-
What language is this for?
Kotlin -
Which rule?
kotlin:S6624 -
Why do you believe it’s a false-positive/false-negative?
When we are using Redirecting to https://splitties.github.io/refreshVersions versions are not hardcoded inbuild.gradle.kts
, but there is a reference to externalized (usually inversions.properties
) version value. -
Are you using
- SonarCloud?
yes
- SonarCloud?
-
How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)
Enable version management according to Redirecting to https://splitties.github.io/refreshVersions in any kotlin+gradle project with some dependencies, migrate to refreshVersions, then scan with sonar. Each occurrence of dependency with exported version will be reported as violating kotlin:S6624, like e.g.
implementation("io.github.microutils:kotlin-logging-jvm:_")
, where in fact version was declared as variable in versions.properties
using version.io.github.microutils..kotlin-logging-jvm=3.0.5
syntax.