My current setup is as follows:
- ALM used: GitHub
- CI system used: GitHub Actions
- Scanner command used: mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
- Languages of the repository: Vue.JS/TS/JS (frontend), Java (backend)
I have a parent pom which delegates to the frontend pom that specifies the sources and my tsconfig for the frontend (I get a lot of false positives due to it not reading Vue.JS properly or my TS version (3.9.7).
Lots of issues like this:
<big>"<strong>" and "<em>" tags should be used</big>
I’m fine with marking these as false positives and resolving them, but then I find that if I merge that feature branch into my integration branch, they pop up again, and then when I release and push to master the same thing happens.
When I am scanning feature/bugfix branches I am using the following:
mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.branch.name=$branch -Dsonar.branch.target=development
development is my integration branch. When I am scanning this branch I use:
mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.branch.name=development -Dsonar.branch.target=master
And finally when I scan master I use:
mvn verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
Both development & master are long lived branches, the rest are short-lived.
From all my reading this is the way to set it up but for some reason already fixed issues tend to pop up again in future branches. Is there a setting somewhere I have overlooked? Any help would be much appreciated.
Also, if there is a better way to do my scanning or set it up I am all ears. Currently both frontend/backend exist in the same repository hence why I’ve set it up this way but I’m not adverse to maybe changing it if there is benefit in doing so.