Can SonarQube show steps leading up to rule violation?

Is SonarQube capable of showing the steps taken that resulted in the issue/rule violation (i.e. which “path” in the code was taken to get to the issue)? For example, the Clang Static Analyzer highlights the lines in the source file where, say, “1. var1 initialized to a null pointer value,” “2. taking false branch,” “3. taking true branch,” … “7. access from var1 results in a null pointer dereference.” Is there a way in SonarQube to find similar info about the steps taken within the code that found the issue(s)?

I am using SonarQube Developer Edition v. 7.2.1, Sonar Scanner v. 4.3.0. Is showing steps something included in newer versions of SonarQube?

Hi,

Welcome to the community!

First, 7.2.1 has a good bit of age on it at this point. You should upgrade to the current LTS, 7.9.3, and then on to the current version, 8.3, at your earliest convenience.

Once you get to a current version you’ll find that SonarQube can show you the steps leading to an issue. The question is whether the rule feeds that data with the issue. You’ll find that some rules feed this data and some don’t. For the ones that don’t it’s either a case of

  • we haven’t gotten there yet
  • we didn’t realize it was needed.

So once you’re on a current version and you encounter an issue that you think needs more context, please do come back and open a new thread to tell us about it.

 
HTH,
Ann

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.