Sonar 8.9 unknown files when analyze with MAVEN

Ivan_Andres_Valdivie · September 28, 2022, 5:34pm

Hi,

I analyze with maven and I developed my own tool to detect vulnerabilities and this export a proper file for sonar.externalIssuesReportPaths but when analyze with none doenst have a problem but with maven is the problem I see unknown files. This is the message:

13:48:28 [INFO] Imported 0 issues in 0 files 13:48:28 [INFO] External issues ignored for 7 unknown files, including: deploy/file.sh, deploy/newsh_sh, deploy/backup/deploy_dev/deploy_dev.sh, deploy/backup/deploy_dev-v3/deploy_dev.sh, deploy/deploy.sh

I don’t know if a I need a new parameter.

Thank very much

Colin · September 29, 2022, 10:58am

Hey there.

You would need to make sure that these files are indexed by the Maven scanner.

You can update <sonar.sources> in your pom.xml to include other directories (it defaults to src/main/java). You can include multiple, comma separated directories.

Ivan_Andres_Valdivie · September 29, 2022, 2:33pm

Thank very much for your response, with sonar.source:deploy read this sh files but doesnt like the break lines.
Example:


set +e
		
		docker rm -f regapi-frontend
		
		docker rmi $(docker images -q -f "reference=regapi-frontend")
		
		set -e

I don’t know if I need put a special encoding for this error, this file is sh.

Thanks for your time

Colin · September 30, 2022, 9:03am

I’m sorry, I don’t understand your question,