Typescript scan setting for gradle plugin needed

SonarQube Server / Community Build
1
  • Sonar scanner for gradle: org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:3.5.0.2730
  • Running in gitlab and reporting to SonarQube Enterprise Edition Version 9.9.1 (build 69595)

I’m trying to run a multi-module scan of a java and angular/typescript application. After much trial and error I finally have scan results for the code locations desired, however, the problem I run into is part of the typescript scan. ts files are recognized but do not show any scan results in my sonarqube project.The gitlab log shows the following:

Shallow clone detected, no blame information will be provided
....

I do not need the blame info, so I’m not put off by that.

I’m having a difficult time finding documentation about how to add typescript scanning when using the gradle plugin. For instance, what should the language setting be?
property “sonar.language”, “typescript”
or
property “sonar.language”, “ts”
or
property “sonar.language”, “js”

I have called the sonar scanner command separately and DID get back typescript scan results, so this appears to be something with the way the gradle plugin inserts settings automagically.

The top level sonar block is defined as:

    sonar {
        properties {
            property "sonar.projectName", "Valid Name"
            property "sonar.qualitygate.wait", true
            property "sonar.sources", "src/main"
            property "sonar.tests", "src/test"
            property "sonar.verbose", true
            property "sonar.log.level", "DEBUG"
        }
    }

The angular app has the following definition:

  sonar {
    properties { 
      property "sonar.language", "ts" // have tried ts,js, javascript also
      property "sonar.sources", "src/app,src/modules"
    }
  }
2

Hey there.

sonar.language is doing nothing – it has not existed for many years. So you can stop fiddling around with that. :slight_smile:

How do you know that the files are recognized but not showing scan results? Screenshots, logs, etc. would be a big help here.

3

I will stop fiddling with language…that’s a start. :slight_smile:

I know the ts files are found because they are shown in the sonarqube ui ‘Code’ tab with 0 bugs, 0 vulnerabilities, 0 code smells, 0 security hotpots, and 0% duplications. The ui is also showing scss and html which DO have occasional findings.

As a separate attempt, I set up a ci/cd step which called sonar-scanner directly (rather than using the gradle plugin) specifically for the angular sub-project. It worked with findings within typescript files (and other frontend file types).

In parallel, I used the sonarlint vscode plugin to look at the same .ts files and it was showing occasional issues where the sonar-scanner found them.

In this way, I think the issue is isolated to the gradle plugin, and most probably configuration of the plugin, but I just cannot come up with the correct recipe. Plugin documentation shows how to arrange sonar {} blocks for multi-module projects, but no specific settings when mixing code languages.

4

In this case, I would suggest running gradle sonarqube -Dsonar.verbose=true --info and see what it specifically has to say about Typescript analysis. Look for logs like this.

Sensor TypeScript analysis [javascript]

Found 0 tsconfig.json file(s): []

No tsconfig.json file found

Skipped 1 file(s) because they were not part of any tsconfig.json (enable debug logs to see the full list)

1 source file to be analyzed

1/1 source file has been analyzed
1 Like
5

This was very helpful, thank you. I had provided the verbose setting in the plugin block, but it does not seem to be honored. When adding the -D… method to the gitlab script, then I started to get a bunch of information in the logs.

The root issue was that I have “non-standard” ts config file names in the repo, ie: “tsconfig.app.json”. The scan did not identify this file, but rather it found a tsconfig.json file in the e2e directory.

My solution was to change the tsconfig.app.json to tsconfig.json and it started working. I saw a couple of other topics around this type of issue, but it was not clear if I could successfully point the scanner to “tsconfig.app.json”. I’ll live with this outcome.

imho, the gradle plugin should have some edge case documentation that explains some of these things, and also, support logging settings which apparently it does not.

Kind thanks!

6

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.