SonarQube 9.7.1 - Importing golangci-lint issues is buggy

  • SonarQube 9.7.1 (self-hosted)
  • golangci-lint version 1.50.0

I’m trying to import issues from a XML report file (“checkstyle” format) that golangci-lint produces. The XML report file contains about 250 issues (all tagged as severity=“error”), but in SonarQube there will be only approx. 50-70 issues be shown and the number of issues changes with every analysis run. Sometimes, no golangci-lint issues at all are reported.

The XML report file was produced by scanning our whole codebase, so it will contain issues from a range of different directories and modules.

Hi,

Welcome to the community!

Can you provide your analysis log?

The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.

This guide will help you find them.

 
Ann

Thanks for your quick response, here is the sonar-scanner.log:

sonar-scanner.log (72.9 KB)

In the mean time, I’ve found out why sometimes no linter issues at all were shown in the analysis: The build job that was running the linter was run at the same time as the job that ran sonar-scanner, so sometimes the linter output file was not yet existing when sonar-scanner tried to read it.

I’ve fixed this now, but still the number of golangci-lint issues shown in SonarQube varies from one analysis run to the other and is way too low compared to the total number of issues contained in the golint-out.xml file.

Hi,

Can you characterize the issues that don’t show up? By rule? By file/directory? By something else?

Are other, non-golangci-lint issues reported on the files/directories in question?

 
Ann

Hi Ann,

no characterization possible, it’s totally random.
And yes, other (non-golangci-lint) issues are reported for the files in question.

Thanks,
Markus

Hi Markus,

Thanks for getting back to me. I’ve flagged this for more expert eyes.

 
Ann

Update: I just found out that golangci-lint per default only reports the first 50 issues for each “source” (i.e. rule). And the reported issues change slightly from run to run.

So this issue might not be related to SonarQube, but to the way I’m invoking golangci-lint. I’ll change my config so that there will be no limitation of the number of issues reported and will update this thread here after I found out more.

2 Likes

Confirmed. Issue is not within SonarQube, but due to the way I’m invoking golangci-lint.

By using these settings within .golangci.yml it’s now working as it should (number of issues reported by golangci-lint stays constant after successive runs of sonar-scanner):

output:
  format: checkstyle
  uniq-by-line: true
  sort-results: true

issues:
  max-issues-per-linter: 0
1 Like

Hi,

Thanks so much for this followup & detail! I know it will help others in the future.

 
Ann

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.