No code coverage on .js files

OS Windows 2012R2
SonarQube version 8.9.0.43852
SonarScanner version 4.6.2.2472-windows
Plugins: sonar-coldfusion-plugin-2.0.0 and sonar-eslint-plugin-0.4.0
Node.JS version 14.17.0
Database Oracle

Trying to scan a ColdFusion application with a few JavaScript files. It looks like (from the screen output) that the .JS files were scanned, but SonarQube tells me that there is zero coverage of the .JS files.

Not a developer, just a Windows SysAdmin tasked with running Sonar, so forgive my unfamiliarity with the product and terminology.

Have tried several things I found on the Community and the Web (at least the ones I could understand) such as adding recommended modules using npm.

D:\SonarQube>npm install -g eslint
D:\Users\lyndon.p.nelson.am\AppData\Roaming\npm\eslint -> D:\Users\lyndon.p.nelson.am\AppData\Roaming\npm\node_modules\eslint\bin\eslint.js
+ eslint@7.27.0
added 118 packages from 68 contributors in 26.256s

Of course I didn’t write down everything I tried, cause this last item will really fix it and then I will document it (chastises self).

Here is the command I am running:

sonar-scanner.bat -D"sonar.projectKey=EngineManagement" -D"sonar.sources=." -D"sonar.host.url=http://172.30.84.40:9000" -D"sonar.login=loginKey"

The complete output of the SonarScanner command window (in debug mode) is HUGE, 7800+ lines, can’t post it in this window. Here are sections that seem pertinant to me:

