New milestone for the SonarSource Go analysis engine

Hi Go programmers,

We are proud to announce that Go analysis on SonarQube and SonarCloud has gone one step further.

We added 6 new rules:

  • S1067 - Expressions should not be too complex
  • S1940 - Boolean checks should not be inverted
  • S117 - Local variable and function parameter names should comply with a naming convention
  • S122 - Statements should be on separate lines
  • S4663 - Multi-line comments should not be empty
  • S2260 - Track parsing failures

Here are examples of these rules in action:

Adding rules was not enough so we have also improved existing ones:

  • S138 (Functions should not have too many lines of code) does not count comment lines
  • S107 (Functions should not have too many parameters) now works on anonymous functions.
  • S1313 (Using hardcoded IP addresses is security-sensitive) detects hardcoded IPv6 addresses

What’s more, SonarGo is now able to import external issues from golangci-lint. To do so you just need to:

  • generate the report in checkstyle format:
    golangci-lint run --out-format checkstyle > report.xml
  • import this report by using the sonar.go.golangci-lint.reportPaths property.

And voila:

Note however that this release also dropped a few rules:

  • S1066, S1172 and S1994 because they were raising too many false positives
  • S2761, S4524, S1116, S3981 and S1751 because we migrated to a more stable code base and these rules cannot be ported for the time being.

Corresponding issues will automatically disappear after the next scan. Impact on the quality gate will be positive as it reflects less false positives and new real issues. Few valid issues should be lost.

You can enjoy these new features on SonarCloud very soon. For SonarQube we invite you to install SonarGo 1.6.

We welcome all feedbacks.



EDIT: it’s working perfectly!
The problem was we didn’t have a full scan of master branch with the linter and were expecting to see the errors on a PR that was not touching those lines.

Hi there!

we are tyring integrating external issues from golangci-lint following your instructions above but we don’t see the issues in SonarCloud.

We see though the trace in the logs of the scanner:

INFO: Sensor Import of GolangCI-Lint issues [go]
INFO: Importing /usr/src/lint_report.xml
INFO: Sensor Import of GolangCI-Lint issues [go] (done) | time=35ms

The generated file is an XML containing two errors.

What could be the reason for not seeing the issues in SonarCloud?

A post was split to a new topic: Golangci-lint issues import is not working as expected