- Sonarqube version: 188.8.131.52709
- FindSecBugs plugin version: 4.1.5
Goal: Import FindSecBugs report files to Sonarqube working on local machine
The problem is that the logs show that the report is being imported
[INFO] Sensor Import of SpotBugs issues [java]
[INFO] Importing /Users/mmardanyan/Documents/SAST-tools-comparison/owasp-benchmark-java/BenchmarkJava/results/findbugs-result.xml
[INFO] Sensor Import of SpotBugs issues [java] (done) | time=450ms
but the issues are not shown in the web console.
I have tried with different directories and different files, all of them with a valid syntax, using different Quality profiles and reading all the logs but I didn’t find any hint on what is the problem
Welcome to the community!
Do you have the FindBugs plugin installed in your SonarQube instance?
And are you also trying to import an externally-generated report?
I don’t know that the two would clash, but generally it’s going to be one or the other. SpotBugs reports are imported natively, so there’s no need for a plugin to do that.
Beyond that, though, the analysis report snippet you’ve shared indicates that the report is imported.
Is it possible that they’re there but you’re not seeing them because of filtering on the Issues page?
Thanks for your quick response. Yes, I had the plugin installed, I removed it and restarted the sonarqube console, but I am getting the same results.
I think the results are not filtered, find attached a screenshot.
The two code smells that can be seen are found by a custom quality profile that only has one rule. The reason is that in this way it is easier to see the imported ones from the external report.
Thanks for the screenshot. I know you can’t prove a negative, but this helps.
So now… can you turn on debug analysis logging so we can see if it says anything else about the import of that report?
Can you take a look at the report contents and make sure the file paths in the report match up with what analysis is seeing in terms of file paths (either relative or absolute)?