versions used * Community Edition * Version 8.3.1 (build 34397)
For install sonarqube I use command
docker run -d --name sonarqube -p 9000:9000 sonarqube:8.3.1-community
I want that sonarqube search problems in my application on spring Framework. I see that sonar does not find problems with spring.
For example, I repeated the error from rule java:S3306 “Constructor injection should be used instead of field injection”. Sonar did not find it.
After, I repeated the error from rule java:S2230 “Non-public methods should not be @Transactional” and sonar did not find it again.
At the same time, non-spring related errors are found.
Can you please provide a reproducer (code sample) which would reproduce your issues (not reporting any issue)?
Also, can you:
- Make sure the rule is enabled in you quality profile? (By default only rules part of default quality profile are enabled)
- Make sure that the jars related to spring are passed to analysis ? (should be automatic with maven scanner)
I push my code on github
Class CarService contain @Transactional
on not public method
Class CarController contain @Autowired
For run I use command:
mvn sonar:sonar -Dsonar.projectKey=test -Dsonar.host.url=http://localhost:9000 -Dsonar.login=63924255c249a798abb1ae44209e0adb3c2111ba
I use default quality profile and this rules is enabled in him. I check it.
I understand problem with @Transactional. I use javax.transaction.Transactional. But sonar can find problem only if I use org.springframework.transaction.annotation.Transactional. I think it is important Bug.
Also I understand promlem with @Autowired. It is my fault. Rule was deactivated.