INFO: Scanner configuration file: D:\SonarScanners\sonar-scanner-4.6.2.2472-windows\bin\..\conf\sonar-scanner.properties
INFO: Project root configuration file: NONE
14:50:25.914 INFO: SonarScanner 4.6.2.2472
14:50:25.918 INFO: Java 11.0.11 AdoptOpenJDK (64-bit)
14:50:25.919 INFO: Windows Server 2012 R2 6.3 amd64
14:50:26.096 DEBUG: keyStore is : 
14:50:26.096 DEBUG: keyStore type is : pkcs12
14:50:26.096 DEBUG: keyStore provider is : 
14:50:26.097 DEBUG: init keystore
14:50:26.097 DEBUG: init keymanager of type SunX509
14:50:26.392 DEBUG: Create: D:\Users\lyndon.p.nelson.am\.sonar\cache
14:50:26.394 INFO: User cache: D:\Users\lyndon.p.nelson.am\.sonar\cache
14:50:26.394 DEBUG: Create: D:\Users\lyndon.p.nelson.am\.sonar\cache\_tmp
14:50:26.399 DEBUG: Extract sonar-scanner-api-batch in temp...
14:50:26.406 DEBUG: Get bootstrap index...
14:50:26.407 DEBUG: Download: http://172.30.84.40:9000/batch/index
14:50:26.464 DEBUG: Get bootstrap completed
14:50:26.470 DEBUG: Create isolated classloader...
14:50:26.481 DEBUG: Start temp cleaning...
14:50:26.486 DEBUG: Temp cleaning done
14:50:26.487 INFO: Scanner configuration file: D:\SonarScanners\sonar-scanner-4.6.2.2472-windows\bin\..\conf\sonar-scanner.properties
14:50:26.488 INFO: Project root configuration file: NONE
14:50:26.489 DEBUG: Execution getVersion
14:50:26.507 INFO: Analyzing on SonarQube server 8.9.0
14:50:26.507 INFO: Default locale: "en_US", source code encoding: "windows-1252" (analysis is platform dependent)
14:50:26.508 DEBUG: Work directory: D:\SonarSW2Scan\engmgmt\.scannerwork
14:50:26.510 DEBUG: Execution execute
14:50:26.827 DEBUG: Community 8.9.0.43852
14:50:27.031 INFO: Load global settings
14:50:27.091 DEBUG: GET 200 http://172.30.84.40:9000/api/settings/values.protobuf | time=59ms
14:50:27.145 INFO: Load global settings (done) | time=114ms
14:50:27.150 INFO: Server id: E55B5A33-AXnJbUQNJtu35h8tp5Br
14:50:27.153 INFO: User cache: D:\Users\lyndon.p.nelson.am\.sonar\cache
14:50:27.158 INFO: Load/download plugins
14:50:27.158 INFO: Load plugins index
14:50:27.173 DEBUG: GET 200 http://172.30.84.40:9000/api/plugins/installed | time=15ms
14:50:27.217 INFO: Load plugins index (done) | time=59ms
14:50:27.310 INFO: Load/download plugins (done) | time=152ms
14:50:27.392 DEBUG: Plugins:
14:50:27.393 DEBUG:   * Python Code Quality and Security 3.4.1.8066 (python)
14:50:27.393 DEBUG:   * CSS Code Quality and Security 1.4.2.2002 (cssfamily)
14:50:27.393 DEBUG:   * Go Code Quality and Security 1.8.3.2219 (go)
14:50:27.393 DEBUG:   * JaCoCo 1.1.1.1157 (jacoco)
14:50:27.394 DEBUG:   * Kotlin Code Quality and Security 1.8.3.2219 (kotlin)
14:50:27.394 DEBUG:   * JavaScript/TypeScript Code Quality and Security 7.4.2.15501 (javascript)
14:50:27.394 DEBUG:   * Ruby Code Quality and Security 1.8.3.2219 (ruby)
14:50:27.394 DEBUG:   * Scala Code Quality and Security 1.8.3.2219 (sonarscala)
14:50:27.394 DEBUG:   * C# Code Quality and Security 8.22.0.31243 (csharp)
14:50:27.395 DEBUG:   * Java Code Quality and Security 6.15.1.26025 (java)
14:50:27.395 DEBUG:   * HTML Code Quality and Security 3.4.0.2754 (web)
14:50:27.395 DEBUG:   * Flex Code Quality and Security 2.6.1.2564 (flex)
14:50:27.395 DEBUG:   * XML Code Quality and Security 2.2.0.2973 (xml)
14:50:27.395 DEBUG:   * PHP Code Quality and Security 3.17.0.7439 (php)
14:50:27.396 DEBUG:   * VB.NET Code Quality and Security 8.22.0.31243 (vbnet)
14:50:27.396 DEBUG:   * ColdFusion 2.0.0 (coldfusion)
14:50:27.396 DEBUG:   * ESLint 0.4.0 (eslintplugin)
14:50:27.862 INFO: Process project properties
14:50:27.872 INFO: Process project properties (done) | time=11ms
14:50:27.873 INFO: Execute project builders
14:50:27.874 DEBUG: Execute project builder: org.sonar.plugins.csharp.CSharpGlobalProtobufFileProcessor
14:50:27.875 DEBUG: Execute project builder: org.sonar.plugins.vbnet.VbNetGlobalProtobufFileProcessor
14:50:27.876 INFO: Execute project builders (done) | time=3ms
14:50:27.883 INFO: Project key: EngineManagement
