Analyze Android Kotlin project thoroughly with detekt/sonar-kotlin

I wanted to give SonarCloud.io a try and tested it with https://github.com/marcinbak/android-sonar-kotlin. Although this project contains a configuration for the detect-plugin, the good ruleset of detekt was not applied on server side.

I think, the reason for this is that SonarCloud runs the official Kotlin plugin, not detekt/sonar-kotlin. I also think that it is not possible to use the detekt/sonar-kotlin in SonarCloud.

So, here are my questions :slight_smile:
a) Are my assumptions correct?
b) Is there a way to have SonarCloud use the results of the improved scanner?
c) Is Kotlin “too new” that the wish to have a decent static code analysis is neglectged?

Best regards,
ceedee

Hi,

Yes, SonarCloud only have analyzer developped by SonarSource. It’s not possible to use third party plugins.

SonarCloud support importing of external issues. So you could run detekt in your CI and import the results so that issues reported by detekt are available in SonarCloud. You can find more details in the documentation.

Sorry for the very late reply!

Can you provide some information on how to perform the analysis locally und just send the results to SonarCloud? The documentation you referenced is not helping much, maybe I’m missing something here.

Hi, you should start by doing your detekt analysis, then running a SonarCloud analysis : https://sonarcloud.io/documentation/analysis/overview/#run-analysis

Once you’re set, then you can try to import issues from Detekt using the previous link : https://sonarcloud.io/documentation/analysis/external-issues/