I know that SonarQube can perform code analysis on SQL codes, but I wonder if it provides an inspection function for DB queries written in JPA code.
I usually write a lot of my queries in JPA rather than writing my own DB queries in-house in SQL syntax.
Can SonarQube analyze DB queries written in JAVA JPA code?
I found similar topics like:
Any updates after this?
- SonarQube will analyze valid Java code, but doesn’t have extensive rule sets surrounding JPA specifically (it is aware of it for a few rules)
- JPA is supported in the context of taint analysis (SAST) detecting SQL injections that involve the use of JPA
If there are specific rules that you think would be useful to many developers, you’re welcome to suggest a rule that doesn’t already exist.