Bitbucket Pipe - Rules version

zaq42 · February 14, 2025, 8:29am

We use the pipe in a step of our Bitbucket (Cloud) Pipelines

        script:
        - echo Running SonarCloud scan...
        - pipe: sonarsource/sonarcloud-scan:3.1.0
          variables:  
            EXTRA_ARGS: "-Dproject.settings=ci/sonar-scanner.properties"

3.1.0 is the newest available version of this pipe. It runs

  SonarScanner CLI 6.2.1.4610
  Java 17.0.12 Amazon.com Inc. (64-bit)
  Linux 6.1.79 amd64

sonar-scanner-cli is up to 7.0.1.4817, but 6.2.1.4610 was current until mid-Jan 25.

However, we are seeing False Positives for S1848 in CDK code, as reported in S1848: CDK new object… false positive

That issue was resolved in SonarJS 10.12 in Feb24.

Is there a way to trace which version of a rule is used in this pipe?
Does SonarJS feed into sonar-scanner-cli? If not, how should this false positive be addressed? (where should I raise a similar issue?)

Colin · February 17, 2025, 9:13am

Hey there!

There’s no correlation between scanner version and rules – the rules are “downloaded” from SonarQube Cloud on each analysis.

So if you’re facing a specific FP, please report it here!

Topic		Replies	Views
False positive issues related to lombok in bitbucket sonarcloud scan Report False-positive / False-negative... java , bitbucketcloud , sonarqube-cloud	1	70	July 12, 2024
Pipe: sonarsource/sonarcloud-scan:1.4.0, but sonar still using 1.2.0 SonarQube Cloud scanner , bitbucket , bitbucketcloud , sonarqube-cloud	6	1950	September 22, 2022
BitBucket Pipe - Docker 20 upgrade SonarQube Cloud	2	419	June 24, 2021
I have created a bitbucket pipeline for one of my repository but the analysis always failed with ERROR SonarQube Cloud scanner	14	2888	August 10, 2021
SonarCloud sonar-scan bitbucket pipe 1.4.0 uses deprecated Java 11 SonarQube Cloud scanner , bitbucket , sonarqube-cloud	10	2321	August 21, 2023

Bitbucket Pipe - Rules version

Related topics