Sonar Observations for JQuery libraries

javascript
sonarqube

(Amol) #1

Hi,

While doing sonar assessment of an application, got lot of observations related to JQuery libraries.

Need your guidance to decide, if we should make changes to these “.js” files since these are baselined releases which are tried and tested.


(Tibor Blenessy) #2

Hello,

no, you should not analyze libraries you are using (unless you are specifically interested to audit them). Usually you would set up sonar.exclusions property to exclude the code of your dependencies.


(Amol) #3

Hi Tibor,

Thanks for the response.

We can exclude the libraries, however will it not leave the bugs/Vulnerabilities/Code Smells open in the application if we do not fix them.


(Amol) #4

Hi All,

Need your inputs on observations fixing for standard files like bootstrap.js, jquery-1.12.0.js


(Janos Gyerik) #5

If you exclude external libraries as recommended, by appropriate settings for sonar.sources and sonar.exclusions, then you should not see any issues from them.