Hi SonarQube Team,
While verifying the analysis results of SonarQube we observe that rules like uninitialized variables, illegal memory usage (out of bounds array access), resource leaks although supported by SonarQube (as listed here) are not being reported as expected. The code we are trying to analyze is C++ code with the sonar-project.properties file contents as below. Running on enterpise edition evaluation license.
sonar-project.properties
sonar.projectKey=KEY
sonar.projectName=NAME
sonar.projectVersion=1.0
sonar.projectBaseDir=C:\Proteus_VOB
sonar.sources=Proteus\src
sonar.cfamily.build-wrapper-output=sonarscanner
sonar.sourceEncoding=UTF-8
sonar.host.url=http://eval-sonar.XYZ.com:9000/
sonar.login=XXXX
sonar.password=YYYY
sonar.scm.disabled=true
sonar.c.file.suffixes=-
sonar.lang.patterns.cpp
sonar.cpp.file.suffixes=.cpp,.h
sonar.cfamily.cache.enabled=false
sonar.exclusions=**/*.sql

Created a dummy C++ project and purposely added bugs (uninitialized variables, resource leaks, illegal memory access), but none were notified by SonarQube. The following are the screenshots attached for the same. Please let us know if we are missing out something. The C++ code is created in Visual Studio 6 IDE.

Please let me know what am I doing wrong here.

Thank you.

Hello @Priyanka_Pardesi_Ram,

It looks like you are not setting your project correctly.
What is this option sonar.lang.patterns.cpp ?
Can you share the output of the sonar-scanner running in debug mode(you should pass -X flag to sonar-scanner )
I invite you to check and follow the official documentation.