Thymeleaf templates are not indexed : you may want to add “src/main/resources” in the scanned files

The following issue is being reported in SonarCloud:

Some thymeleaf templates are not indexed : you may want to add “src/main/resources” in the scanned files of this project to detect java XSS vulnerabilities

We are using Azure DevOps with the SonarCloudPrepare and SonarCloudPublish tasks and can’t see anywhere where we would configure the scanner to include the resources folder. Can anyone hep with this please?

Thanks, Andy.

Anyone?

Resolved myself.For anyone else simply add:-

<sonar.sources>src/main/java,src/main/resources/templates</sonar.sources>

to your POM.

Hello,

For reference, here is the entry related to your question in the SonarCloud’s documentation: https://sonarcloud.io/documentation/analysis/languages/java/#analysing-jsp-and-thymeleaf-for-xss-vulnerabilities

Alex