Most external issues not importing

SonarQube Server / Community Build
1

System Information:

  • Using SonarQube Developer Edition v9.9.5 (build 90363) / SonarScanner 5.0.1.3006
  • Both SonarQube and the scanner are deployed via docker

Summary:
I am trying to import eslint errors into a sonar scan analysis to prevent commits with lint errors from being merged. I have created an eslint formatter and configured the scanner to include the issues reported by eslint (largely following this tutorial). The generated eslint report: sonarqube_lint_report.json includes 12 issues, however only one is presented in the report in the SonarQube UI:

2005×1956 284 KB

In the scanner debug logs (3.4 MB) I can see that the scanner finds and imports the 12 issues:

03:50:03.361 INFO: Sensor Import external issues report
03:50:03.361 DEBUG: Importing issues from 'sonarqube_lint_report.json'
03:50:03.375 INFO: Imported 12 issues in 11 files
03:50:03.375 INFO: Sensor Import external issues report (done) | time=14ms

I have noticed that if I introduce other errors into files in the eslint/formatters/ directory, they are presented in the SonarQube UI. However, none of the errors in other directories seem to show up. I am quite at a loss, any guidance is greatly appreciated.

2

Hey there.

It looks like you’re analyzing a pull request in SonarQube. Pull requests will only show issues on changed lines of files. Are these 11 other issues, perhaps on files/lines, not changed in this PR?

3

Colin,

Appreciate the quick response! I can confirm several of the issues identified in the eslint json report are on changed files, in fact several of the files are entirely new:

sonar_pull_request
sonar_pull_request1920×1027 138 KB

How does the analyzer determine if the file/line is changed… is it as compared to the target branch? Does anywhere in the log identify what it sees as changed?

Thanks again!

4

I think based on your comment that it may have to do with how I am mounting in the source code into the sonar-scanner container. We have a large monorepo, this vue project being only one of the several applications in the repo. I am mounting the vue directory directly into the sonar-scanner container and so the .git directory (which is one level up) is not mounted in. Does that sound like it would cause an issue with change detection?

5

Yes – definitely that would have an impact!

In the upper right of this screenshot, it shows that your PR has 3 warnings. I’d bet one (if not multiple) are related to this lack of SCM data.

However, typically the behavior would present itself as everything appearing as new, not fewer things appearing as new. :thinking:

Would be great to know what those 3 errors are – and you may just want to try mounting the .git folder to see if that knocks the detection of new code into place.

6

Thanks for the reply! Yes indeed this was the issue. After changing how I was mounting in the project to include the .git directory I now see eslint reported errors for changed files in the scan results:

image
image1650×1367 476 KB

The one remaining warning is due to my running Node.js 22 whereas 16 or 18 are recommended. Thank you for your help.

1 Like