SonarQube doesn't find any xml issue without sonar.sources parameter

DenisPetrov · July 19, 2021, 3:27pm

Hello,

I created custom XPath 1.0 rule via Track breaches of an XPath rule for analyze XML files. All required for analyze XML files contains in src/main/resource folder, whereas java code in src/main/java. When I run code analyze without sonar.sources parameter, SonarQube doesn’t go into src/main/resource folder (I figured it out because I redirected terminal output into file). If I add -Dsonar.sources=src/main/. to analyze command, then all files are parsed and analyzed correctly, but now not all java files are analyzed(figured it out again with terminal output redirection to file).

Details:

SonarQube version 8.9.1.44547
OS = Debian
SonarQube runes in Docker
Java version 1.8
Docker version 20.10.7

May be it’s my fault, thanks for help.

ganncamp · July 20, 2021, 6:48pm

Hi,

Welcome to the community!

I guess you’re using SonarScanner for Maven, right? And so by default (i.e. without the extra sonar.sources parameter) you get the Mavenish, Java-centric behavior: the assumption that all “code” lives under src/main/java and files in src/main/resources are just… well, “resources”.

So you’re getting the expected behavior and you’ve found exactly the right workaround/override. If you wanted, you could switch to the vanilla SonarScanner CLI, but then you’ve have to specify everything manually, so I don’t think it would be worth it.

HTH,
Ann