Thymeleaf templates are not indexed : you may want to add “src/main/resources” in the scanned files

andye2004 · September 8, 2020, 3:35am

The following issue is being reported in SonarCloud:

Some thymeleaf templates are not indexed : you may want to add “src/main/resources” in the scanned files of this project to detect java XSS vulnerabilities

We are using Azure DevOps with the SonarCloudPrepare and SonarCloudPublish tasks and can’t see anywhere where we would configure the scanner to include the resources folder. Can anyone hep with this please?

Thanks, Andy.

andye2004 · September 10, 2020, 2:41am

Anyone?

andye2004 · September 10, 2020, 11:49am

Resolved myself.For anyone else simply add:-

<sonar.sources>src/main/java,src/main/resources/templates</sonar.sources>

to your POM.

Alexandre_Gigleux · September 11, 2020, 6:28am

Hello,

For reference, here is the entry related to your question in the SonarCloud’s documentation: https://sonarcloud.io/documentation/analysis/languages/java/#analysing-jsp-and-thymeleaf-for-xss-vulnerabilities

Alex

kistlers · January 21, 2022, 12:19pm

@Alexandre_Gigleux That link does exist anymore. Is that the new link: Java | SonarCloud Docs ?

Colin · January 21, 2022, 1:54pm

Hey @kistlers

Yes, that’s the new link.

system · January 28, 2022, 1:55pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.