14:50:27.884 INFO: Base dir: D:\SonarSW2Scan\engmgmt
14:50:27.890 INFO: Working dir: D:\SonarSW2Scan\engmgmt\.scannerwork
14:50:27.890 DEBUG: Project global encoding: windows-1252, default locale: en_US
14:50:27.894 DEBUG: Creating module hierarchy
14:50:27.894 DEBUG:   Init module 'EngineManagement'
14:50:27.896 DEBUG:     Base dir: D:\SonarSW2Scan\engmgmt
14:50:27.896 DEBUG:     Working dir: D:\SonarSW2Scan\engmgmt\.scannerwork
14:50:27.896 DEBUG:     Module global encoding: windows-1252, default locale: en_US
14:50:33.343 INFO: Load project settings for component key: 'EngineManagement'
14:50:33.371 DEBUG: GET 200 http://172.30.84.40:9000/api/settings/values.protobuf?component=EngineManagement | time=27ms
14:50:33.372 INFO: Load project settings for component key: 'EngineManagement' (done) | time=29ms
14:50:33.400 DEBUG: Available languages:
14:50:33.400 DEBUG:   * Python => "py"
14:50:33.400 DEBUG:   * CSS => "css"
14:50:33.401 DEBUG:   * Go => "go"
14:50:33.401 DEBUG:   * Kotlin => "kotlin"
14:50:33.401 DEBUG:   * JavaScript => "js"
14:50:33.401 DEBUG:   * TypeScript => "ts"
14:50:33.401 DEBUG:   * Ruby => "ruby"
14:50:33.401 DEBUG:   * Scala => "scala"
14:50:33.401 DEBUG:   * C# => "cs"
14:50:33.402 DEBUG:   * Java => "java"
14:50:33.402 DEBUG:   * HTML => "web"
14:50:33.402 DEBUG:   * JSP => "jsp"
14:50:33.402 DEBUG:   * Flex => "flex"
14:50:33.402 DEBUG:   * XML => "xml"
14:50:33.402 DEBUG:   * PHP => "php"
14:50:33.403 DEBUG:   * VB.NET => "vbnet"
14:50:33.403 DEBUG:   * ColdFusion => "cf"
14:50:33.413 INFO: Load quality profiles
14:50:33.489 DEBUG: GET 200 http://172.30.84.40:9000/api/qualityprofiles/search.protobuf?project=EngineManagement | time=75ms
14:50:33.505 INFO: Load quality profiles (done) | time=92ms
...
14:50:35.194 DEBUG: Declared extensions of language JavaScript were converted to sonar.lang.patterns.js : **/*.js,**/*.jsx,**/*.mjs,**/*.vue
...
14:50:35.592 DEBUG: File [file:///D:/SonarSW2Scan/engmgmt/includes/jquery/js/jquery-3.4.1.min.js] looks like a minified file and will not be analyzed
14:50:35.593 DEBUG: 'includes/jquery/js/jquery-3.4.1.min.js' excluded by org.sonar.plugins.javascript.JavaScriptExclusionsFileFilter
14:50:35.664 DEBUG: 'includes/jquery/js/jquery-ui-1.12.1.js' generated metadata with charset 'windows-1252'
14:50:35.681 DEBUG: 'includes\jquery\js\jquery-ui-1.12.1.js' indexed with language 'js'
14:50:35.684 DEBUG: 'includes/restrictForms.js' generated metadata with charset 'windows-1252'
14:50:35.685 DEBUG: 'includes\restrictForms.js' indexed with language 'js'
14:50:35.688 DEBUG: 'includes/sessionTimeout.js' generated metadata with charset 'windows-1252'
14:50:35.688 DEBUG: 'includes\sessionTimeout.js' indexed with language 'js'
14:50:35.691 DEBUG: 'includes/validateAuthTxt.js' generated metadata with charset 'windows-1252'
14:50:35.692 DEBUG: 'includes\validateAuthTxt.js' indexed with language 'js'
...
14:50:36.929 DEBUG: 'JavaScript/TypeScript Coverage' skipped because one of the required properties is missing
14:50:36.929 DEBUG: 'Import of ESLint issues' skipped because one of the required properties is missing
14:50:36.929 DEBUG: 'Import of TSLint issues' skipped because one of the required properties is missing
...
14:50:36.941 DEBUG: Sensors : CSS Metrics -> CSS Rules -> JaCoCo XML Report Importer -> JavaScript analysis -> TypeScript analysis -> C# Project Type Information -> C# Properties -> JavaXmlSensor -> HTML -> XML Sensor -> VB.NET Project Type Information -> VB.NET Properties -> com.stepstone.sonar.plugin.coldfusion.ColdFusionSensor -> Linting sensor for Javascript files
...
14:51:15.673 DEBUG: Starting server
14:51:15.681 DEBUG: Using default Node.js executable: 'node'.
14:51:15.681 DEBUG: Checking Node.js version
14:51:15.683 DEBUG: Launching command node -v
14:51:15.848 DEBUG: Using Node.js v14.17.0.
14:51:15.848 DEBUG: Starting Node.js process to start eslint-bridge server at port 51018
