I’m trying to import issues from a XML report file (“checkstyle” format) that golangci-lint produces. The XML report file contains about 250 issues (all tagged as severity=“error”), but in SonarQube there will be only approx. 50-70 issues be shown and the number of issues changes with every analysis run. Sometimes, no golangci-lint issues at all are reported.
The XML report file was produced by scanning our whole codebase, so it will contain issues from a range of different directories and modules.
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide - redacted as necessary - will include that command as well.
In the mean time, I’ve found out why sometimes no linter issues at all were shown in the analysis: The build job that was running the linter was run at the same time as the job that ran sonar-scanner, so sometimes the linter output file was not yet existing when sonar-scanner tried to read it.
I’ve fixed this now, but still the number of golangci-lint issues shown in SonarQube varies from one analysis run to the other and is way too low compared to the total number of issues contained in the golint-out.xml file.
Update: I just found out that golangci-lint per default only reports the first 50 issues for each “source” (i.e. rule). And the reported issues change slightly from run to run.
So this issue might not be related to SonarQube, but to the way I’m invoking golangci-lint. I’ll change my config so that there will be no limitation of the number of issues reported and will update this thread here after I found out more.
Confirmed. Issue is not within SonarQube, but due to the way I’m invoking golangci-lint.
By using these settings within .golangci.yml it’s now working as it should (number of issues reported by golangci-lint stays constant after successive runs of sonar-scanner):