Hello, we are working on a spring backed written in kotlin. It appears that there are some java rules that we would like to see flagged in our kotlin files (ie Java static code analysis: "@RequestMapping" methods should not be). Is there a way to configure SonarLint (or SonarQube for that matter) to run java rules on kotlin files?
Thanks!
hello @vrish88,
no this is not possible, Java rules are designed only to analyze Java source code. We have Kotlin analyzer, although, it doesn’t have the rule you are mentioning.
Is there any roadmap for when these rules might also be made available for kotln? Or are there any work arounds we could do to get this functionality?
No plans for that.
The only thing I can think of if those rules are available through detekt linter. Then you can import issues with sonar.kotlin.detekt.reportPaths
But not in SonarLint, since we don’t run external linters.
Yeah this question may not be just applied to SonarLint.
We are using Kotlin to build a spring server application and so are very interested in the java rules that pertain to running a web server. It would be great to have those rules to kotlin because kotlin on the jvm still has those same vulnerabilities.
One thing we were exploring as a work around is using a java decompiler to convert the .class files to .java and then uploading that project to sonarqube. One downside we can see is that line numbers won’t be preserved.
can you give example of the rules you are interested in for Kotlin?
We are interested in the vulnerabilities and hotspots. But I could imagine that most of the java rules would be applicable to Kotlin when it is running on the jvm.
Ok, thanks for the info. We will consider it when thinking about next features for Kotlin analyzer.