Its working well with Sonar rules but am not understanding how to configure external analyzers. My Gradle build can run SpotBugs and Checkstyle which find some issues. I am then passing these XML reports to Sonar which looking at the logs seems to read them. However then when I go to the web interface I don’t see the issues?
I kind of suspect this is to do with the sonarcloud.io rules which don’t seem to include spotbugs and checkstyle?
Looking at the Gradle debug logs it appears Sonar is reading the files.
I am a bit confused though about passing these properties when sonar is run locally vs setting them on sonarcloud.io interface (Administration > General > External Analysers)?
Thanks for the logs. I also ran ./gradlew sonarqube --debug to understand the problem.
build/reports/checkstyle/main.xml and build/reports/checkstyle/test.xml
Those files contain only analyzed file paths but Checkstyle finds no issue, so you should probably change Checkstyle configuration to match what you expect to find
build/reports/spotbugs/main.xml and build/reports/spotbugs/test.xml
Here we have some problems in the gradle debug logs:
2020-02-10T18:19:25.370+0100 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Unexpected empty 'BugCollection/BugInstance/LongMessage/text()' for bug 'BC_UNCONFIRMED_CAST_OF_RETURN_VALUE'
2020-02-10T18:19:25.370+0100 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Unexpected empty 'BugCollection/BugInstance/LongMessage/text()' for bug 'REC_CATCH_EXCEPTION'
...
SonarJava is able to import issues from SpotBugs only using the xml format with messages (-xml:withMessages). BugInstance xml elements need to have a LongMessage child. So you need to change the gradle configuration to pass this SpotBugs option. One possible solution is to add after your spotbugs configuration in build.gradle:
spotbugs {
ignoreFailures = true // Allow build to continue with errors
effort = "max"
reportLevel = "low" // Report all issues even low priority
}
