False Negative on Kotlin S1128 using Sonar Scanner Gradle

Backer_Revir · September 15, 2023, 9:16am

Must-share information (formatted with Markdown):

Tool version:
Gradle (Wrapper) 7.6.2, SonarQube 9.9.1, Sonar Scanner Gradle 4.3.1.3277, JDK 17
SonarQube deployed as provided service on Kubernetes
what are you trying to achieve
Sonar Scanner Gradle should detect Kotlin S1128 correctly

Hello guys,
Our team’ve just modularized the project lately, and we found out that the SonarQube report via Sonar Scanner Gradle plugin is overlooking the rule “Unnecessary imports should be removed” in case it’s the import from same project module. The SonarLint detects it alright, even the console log indicates the line with issue, but the final result on SonarQube does not. It makes our code review unreliable and error-prone. I have created a example repository for reproducing this : Example repo

Updated: To be more informative, in our SonarQube we’ve extended builtin “Sonar-way” profile and bump the severity from “Minor” to “Critical”.

Leonardo_Pilastri · September 20, 2023, 12:25pm

Hello Backer,
I was able to reproduce the issue on SQ 9.9. Do you have the ability to update the SonarQube instance provided to you to the latest version? The issue is not present on SQ 10.1 for instance, and I can correctly see both imports being reported.

Let me know if I can help further!

Backer_Revir · September 21, 2023, 1:58am

Hi Leonardo,
Thank you for this verification. Good to know that the issue was comprehended and the fix has been available already. I would show this thread to the provider and tell them to plan upgrading. Have a good day !