Importing SpotBugs and Checkstyle issues into

I have had setup for quite awhile now analyzing an open source project

Its working well with Sonar rules but am not understanding how to configure external analyzers. My Gradle build can run SpotBugs and Checkstyle which find some issues. I am then passing these XML reports to Sonar which looking at the logs seems to read them. However then when I go to the web interface I don’t see the issues?

I kind of suspect this is to do with the rules which don’t seem to include spotbugs and checkstyle?

Am I doing something wrong?

Hi @jamesmudd and welcome to the community !

How do you pass the path value to your external issues ? Are you using correct properties described here ?


I think so.I am passing the properties via Gradle see

Looking at the Gradle debug logs it appears Sonar is reading the files.

I am a bit confused though about passing these properties when sonar is run locally vs setting them on interface (Administration > General > External Analysers)?

Hi @jamesmudd,

Could you provide us related logs of your gradlew sonarqube using --info or --debug?
You should have:

INFO Importing build/reports/spotbugs/main.xml
INFO Importing build/reports/spotbugs/test.xml

Find attached the logs. sonar-debug.txt (95.6 KB)

The relevant lines seem to be

2020-02-02T11:13:37.895+0000 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor Import of Checkstyle issues [java]
2020-02-02T11:13:37.897+0000 [INFO] [org.sonarqube.gradle.SonarQubeTask] Importing /home/james/git/jhdf.git/jhdf/build/reports/checkstyle/main.xml
2020-02-02T11:13:37.906+0000 [INFO] [org.sonarqube.gradle.SonarQubeTask] Importing /home/james/git/jhdf.git/jhdf/build/reports/checkstyle/test.xml
2020-02-02T11:13:37.909+0000 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor Import of Checkstyle issues [java] (done) | time=14ms
2020-02-02T11:13:37.909+0000 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor Import of SpotBugs issues [java]
2020-02-02T11:13:37.909+0000 [INFO] [org.sonarqube.gradle.SonarQubeTask] Importing /home/james/git/jhdf.git/jhdf/build/reports/spotbugs/main.xml
2020-02-02T11:13:37.929+0000 [INFO] [org.sonarqube.gradle.SonarQubeTask] Importing /home/james/git/jhdf.git/jhdf/build/reports/spotbugs/test.xml
2020-02-02T11:13:37.942+0000 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor Import of SpotBugs issues [java] (done) | time=33ms

So looks to me like this bit is working?

Hi James,

Thanks for the logs. I also ran ./gradlew sonarqube --debug to understand the problem.

  • build/reports/checkstyle/main.xml and build/reports/checkstyle/test.xml
    Those files contain only analyzed file paths but Checkstyle finds no issue, so you should probably change Checkstyle configuration to match what you expect to find
  • build/reports/spotbugs/main.xml and build/reports/spotbugs/test.xml
    Here we have some problems in the gradle debug logs:
    2020-02-10T18:19:25.370+0100 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Unexpected empty 'BugCollection/BugInstance/LongMessage/text()' for bug 'BC_UNCONFIRMED_CAST_OF_RETURN_VALUE'
    2020-02-10T18:19:25.370+0100 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Unexpected empty 'BugCollection/BugInstance/LongMessage/text()' for bug 'REC_CATCH_EXCEPTION'
    SonarJava is able to import issues from SpotBugs only using the xml format with messages (-xml:withMessages). BugInstance xml elements need to have a LongMessage child. So you need to change the gradle configuration to pass this SpotBugs option. One possible solution is to add after your spotbugs configuration in build.gradle:
    spotbugs {
        ignoreFailures = true // Allow build to continue with errors
        effort = "max"
        reportLevel = "low" // Report all issues even low priority
    A change for SpotBugsTask:
    tasks.withType(com.github.spotbugs.SpotBugsTask) {
        reports {
            xml.withMessages true
    By doing the above change, I was able to see the SpotBugs issues in SonarQube, e.g. on src/main/java/io/jhdf/

Good luck,

1 Like

Yes that’s the fix thanks a lot!