sonarqube

问题 I am analyzing quite a large project with Sonar. The first few runs went OK but now I get error. Something to do with timemachine and violation analyzer: java.lang.OutOfMemoryError: GC overhead limit exceeded at org.sonar.plugins.core.timemachine.ViolationTrackingDecorator.mapViolations(ViolationTrackingDecorator.java:131) at org.sonar.plugins.core.timemachine.ViolationTrackingDecorator.decorate(ViolationTrackingDecorator.java:70) I execute Sonar using ANT. Can I increase the java heap size

问题 I recently started using Travis CI and sonarqube in an open source project and have run into a problem with sonarqube-scanner. My Travis CI page can be seen here: https://travis-ci.org/uglyoldbob/decompiler My sonarqube page can be seen here: https://sonarqube.com/overview?id=uglyoldbob_decompiler I'm running sonarqube-scanner on Travis CI it suddenly stopped working with the following error: "ERROR: You're not authorized to execute any SonarQube analysis. Please contact your SonarQube

问题 private void runAsyncImport() { Runnable task = () -> runImport(); new Thread(task).start(); } I am getting sonar issue for the above code, Replace this lambda with a method reference. (sonar.java.source not set. Assuming 8 or greater.) How to fix it 回答1: If your class has a non-static runImport() method, then you can write like this: Runnable task = this::runImport; If the runImport() method is static, then instead of this , write the name of the class, for example if the name of the class

问题 I have a Java project which consists of a couple of modules. I am using Sonar to statically analyse my code. Currently I am using sonar-runner to analyse each of the modules, and they appear as different Projects in the main page of Sonar. I would like to see the main project name on the main page, and, once I will click on it, and than on "Components" - to see all of it's modules as sub-projects - just like it appears here: http://nemo.sonarsource.org/components/index/308832 回答1: No it's not

问题 There is the way to exclude getter and setters from sonar report. Suppose I have 2 "getters": public int getId(){ return this.id; } public int getComplexId(){ int result = 0; // some complex calculation there return result; } It is possible to exclude getId() and include getComplexId() simultaneously? Can Sonar analyze simple return this.id from complex code? 回答1: You can use NOPMD comment to avoid Sonar analysis. public int getId(){ // NOPMD return this.id; } public int getComplexId(){ int

问题 This is an analysis that I have been running for a while. The SCM is Git. I upgraded SonarQube to 5.2 (from http://downloads.sourceforge.net/project/sonar-pkg/deb as I am using Ubuntu LTS 14.04.3) sonar.log now gives: 2015.11.17 10:43:00 ERROR web[o.s.s.c.t.CeWorkerRunnableImpl] Executed task | project=energy:energy | id=AVEVClvzTc_W2Q8I5ipV | time=647ms Through the web interface I tracked down: http://localhost:9000/api/ce/logs?taskId=AVEVClvzTc_W2Q8I5ipV which gave: java.lang

问题 I'm adding SonarQube to existing TFS 2018 builds. I was following the directions for downloading Community Edition 7.4 located here https://docs.sonarqube.org/display/SCAN/Install+the+SonarScanner+for+MSBuild. Going through the steps of the Quick Installation Guide https://docs.sonarqube.org/latest/setup/get-started-2-minutes/ I get to the part where I’m asked to “Execute the Scanner for MSBuild from your computer” using the below commands: SonarScanner.MSBuild.exe begin /k:"{key}" /d:sonar

问题 While trying to cleanup a Sonar instance from unwanted users/permissions it seems that the permissions for the Administrator have been withdrawn. We can no longer see the settings menu item (normally appears next to the Administrators login link), cannot change alerts any more ... I have spent a couple of hours now trying to find out where in the DB these permissions reside and hoping to put them back using some insert statements in the DB. Can someone explain how to put this back? I can

问题 I'm reading through test classes that use Assertj to verify results. Occasionally, I've spotted an assertThat without assertions. assertThat(object.getField()); Is it possible to identify these classes somewhere in the development cycle? My first guess would be to use a custom Sonar rule. Although I don't see how I should define that this method should be followed by an assertion (a method returning void?). 回答1: SonarJava is having the rule S2970 "Assertions should be complete" that can

问题 We have applications that use the Spring framework's NamedParameterJdbcTemplate to execute various JDBC statements. Most of the methods in this class are overloaded. For example, one version of update() accepts a Map, where the keys are bind variable names, values are variable substitutions. Another version accepts a SqlParameterSource, which allows column type information to be supplied as well. I would like to write a rule that flags use of the Map version, because supplying type