. The MSBuild.Runner v0.9 does the following: fetches configuration settings from the SonarQube server; gathers information during the MSBuild

问题 I have my code as below. I see public MyClass{ private static DataSource dataSource = null; private static DataSource getDataSource(){ if (dataSource == null) { try { dataSource = // something. } catch (Exception e) { // some exception. } } return dataSource; } public List doSomething(){ // ... if(dataSource == null){ dataSource = getDataSource(); } dataSource.getConnection(); // ... } } I see following message in sonar anaylsis. Dodgy - Write to static field from instance method This

问题 Coming across "Sonar version 3.6 is required to perform local analysis" message when try to use Sonar Local Analysis in eclipse. I just installed latest from CodeHaus where the Compatibility Matrix is saying it 3.6+. I am using Eclipse: Juno 4.2, with following plugins installed: Sonar Java Analyser 3.2.0.20130627-1142-RELEASE org.sonar.ide.eclipse.jdt.feature.feature.group SonarSource Sonar m2e Connector 3.2.0.20130627-1142-RELEASE org.sonar.ide.eclipse.m2e.feature.feature.group SonarSource