Lint Report incomplete (SonarKotlin 1.0.1 Plugin)


(Marco Schmitz) #1

Hi there,

I discovered that the Lint Reports which are generated inside my project does not fit the amount of issues which are found in SonarKotlin.

Okay, I can only upload 1 screenshot, so here is my mixture of both screenshots :wink:

Best Regards,
Marco Schmitz

(Marco Schmitz) #2

So as you can see, the 1st “on SDK version 23…” issue matches the Security -> 1 -> AllowBackup.
The 2nd “App is not indexable by Google Search…” issue matches the Usability -> 1 -> GoogleAppIndexingWarning.

So from my locally generated Lint Report the folllowing points are missing in SonarQube:

  • Performance -> 2 -> ObsoleteSdkInt
  • Performance -> 1 -> UnusedResources
  • Usability:Icons -> 1 -> IconLocation

Marco Schmitz

(Nicolas Bontoux) #3

Hey Marco,

If you look in the AndroidLint XML report in more details (imported by SonarQube), can you cross-check that the files/lines on which other issues are reported, are also analysed and reported in SonarQube ? (pay attention to full filepaths by the way, it’s important they match)

(Marco Schmitz) #4

Hi Nicolas,

thanks for your response. I use the following property, and whith this the Android Lint came to SonarQube (before there were no Android Lint issues at all reported):

project(':app') {
    sonarqube {
        properties {
            property 'sonar.androidLint.reportPaths', 'build/reports/lint-results.xml'

I will attach the lint-results.xml. So as you can see, the lint-results.xml matches the lint-results.html from my screenshot.

lint-results.xml.txt (6.3 KB)

Marco Schmitz

PS: and only to be sure, this is my Gradle call from the CLI:
gradlew lint createDebugCoverageReport jacocoTestReport sonarqube -Dsonar.login=32a05a6ed5e0e5cc84ff864fb41044798e135668

PSS: I installed SonarQube Community Edition Version 7.2.1 locally on my Windows laptop, using the following plugins:

  • SonarKotlin 1.0.1
  • SonarXML 1.5.1
  • Android 1.1

(Marco Schmitz) #5

I added a repository for this:

(Nicolas Bontoux) #6

Hey Marco,

Thanks for sharing this.

Aside from the issues actually imported by SonarQube, I see issues raised on the following locations:

<location file="C:\DEV\workspaces\androidstudio\covermykotlincode\app\src\main\res\drawable-v24"/>
<location file="C:\DEV\workspaces\androidstudio\covermykotlincode\app\src\main\res\mipmap-anydpi-v26"/>
<location file="C:\DEV\workspaces\androidstudio\covermykotlincode\app\src\main\res\drawable\notneeded.jpg"/>
<location file="C:\DEV\workspaces\androidstudio\covermykotlincode\app\src\main\res\drawable\notneeded.jpg"/>

Those are either directories or pictures (.jpg), I’m not sure where you would expect to see them reported in SonarQube ?

Just to clarify: SonarQube will import external issues on the code it actually analyzed. No intent to blindly import data that does not relate to specific code files which were not analyzed.

(Marco Schmitz) #7

Hi Nicolas,

so you are saying, that SonarQube only shows a subset of that what AndroidLint generates?

In my example I added an unused image, yes, these issues lead to larger apps, so Android Lint helps to protect us from that. I think it would be nice to see this in SonarQube as well; well, not as part of the Kotlin code analyser nor as part of the XML code analyser, but maybe as part of some meta analyser?

Best regards,
Marco Schmitz

(Alban Auzeill) #8

Hi Marco,

Yes, SonarQube only shows a subset of what AndroidLint generates. Even if you don’t configure file exclusions on your project, only issues on file with extensions “.xml .java .kt .kts .properties .gradle .cfg .txt” are imported into SonarQube.
I agree, issues on binary files and directories are also valuable. But SonarQube platform ignores issues on directories and does not display well issues on binary files. That’s why, during the import, we intentionally filter them.
So we are open for discussion if you have any solution that could improve your need.

Best regards,
Alban Auzeill

(Marco Schmitz) #9

Hi Alban,

thanks for your explaination.

I traced the missing issues, and they all concern binary files or folder names or stuff like that.

Marco Schmitz