SonarQube version 8.5 analyzing Java with SonarWay quality profile
Intelij ultimate 2020.2
When i connect sonarlint to sonarqube server using sonar way for check rules,
in sonarlint i can find 104 issues
in sonarqube server 77 issues,
I found that there were some problems that could not be found in sonarqube with some rules as “throws” declarations should not be superfluous (java:S1130),…
i can find java:S1130 rule is being activated in sonar way profile .
So why ? Please let me know.
Thanks for raising this issue.
I can see an interesting message in one of the issues raised on SonarQube side (near the end of the list):
sonar.java.source not set. Assuming 7 or greater
This makes me wonder: how did you analyze your project ? Did you use the Scanner for Maven or Gradle ? This missing property might explain why you observe a different result between SonarLint and SonarQube. If you run and configure the scanner on your own, please double check that this property is set (you can find details here).
Don’t hesitate to reach out again if needed,
I have tested with maven. but issues not same. so why ? i just connect sonarlint to sonar server to get all rules, but i observe a different result between SonarLint and SonarQube
Thanks for giving us more details.
What you provide is really interesting (this Scanner Context view). Would you mind copying the full logs as text here (you could upload a txt file) ?
In the same time it would be of great help if you were able to send us the logs on the SonarLint side. This way we could compare the 2 sets of properties and see if they differ somehow. Please find here how to activate verbose logs on SonarLint
Thanks for reply.
This is mvn log, sonarqube server scanner-context, sonarlint log.
please check it for me. thanks
Scanner-Context.txt (5.3 KB) sonarlint-log.txt (79.4 KB) sonar-log.txt (6.9 KB)
I don’t see an obvious configuration error.
I noticed something strange though with the issue that is raised on SonarLint (your first screenshot). It talks about
org.codehaus.jackson.JsonParseException. Do you explicitly import that type ?
From what I can see in the dependencies used for SonarLint analysis (in the
sonar.java.libraries property), there are both jackson-core 2.9.8 and jackson-core-asl 1.9.13.
I suspect 1.9.13 is actually a transitive dependency (you don’t import it directly in you pom file). This dependency can be brought by Log4j for example.
What I suspect is that SonarLint is able to find that transitive dependency but the scanner might not, so it wouldn’t detect the issue.
Could you confirm my feeling about that dependency ? It would be useful for us if you could provide your pom file. Or even better a small reproducer project that would help us investigate further.
Hope this helps,
Thanks for taking the time to help us troubleshoot this issue!