Hi Go programmers,
We are proud to announce that Go analysis on SonarQube and SonarCloud has gone one step further.
We added 6 new rules:
- S1067 - Expressions should not be too complex
- S1940 - Boolean checks should not be inverted
- S117 - Local variable and function parameter names should comply with a naming convention
- S122 - Statements should be on separate lines
- S4663 - Multi-line comments should not be empty
- S2260 - Track parsing failures
Here are examples of these rules in action:
- S1067 - Expressions should not be too complex
- S1940 - Boolean checks should not be inverted
Adding rules was not enough so we have also improved existing ones:
- S138 (Functions should not have too many lines of code) does not count comment lines
- S107 (Functions should not have too many parameters) now works on anonymous functions.
- S1313 (Using hardcoded IP addresses is security-sensitive) detects hardcoded IPv6 addresses
What’s more, SonarGo is now able to import external issues from golangci-lint. To do so you just need to:
- generate the report in checkstyle format:
golangci-lint run --out-format checkstyle > report.xml - import this report by using the
sonar.go.golangci-lint.reportPathsproperty.
And voila:
Note however that this release also dropped a few rules:
- S1066, S1172 and S1994 because they were raising too many false positives
- S2761, S4524, S1116, S3981 and S1751 because we migrated to a more stable code base and these rules cannot be ported for the time being.
Corresponding issues will automatically disappear after the next scan. Impact on the quality gate will be positive as it reflects less false positives and new real issues. Few valid issues should be lost.
You can enjoy these new features on SonarCloud very soon. For SonarQube we invite you to install SonarGo 1.6.
We welcome all feedbacks.
Cheers,
Nicolas