14:51:15.848 DEBUG: Launching command node D:\SonarSW2Scan\engmgmt\.scannerwork\.sonartmp\eslint-bridge-bundle\package\bin\server 51018 127.0.0.1 D:\SonarSW2Scan\engmgmt\.scannerwork true false 
14:51:19.059 DEBUG: starting eslint-bridge server at port 51018
14:51:19.075 DEBUG: eslint-bridge server is running at port 51018
14:51:19.229 DEBUG: Starting server (done) | time=3556ms
14:51:19.245 DEBUG: Using generated tsconfig.json file D:\SonarSW2Scan\engmgmt\.scannerwork\.sonartmp\10196442200771728019.tmp
14:51:19.248 INFO: 4 source files to be analyzed
14:51:19.270 DEBUG: initializing linter with
14:51:23.575 INFO: 4/4 source files have been analyzed
14:51:23.575 INFO: Sensor JavaScript analysis [javascript] (done) | time=34572ms
14:51:23.575 INFO: Sensor TypeScript analysis [javascript]
14:51:23.577 DEBUG: eslint-bridge server is up, no need to start.
14:51:23.583 DEBUG: initializing linter with no-commented-code,sonar-no-fallthrough,no-inverted-boolean-check,non-existent-operator,new-operator-misuse,no-small-switch,file-uploads,prefer-for-of,xml-parser-xxe,default-param-last,sql-queries,no-global-this,no-array-delete,dns-prefetching,no-alphabetical-sort,arguments-order,certificate-transparency,no-unsafe-finally,prefer-while,no-sequences,void-use,no-octal,no-ip-forward,no-hardcoded-ip,comma-or-logical-or-case,conditional-indentation,label-position,no-use-of-empty-return-value,session-regeneration,no-associative-arrays,super-invocation,no-weak-keys,confidential-information-logging,no-try-promise,weak-ssl,no-useless-increment,no-throw-literal,pseudo-random,no-same-line-conditional,no-redundant-optional,no-identical-functions,cookie-no-httponly,no-element-overwrite,no-equals-in-for-termination,no-sparse-arrays,post-message,constructor-for-side-effects,no-redundant-jump,no-redeclare,no-duplicate-imports,no-unthrown-error,no-globals-shadowing,unverified-hostname,prefer-namespace-keyword,no-collection-size-mischeck,unverified-certificate,no-empty-collection,disabled-auto-escaping,hashing,for-loop-increment-sign,no-accessor-field-mismatch,cors,insecure-cookie,no-unused-collection,no-invariant-returns,no-return-await,no-case-label-in-switch,no-unnecessary-type-assertion,no-nested-conditional,os-command,insecure-jwt-token,no-dead-store,prefer-type-guard,use-type-alias,no-misleading-array-reverse,no-redundant-assignments,no-in-misuse,no-parameter-reassignment,no-all-duplicated-branches,no-identical-conditions,no-weak-cipher,no-delete-var,encryption-secure-mode,no-useless-intersection,updated-loop-counter,no-empty-function,max-switch-cases,no-extra-semi,no-unsafe-negation,deprecation,misplaced-loop-counter,production-debug,no-one-iteration-loop,no-undefined-argument,csrf,no-multi-str,cognitive-complexity,no-labels,function-inside-loop,use-isnan,no-nested-template-literals,no-shadow,no-duplicate-in-composite,generator-without-yield,no-ignored-return,no-caller,no-duplicated-branches,no-redundant-parentheses,no-unenclosed-multiline-block,call-argument-line,bitwise-operators,class-name,code-eval,no-identical-expressions,prefer-immediate-return,no-redundant-boolean,no-unreachable,content-security-policy,no-useless-catch,prefer-promise-shorthand,x-powered-by,no-intrusive-permissions,disabled-resource-integrity,unused-import,file-permissions,publicly-writable-directories,no-nested-assignment,index-of-compare-to-positive-number,no-unsafe-unzip,file-name-differ-from-class,no-primitive-wrappers,todo-tag,strict-transport-security,prefer-default-last,no-mime-sniff,no-gratuitous-expressions,no-empty-pattern,no-referrer-policy,no-self-assign,no-mixed-content,no-misused-new,no-invalid-await,frame-ancestors,no-hardcoded-credentials,fixme-tag,content-length,no-clear-text-protocols,no-empty,max-params,hidden-files,no-unused-expressions
14:51:23.885 INFO: Found 0 tsconfig.json file(s): []
14:51:23.889 DEBUG: Using generated tsconfig.json file D:\SonarSW2Scan\engmgmt\.scannerwork\.sonartmp\6750512151958305023.tmp
14:51:23.901 INFO: 0 source files to be analyzed
14:51:23.901 INFO: 0/0 source files have been analyzed
