Unable to get bugs and vulnerabilities report in Sonar Qube 7.0

Sonarqube 5.6 and 7.0 tried with jdk 1.8 version. Trying to generate bugs and vulnerabilities report with sonar-scanner-cli-4.5.0.2216-windows using java code alone.

It is generating code smells saying found duplicated blocks of code must be removed. However even if i try adding new bugs and vulnerabilities also it does not show in the generated sonar report. Could some one let me know what all needs to be done from a configuration side to show these bugs and vulnerabilities in the report for java code?

Hi Sudeep,

Welcome to the community!

SonarQube 5.6 and 7.0 are not anymore supported and reached end of life a long time ago. You should first upgrade to a supported version of SonarQube, which is either SonarQube 7.9.4 LTS or SonarQube 8.5.1.

Best regards,
Daniel

Thanks for response Daniel. For our project we are supposed to use only Jdk 1.8…Will SonarQube 7.9.4/8.5.1 supports jdk 1.8? Please confirm as we cannot upgrade jdk to 11 now.

Hi,

Please check in our documentation here and this other Community Post. There is no problem at all if you have projects on Java 8 and SonarQube running on Java 11: this works and all your projects can be analysed.

Cheers,
Daniel

Thanks a lot Daniel…I will install jdk 11 and scan again…Thanks for your quick response.

Hi team facing same issue with developer edition sonarqube 9.6.1. Integartion through gitHub actions. Sinarqube scanning is happening only for code smells. Not finding any bugs vul, hotspots etc. LOC is also showing only for xml file . Any reason for it.