I am using Sonar Cube Version 9.4 which is not scanning action script(.as) files of Flex or Apache Royale any more although it scanned earlier with version 9.3 and populated vulnerablities in the code written in action script files but somehow its not working with version 9.4

Anyone can help here?

Hey there.

What are the exact symptoms? Are files not displaying at all in the Code tab of your project? Or are no issues being raised?

I’d encourage checking your scanner logs to see if Flex files are being indexed/analyzed, and if there are any warnings/errors.

INFO: Sensor Flex [flex]
INFO: 2 source files to be analyzed
INFO: 2/2 source files have been analyzed
INFO: Sensor Flex [flex] (done) | time=121ms
INFO: Sensor Flex Cobertura [flex]

A little more back story on top of what Ankit was asking. We actually had a project setup when we used the 8.9LTS. That scan picked up ActionScript, css, js, html in the scanned directory. This was tested under the community docker image a number of years ago and validated when we started using the developer license. When we thought we were going to abandon the code a while back we deleted the project.

We upgraded to 9.4 several weeks back to take advantage of the java 17 code scanning and decided to revisit the ActionScript and now all it finds in the directory is html, xml, js, css. The ActionScript is not found. Looking through the log I see no mention of flex.

The sensors I see are C#, HTML, Text, VB.NET, CSS, Thymeleaf, AWS SAM, JavaSecuritySensor, CSharpSecuritySensor, PhpSecuritySensor, PythinSecuritySensor, JsSecuritySensor.

Looking through the Rules I still see the Flex rules listed. Under the Quality Profiles I still see a profile for Sonar way BUILT-IN. At least from talking to Ankit he is aware of Apache Royale using version 9.3.