The file with secondary location isn't published to sonarqube server

SonarQube Server / Community Build Plugin Development
1 
final NewIssue newIssue = sensorContext.newIssue().forRule(ruleKey);
NewIssueLocation mainLocation = ...
newIssue.at(mainLocation);
NewIssueLocation secondLocation = ...
newIssue.addLocation(location);
newIssue.save();

mainLocation is on json file: fr.json,
secondLocation is on json file: en.json

fr.json is published to sonarqube server, but en.json isn’t.

I tried in both sonarqube 8.9 and sonarqube 9.9, the result is same.

Google told me: you don't need to do anything special to push secondary locations to the SonarQube server. They will be pushed automatically when you submit the analysis., but its evident it is wrong.

=================
I found a workaround way: The API: org.sonar.api.batch.fs.internal.DefaultInputFile#setPublished could declare en.json published. But the API belong to org.sonarsource.sonarqube:sonar-plugin-api-impl.

So my question is: can I use org.sonarsource.sonarqube:sonar-plugin-api-impl as development dependencies, like following (in many examples, its scope is just test)?

        <dependency>
            <groupId>org.sonarsource.sonarqube</groupId>
            <artifactId>sonar-plugin-api-impl</artifactId>
            <version>${sonar.version}</version>
            <scope>provided</scope>
        </dependency>

If not, how can I make en.json published?

4

Hi there @Lu_Taoxxx,

Thank you for the detailed question.

Firstly, SonarQube only scans JSON files in the context of analyzing CloudFormation templates – it does not otherwise scan JSON files.

The only way for SonarQube to support .json files is to find or create a third-party analyzer to be able to scan them - which is what you are already doing :partying_face:

Having said that, according to the documentation (For 9.9):

  • sonar-plugin-api.src.main.java.org.sonar.api.resources.Language#publishAllFiles to define whether the files identified with the language should be automatically published to SonarQube.

So you are almost correct. The way to do it is in your class which implements org.sonar.api.resources.Language, you define a default suffix, and make sure to override publishAllFiles, like so:

import org.sonar.api.resources.Language;

public class JsonLanguage implements Language {
  ...
  ...
  public static final String FILE_SUFFIXES_KEY = "my.plugin.file.suffixes"; // for example
  public static final String DEFAULT_FILE_SUFFIXES = ".json";
  ...
  // other overrides
  ...
  @Override
  public boolean publishAllFiles() {
    return true;
  }
  ...
}

By doing the above, your plugin should be able to pick up your JSON files, and raise issues on primary and secondary locations as it should.

Please let me know if you need any more assistance.

Alain