I am using SonarQube server 2025.2. I have been trying to see my Android lint report issues in the SonarQube server UI. I have verified that I am importing the report properly using the property sonar.androidLint.reportPaths, but the issues in the project directory are not showing up. My current understanding is that I need some sort of plugin in order for SonarQube to read the issues in the report and create an issue in SonarQube? Is there an existing plugin that is recommended to do this?
A workaround that we have found is to import the Android lint report using the property sonar.externalIssuesReportPaths in our gradle file and transform the lint report to conform to the Sonar rules and issues object format. This is unideal, so we’re hoping there’s a simple supported solution here?
We had this working when we were on SonarQube Cloud, then we migrated to SonarQube server and believe that broke this behavior.
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
id="ObsoleteSdkInt"
severity="Error"
message="This folder configuration (`v26`) is unnecessary; `minSdkVersion` is 26. Merge all the resources in this folder into `mipmap-anydpi`."
category="Performance"
priority="6"
summary="Obsolete SDK_INT Version Check"
explanation="This check flags version checks that are not necessary, because the `minSdkVersion` (or surrounding known API level) is already at least as high as the version checked for.

Similarly, it also looks for resources in `-vNN` folders, such as `values-v14` where the version qualifier is less than or equal to the `minSdkVersion`, where the contents should be merged into the best folder.">
<location
file="/Users/richard.r.wang/git/pdsw-app-passport-android/app/src/main/res/mipmap-anydpi-v26"/>
</issue>
and here is the import line from the logs that would include this issue
There’s a little more to the Android Lint report processing than you excerpted:
[2025-06-13T14:51:40.778Z] Sensor Import of Android Lint issues [kotlin]
[2025-06-13T14:51:40.778Z] Importing /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/build/reports/lint-results-debug.xml
[2025-06-13T14:51:40.778Z] No input file found for /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/build/generated/source/kapt/devDebug/com/sonos/passport/caching/database/AppDatabase_Impl.java. No android lint issues will be imported on this file.
[2025-06-13T14:51:40.778Z] Sensor Import of Android Lint issues [kotlin] (done) | time=23ms
And then
[2025-06-13T14:51:40.778Z] Sensor Import of Android Lint issues [kotlin]
[2025-06-13T14:51:40.778Z] Importing /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/build/reports/lint-results-debug.xml
[2025-06-13T14:51:40.778Z] No input file found for /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/build/generated/source/kapt/devDebug/com/sonos/passport/caching/database/AppDatabase_Impl.java. No android lint issues will be imported on this file.
[2025-06-13T14:51:40.778Z] Sensor Import of Android Lint issues [kotlin] (done) | time=23ms
Altho the other 5 instances of Android Lint import in the log are unremarkable.
How many files are reflected in the Android Lint report? Is it more than just these two missing files? And how many of them map to the list of files with invalid characters? E.G.:
[2025-06-13T14:50:14.260Z] Invalid character encountered in file /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/src/test/kotlin/com/sonos/passport/contentsdk/extensions/ResourcePresentationExtensionsTests.kt at line 240 for encoding US-ASCII. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
[2025-06-13T14:50:14.261Z] Invalid character encountered in file /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/src/test/kotlin/com/sonos/passport/ui/mainactivity/screens/settings/speechenhancement/viewmodel/SpeechEnhancementMenuViewModelTest.kt at line 161 for encoding US-ASCII. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
[2025-06-13T14:50:14.261Z] Invalid character encountered in file /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/src/main/kotlin/com/sonos/passport/ui/mainactivity/screens/settings/alarms/views/AlarmsMenuScreen.kt at line 182 for encoding US-ASCII. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
In fact, for the missing Android Lint issues, do their corresponding files show up in SonarQube?
Okay, can you add -Dsonar.verbose=true to your analysis command and post that log, redacted as necessary? Maybe that will give us more insight into what’s going on.
I have compared the two provided log files and I have the impression that the -Dsonar.verbose=true parameter that @ganncamp suggested was not taken into account due to the --info passed to the ./gradlew command.
Could you please replace --info with --debug and provide new logs?
What I think is happening here is the following:
the issue you are expecting to see (ObsoleteSdkInt) is on a resource file (mipmap-anydpi-v26) that has no extension
our Android Lint importer only keeps issues on files that are indexed and with one of the following extensions: xml, java, kt, kts, properties, gradle, cfg, txt
so the resource file mipmap-anydpi-v26 is skipped with a debug log, that is filtered out by Gradle due to --info
If there is at least a file which:
is indexed (i.e. it appears on SonarQube Server UI)
has one of the extensions listed above
then my hypothesis is incorrect, and we will explore other paths.
Have you added the --debug parameter to the ./gradlew command?
I cannot see any debug logs in your log file.
When I run locally on a test project, I see logs like:
#############################################################################
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Debug level logging will leak security sensitive information!
For more details, please refer to https://docs.gradle.org/8.13/userguide/logging.html#sec:debug_security in the Gradle documentation.
#############################################################################
… which is an important point, by the way: before sharing debug logs with us, please make sure there is no sensitive information in there.
We can also initiate a private conversation, if you want to share logs privately.
Good to hear it solved your problem!
For the future, we will consider including extension-less files into our analysis, when they are defined under the resource folder. This way, you won’t lose any issue when uploading the AndroidLint issues to SonarQube.