Lombok + Logging Rules

Hi team, I am using sonarrqube community 8.9.6.5800 for a java springboot program, and I want to scan log object and method which created by Lombok Annotation Slf4j. I put Lombok in sonar extensions directory and restart SonarQube but failed. The web.log showed plugin key is missing from mainfest. What are the problems with my usage? and how to scan Log Object created by Annotation Slf4j ? A reply would be appreciated!

Hey there.

  • SonarQube v8.9 is an EOL version of SonarQube. You should upgrade, at least to v9.9, as soon as possible.
  • Adding the Lombok dependency to the SonarQube install directory as if you’re installing a plugin doesn’t actually accomplish anything.

Can you describe more about what you’re trying to accomplish? If you’re trying to analyze a Java project, you shouldn’t have to do anything special on top of analyzing source code.

Hi Colin.
Thanks for your replying! I want to scan Logger Object in my code. I checked it is not catching them when logger created with Lombok Slf4j annotation, but sonar can work if the logger was explicitly declared like below code:

public static final org.slf4j.Logger log = LoggerFactory.getLogger(LogExample.class);

log.info("Current object: {}", object.toString()); 
log.info("Current object: " + object); 

In another topic, SonarSourcer Quentin Jaquier said sonar was not supporting the cases where the logger is created by Lombok annotations. Does Sonar is still not supported this case ?

I don’t think anything has changed, but I will ask.

1 Like

Hey there, welcome to our community, and thanks for the report.
Sadly, we still do not have plans to tackle issues caused by the presence of generated code.

Have a nice day!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.