14:51:23.901 INFO: Sensor TypeScript analysis [javascript] (done) | time=326ms
...
14:51:56.350 INFO: Sensor com.stepstone.sonar.plugin.coldfusion.ColdFusionSensor [coldfusion] (done) | time=32071ms
14:51:56.350 INFO: Sensor Linting sensor for Javascript files [eslintplugin]
14:51:56.351 DEBUG: Found sonar.eslint.eslintpath Lint path to be 'D:\Users\lyndon.p.nelson.am\AppData\Roaming\npm\node_modules\eslint\bin'
14:51:56.351 DEBUG: #1 Trying to resolve path in D:\Users\lyndon.p.nelson.am\AppData\Roaming\npm\node_modules\eslint\bin
14:51:56.352 DEBUG: EsLint Absolute path is Optional[D:\Users\lyndon.p.nelson.am\AppData\Roaming\npm\node_modules\eslint\bin]
14:51:56.352 DEBUG: Found sonar.eslint.eslintconfigpath Lint path to be '.eslintrc.js'
14:51:56.353 DEBUG: #1 Trying to resolve path in .eslintrc.js
14:51:56.353 DEBUG: #2 Trying to resolve path in D:\SonarSW2Scan\engmgmt\.eslintrc.js
14:51:56.354 DEBUG: EsLint Absolute path is Optional.empty
14:51:56.354 DEBUG: #1 Trying to resolve path in .eslintrc
14:51:56.354 DEBUG: #2 Trying to resolve path in D:\SonarSW2Scan\engmgmt\.eslintrc
14:51:56.354 DEBUG: #1 Trying to resolve path in .eslintrc.js
14:51:56.354 DEBUG: #2 Trying to resolve path in D:\SonarSW2Scan\engmgmt\.eslintrc.js
14:51:56.355 DEBUG: #1 Trying to resolve path in .eslintrc.json
14:51:56.355 DEBUG: #2 Trying to resolve path in D:\SonarSW2Scan\engmgmt\.eslintrc.json
14:51:56.355 DEBUG: #1 Trying to resolve path in .eslintrc.yaml
14:51:56.355 DEBUG: #2 Trying to resolve path in D:\SonarSW2Scan\engmgmt\.eslintrc.yaml
14:51:56.355 DEBUG: #1 Trying to resolve path in .eslintrc.yml
14:51:56.355 DEBUG: #2 Trying to resolve path in D:\SonarSW2Scan\engmgmt\.eslintrc.yml
14:51:56.357 DEBUG: Path sonar.eslint.eslintrulesdir not specified
14:51:56.358 DEBUG: Path sonar.eslint.eslintrulesdir not specified, falling back to null
14:51:56.358 WARN: Path to .eslintrc.* configuration file either not defined or not found - Skipping eslint analysis.
14:51:56.358 INFO: Sensor Linting sensor for Javascript files [eslintplugin] (done) | time=8ms
...
14:51:56.494 INFO: CPD Executor Calculating CPD for 4 files
14:51:56.494 DEBUG: Detection of duplications for D:/SonarSW2Scan/engmgmt/includes/restrictForms.js
14:51:56.507 DEBUG: Detection of duplications for D:/SonarSW2Scan/engmgmt/includes/validateAuthTxt.js
14:51:56.508 DEBUG: Detection of duplications for D:/SonarSW2Scan/engmgmt/includes/jquery/js/jquery-ui-1.12.1.js
14:51:56.566 DEBUG: Detection of duplications for D:/SonarSW2Scan/engmgmt/includes/sessionTimeout.js
14:51:56.567 INFO: CPD Executor CPD calculation finished (done) | time=73ms
...
14:51:57.519 INFO: Analysis report generated in 865ms, dir size=3 MB
14:52:10.430 INFO: Analysis report compressed in 12910ms, zip size=1 MB
14:52:10.430 DEBUG: Upload report
14:52:10.592 DEBUG: POST 200 http://172.30.84.40:9000/api/ce/submit?projectKey=EngineManagement | time=160ms
14:52:10.594 INFO: Analysis report uploaded in 164ms
14:52:10.597 DEBUG: Report metadata written to D:\SonarSW2Scan\engmgmt\.scannerwork\report-task.txt
14:52:10.597 INFO: ANALYSIS SUCCESSFUL, you can browse http://172.30.84.40:9000/dashboard?id=EngineManagement
14:52:10.597 INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
14:52:10.597 INFO: More about the report processing at http://172.30.84.40:9000/api/ce/task?id=AXn8atV5vxMSTuEmthy2
14:52:10.600 DEBUG: Post-jobs : 
14:52:11.193 DEBUG: eslint-bridge server will shutdown
14:52:24.815 DEBUG: stylelint-bridge server will shutdown
14:52:29.893 INFO: Analysis total time: 2:02.468 s
14:52:29.898 INFO: ------------------------------------------------------------------------
14:52:29.898 INFO: EXECUTION SUCCESS
14:52:29.898 INFO: ------------------------------------------------------------------------
14:52:29.899 INFO: Total time: 2:04.053s
14:52:29.984 INFO: Final Memory: 13M/108M
14:52:29.984 INFO: ------------------------------------------------------------------------

