Sonarqube not showing jsp scripts errors


We are using java, find bugs, HTML, CSS, JavaScript profiles to analyze our java application sources. The source contains HTML, CSS, JavaScript, java classes(spring boot). But JSP files only showing the issues in HTML, CSS, JavaScript lines. It seems the scanning hasn’t happened in the JSP scripts which is embed between the <% %> tags.

Sonarqube Version: 8.2 Community

Please guide us to analyze the JSP scripts too in the files.

Thanks in advance,

Hey there.

I can confirm that SonarQube will not analyze the Java code in JSP files and report issues based on the rules in your Java Quality Profile.

:exclamation: JSP files will be analyzed in the context of advanced vulnerability detection in SonarQube v8.3+ for Developer Edition of SonarQube and higher, tracking the flow of data (but not applying any other rules)