I have a project setup on sonarcloud, and have been able to build my maven multi-module project, and then upload the results to sonarcloud for scanning by using
mvn sonar:sonar
-Dsonar.projectKey=planetf1_egeria
-Dsonar.organization=planetf1-github
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.login=XXXXXX
Recently I wanted to extend our build to run spotbugs (with additional security rules). I’ve done this and now generate many spotbugsXml.xml files which contain these bug finds.
In my sonarcloud configuration I went to administration/external analyzers and add the filepath ‘**/spotbugsXml.xml’ to sonar.java.spotbugs.reportPaths
However after rerunning my sonar script (which I could integrate into maven also) I see the same results as usual - I am unsure where to look for these new findBugs bugs? The xml files from my maven build do contain issues.
I also tried adding ‘-Dsonar.java.spotbugs.reportPaths="**/spotbugsXml.xml"’ to the command above, but it didn’t seem to help.
Am I missing/misunderstanding how this should work