In the sonar cloud page of my multi module gradle project I get this warning:
Some thymeleaf templates are not indexed : you may want to add “src/main/resources” in the scanned files of this project to detect java XSS vulnerabilities.
I have tried to add the folder in both sonar.sources and sonar.inclusions properties with several combination of asterisks but without success.
It seems I can’t make it work.
The project tree structure is the following:
root
|–buildSrc
|–moduleA
|–moduleB
|–src
|–main
|–java
|–resources
|–templates
This is the gradle build script in the root folder:
plugins {
id ("org.sonarqube") version "3.0"
}
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath("org.sonarsource.scanner.gradle","sonarqube-gradle-plugin","3.0")
}
}
sonarqube {
properties {
property("sonar.sourceEncoding", "UTF-8")
property("sonar.projectKey", "mykey")
property("sonar.verbose", "true")
}
}