This is how i set up my Java Gradle project.
build.gradle
src/main/resources/datasource.xml
Analysis is performed via GitHub Actions
In another project, there are some secrets and passwords hardcoded in xml files. I have discovered that SonarCloud has rules for XML files one of those is xml:S2068
But the analysis result does not show issues inside my sample xml file.
is there any additional setup required to get my xml files analyzed?
Hey there.
Have you checked to see if issues have been raised on those files as Security Hotspots in your project?
Thanks. If you can share the project link, can you share a link to the full repo? That would make it easy to debug.
Repository: gatzka-swp/sonar-test (github.com)
SonarCloud Project: Overview - test-server in internalerror SonarCloud
Thanks.
${sourceSets.main.allJava.srcDirs} is being used to populate sonar.sources, and it appears that src/main/resources isn’t a part of that.
You can adjust that source set, or fiddle with sonar.sources.
project(":test-server") {
sonar{
properties{
properties["sonar.sources"] += "src/main/resources/"
}
}
}
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.