Sonar Property sonar.sources not working as expected

SonarQube Server / Community Build
, , ,
1

Hi ,

I am trying to run a sonar scan on my repo as follows.

Versions :

Sonar Version : Server Latest ,

Gradle plugin version : sonarqube-gradle-plugin-4.4.1.3373.jar

Project Structure :

My project is Mixture of Gradle and Ant projects.

* MyProject(main)
  * Apps
  * Myapplication
    * Project1
    * TestProject1(Test only project for Project1)
    * Project2
    * TestProject2(Test only project for project2)
* Build.gradle
* Buid.xml (ant)
  • MyProject-build(main-build) ( This will contain all output binaries and generated code)

Sonar Gradle Task( myProject > build.gradle) :

sonar {
	properties {
		property 'sonar.host.url', 'http://127.0.0.1:9000/'
		property 'sonar.token','squ_e1fa45f732fgassr34rdsfsdsd28c8ece417cecfde7'
		property 'sonar.sources, 'Myapplication/Project1,Myapplication/Project2’
		property 'sonar.projectKey', 'MyProject'
		property 'sonar.projectName', ‘'MyProject'’
		property 'sonar.projectVersion', '2024.1'
		property 'sonar.test.inclusions', "**/*-test\\src\\java*/**"
		property 'sonar.exclusions',"**/*-test\\src\\java*/**"
		property 'sonar.coverage.jacoco.xmlReportPaths', allJacocoXmlPaths.join(',')
		property "sonar.import_unknown_files", 'false'
	}
}

Problem statement:

  1. Sonar.sources property not working as expected.

  • Even after this property is supplied, entire source code is considered for scanning.

  • If the same property is applied from external sample Gradle project, then it considers correct scope,
    but from the actual project it ignores this property completely.

  1. always lots of main-build related warnings occurring.

File ‘someFile.java’ is ignored. It is not located in project basedir C:\Users\abc\work\src1\main

( Note:- if I exclude every thing for scanning property ‘sonar.exclusions’,"**/*” , it still keeps giving this warnings

2

Hi,

I think this is a question of the order of operations.

There’s a brief discussion in the docs of settings precedence.

SonarScanner for Gradle reads many analysis values from your build environment, and I believe what you’ve set in your analysis parameters is being overridden once the scanner reads that data from the environment. Parameters passed on the analysis command line are read last of all, which is why that would work.

So you have a workaround. And I’m going to flag this for team attention, since the current behavior is clearly not what users expect.

 
Ann

1 Like
5

Hello @Manish_Umrania, welcome to the Sonar Community.

Please clarify the following statements so I can help you better:

What do you mean by external sample Gradle project? Can you provide an example of this scenario?

What are the warnings? Could you share them with us?

Where is the ‘someFile.java’ file located? Can you provide a sample project to reproduce this?

Cheers,
Angelo

6

Hi,

  1. External Project, consider any hello world gradle project’s build.gradle file from where we run sonar action with main project’s path supplied as properties.
  2. main-build is the out of repo folder which contains all generated java files. which gives warnings.
    this text “File ‘someFile.java’ is ignored. It is not located in project basedir C:\Users\abc\work\src1\main”
    is the warning.

in sample project it works , but in actual project it gives problems.

7

Hello @Manish_Umrania, unfortunately, I don’t understand your second point and thus I’m unable to reproduce and investigate the issue.

Please provide us with a small project structured and configured according to the scenario that experiences the issue. The more details you can provide the better is.

Cheers,
Angelo