Sonarqube not finding bugs , vulnerabilities, hotspots , finding only code smells in xml

Hi team facing issue with developer edition sonarqube 9.6.1. Integartion through GitHub actions. Sonarqube scanning is happening only for code smells in xml. Not finding any bugs vul, hotspots etc. LOC is also showing only for xml file . Any reason for it.

Hello Shreenivasa,

It is really not possible for us to say anything about it without knowing the code. Are you able to share more information?

  • How big is the code base, i.e. how many LOCs does it roughly have?
  • In what language is it written in? Some languages require you to hook the build process, maybe that is missing.
  • Are you expecting to find any problems?

If you could share the logs of a scan that would be swell as well. Maybe it is possible to see in the logs if there is a problem preventing the analyzer from raising issues.

@Hendrik_Buchwald In simple how to scan src/test/java files as src/main/java.

Sonarqube is finding files, its scanning but no LOC is shown in dashboard
from logs

Using ECJ batch to parse 33 Test java source files with batch size 209 KB.

[INFO] Starting batch processing.

The Java analyzer cannot skip unchanged files in this context. A full analysis is performed for all files.

I am not sure. It is really hard to tell without access to the source code. Of course, 2.5 KLOC is very little code and it seems there are also test cases in there from your last message. Many issues are not reported in test cases, so is it a possibility that there is simply nothing to report about?

@Hendrik_Buchwald thanks for the attempt. The solution was to change source code structure from src/test/java to src/main/java with proper dependency defining.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.