I know it has to be something simple, but my unfamiliarity is preventing me from either seeing the problem, or understanding how to fix it. Appreciate any help you can provide.

Hello, thanks for your question!

The SonarQube scanner won’t automatically run the tests / generate the coverage report for the analyzed application.

You’ll want to make sure that JS tests (if any) are run before you actually run the scanner, and that their execution generates a coverage report in one of the supported formats (e.g LCOV) - see the documentation about importing coverage data in SonarQube.

Thanks for the reply and taking the time to help out a noob.

I should clarify that we are NOT looking to write our own tests which is what the programs mentioned for JavaScript in your link seem to provide. We are looking to run ‘prepackaged’ vulnerability scans against the JavaScript files, such as CFLint for ColdFusion files, and the MSBuild SonarScanner to check our .NET code. And I should also mention that this is a ColdFusion application with a couple standalone JavaScript files, NOT a Node.JS package.

Are you aware of anything like that for JavaScript?

Hello, thank you for the additional details.

I feel some confusion around what tests are, so let’s first clarify a bit of vocabulary here:

  • Automated tests - tests for short - are code that developers write to check that their production code works as expected
  • Test coverage - or coverage for short - is a measure of what production code is covered by automated tests

So, if you don’t have tests for JavaScript - if the developers don’t write tests for those - then it’s expected that the coverage is 0.

Please note that this does not prevent the JavaScript code from being analyzed. As far as I can tell, you should see issues in the .Net and JavaScript code (raised by our own analyzers) as well as in the ColdFusion code (contributed by the ColdFusion plugin).