Not seeing Android Lint report issues in SonarQube server

SonarQube Server / Community Build
,
1

Hello,

I am using SonarQube server 2025.2. I have been trying to see my Android lint report issues in the SonarQube server UI. I have verified that I am importing the report properly using the property sonar.androidLint.reportPaths, but the issues in the project directory are not showing up. My current understanding is that I need some sort of plugin in order for SonarQube to read the issues in the report and create an issue in SonarQube? Is there an existing plugin that is recommended to do this?

A workaround that we have found is to import the Android lint report using the property sonar.externalIssuesReportPaths in our gradle file and transform the lint report to conform to the Sonar rules and issues object format. This is unideal, so we’re hoping there’s a simple supported solution here?

We had this working when we were on SonarQube Cloud, then we migrated to SonarQube server and believe that broke this behavior.

2

Hi,

Welcome to the community!

Nope. We offer this functionality natively.

Can you share your analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Ann

3

sonarqube_scan_testing-11.log (299.1 KB)

Here is the scanner log!

I am expecting to see this issue in SonarQube

        id="ObsoleteSdkInt"
        severity="Error"
        message="This folder configuration (`v26`) is unnecessary; `minSdkVersion` is 26. Merge all the resources in this folder into `mipmap-anydpi`."
        category="Performance"
        priority="6"
        summary="Obsolete SDK_INT Version Check"
        explanation="This check flags version checks that are not necessary, because the `minSdkVersion` (or surrounding known API level) is already at least as high as the version checked for.

Similarly, it also looks for resources in `-vNN` folders, such as `values-v14` where the version qualifier is less than or equal to the `minSdkVersion`, where the contents should be merged into the best folder.">
        <location
            file="/Users/richard.r.wang/git/pdsw-app-passport-android/app/src/main/res/mipmap-anydpi-v26"/>
    </issue>

and here is the import line from the logs that would include this issue

[2025-06-13T14:51:40.778Z] Importing /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/build/reports/lint-results-debug.xml
[2025-06-13T14:51:40.778Z] Sensor Import of Android Lint issues [kotlin] (done) | time=23ms
4

Hi,

Thanks for the log.

There’s a little more to the Android Lint report processing than you excerpted:

[2025-06-13T14:51:40.778Z] Sensor Import of Android Lint issues [kotlin]
[2025-06-13T14:51:40.778Z] Importing /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/build/reports/lint-results-debug.xml
[2025-06-13T14:51:40.778Z] No input file found for /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/build/generated/source/kapt/devDebug/com/sonos/passport/caching/database/AppDatabase_Impl.java. No android lint issues will be imported on this file.
[2025-06-13T14:51:40.778Z] Sensor Import of Android Lint issues [kotlin] (done) | time=23ms

And then

[2025-06-13T14:51:40.778Z] Sensor Import of Android Lint issues [kotlin]
[2025-06-13T14:51:40.778Z] Importing /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/build/reports/lint-results-debug.xml
[2025-06-13T14:51:40.778Z] No input file found for /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/build/generated/source/kapt/devDebug/com/sonos/passport/caching/database/AppDatabase_Impl.java. No android lint issues will be imported on this file.
[2025-06-13T14:51:40.778Z] Sensor Import of Android Lint issues [kotlin] (done) | time=23ms

Altho the other 5 instances of Android Lint import in the log are unremarkable.

How many files are reflected in the Android Lint report? Is it more than just these two missing files? And how many of them map to the list of files with invalid characters? E.G.:

[2025-06-13T14:50:14.260Z] Invalid character encountered in file /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/src/test/kotlin/com/sonos/passport/contentsdk/extensions/ResourcePresentationExtensionsTests.kt at line 240 for encoding US-ASCII. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
[2025-06-13T14:50:14.261Z] Invalid character encountered in file /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/src/test/kotlin/com/sonos/passport/ui/mainactivity/screens/settings/speechenhancement/viewmodel/SpeechEnhancementMenuViewModelTest.kt at line 161 for encoding US-ASCII. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.
[2025-06-13T14:50:14.261Z] Invalid character encountered in file /home/jenkins/agent/workspace/unit-test_sonarqube_scan_testing/app/src/main/kotlin/com/sonos/passport/ui/mainactivity/screens/settings/alarms/views/AlarmsMenuScreen.kt at line 182 for encoding US-ASCII. Please fix file content or configure the encoding to be used using property 'sonar.sourceEncoding'.

In fact, for the missing Android Lint issues, do their corresponding files show up in SonarQube?

 
Ann

5

Thanks for linking the extra bits there!

The lint report reflects quite a few files 10+. None of the files match the list of files with invalid characters.

I do see the affected files in SonarQube under the code tab.

6

Hi,

Okay, can you add -Dsonar.verbose=true to your analysis command and post that log, redacted as necessary? Maybe that will give us more insight into what’s going on.

 
Thx,
Ann

1 Like
7

Alrighty Ann. Here’s the log with the verbose option set to true.
sonar_2.log (260.8 KB)

8

Hi,

Thanks for the log. Sadly, there’s no further detail.

I’m going to flag this for the team, but it may be a while before they get to it.

 
Ann

1 Like
10

Thanks for taking a look Ann. Is there a general timeline I can expect? Few months? A year? It will help our team determine next steps.

11

Hi,

They’ve been pulled to focus on something specific. I would hope they’re able to look at other things in… a month?

 
Ann

1 Like
13

Hi @richard.w,

I am taking over on this issue.

I have compared the two provided log files and I have the impression that the -Dsonar.verbose=true parameter that @ganncamp suggested was not taken into account due to the --info passed to the ./gradlew command.

Could you please replace --info with --debug and provide new logs?

What I think is happening here is the following:

  • the issue you are expecting to see (ObsoleteSdkInt) is on a resource file (mipmap-anydpi-v26) that has no extension
  • our Android Lint importer only keeps issues on files that are indexed and with one of the following extensions: xml, java, kt, kts, properties, gradle, cfg, txt
  • so the resource file mipmap-anydpi-v26 is skipped with a debug log, that is filtered out by Gradle due to --info

If there is at least a file which:

  1. is indexed (i.e. it appears on SonarQube Server UI)
  2. has one of the extensions listed above

then my hypothesis is incorrect, and we will explore other paths.

Thanks,
Antonio

1 Like
14

Hey there Antonio!

I’ve got the new logs here!

15

Hi @richard.w,

Have you added the --debug parameter to the ./gradlew command?
I cannot see any debug logs in your log file.
When I run locally on a test project, I see logs like:

#############################################################################
   WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING

   Debug level logging will leak security sensitive information!

   For more details, please refer to https://docs.gradle.org/8.13/userguide/logging.html#sec:debug_security in the Gradle documentation.
#############################################################################

… which is an important point, by the way: before sharing debug logs with us, please make sure there is no sensitive information in there.

We can also initiate a private conversation, if you want to share logs privately.

Best regards,
Antonio

16

Let’s do a private conversation and post the results back here?

1 Like
17

Hi @richard.w .

Sure! If you activate the chat functionality in the DM section, I will write you there.

Best regards,
Antonio

18

I’ve searched far and wide on this platform for the DM section, but I haven’t been able to find it. Would you have the steps to access that?

20

I ran another test here and with the allowed extensions I am seeing issues pop up! I believe that was it. Thank you Antonio.

2 Likes
21

Hi @richard.w,

Good to hear it solved your problem!
For the future, we will consider including extension-less files into our analysis, when they are defined under the resource folder. This way, you won’t lose any issue when uploading the AndroidLint issues to SonarQube.

Best regards,
Antonio

23

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.