Upload Spotbugs reports to SonarQube for a Gradle project with Groovy source

Relevent Versions

SonarQube Version: 8.6.0.39681
SonarQube Gradle Plugin Version: 3.0
SpotBugs Gradle Plugin Version: 4.6.0
FindSecBugs (SpotBugs Plugin) Version: 1.7.1
Gradle Wrapper Version: 5.6

Goal

I am trying to generate a SpotBugs report (with FindSecBugs rules enabled) and have the SonarScanner push it to my SonarQube Instance so I can view the found issues.

What I have so far

My project on my instance has the Groovy/Java Quality Profiles set to dummy profiles with no rules. I want to guarantee what I am seeing is coming from the uploaded report

Screen Shot 2021-05-06 at 1.03.24 PM1356×280 13.4 KB

I have tried to include the path to the report in the Project > General Settings > External Analyzers:

Screen Shot 2021-05-06 at 1.06.45 PM2052×688 56.3 KB

I have also tried including the path to the report as a Gradle property, I couldn’t get that to work either.

The report is generating ( I originally tried with XML, but switched to HTML):

My Spotbugs gradle config:

spotbugs {
    ignoreFailures = true
    showStackTraces = false
    maxHeapSize = '1g'
    projectName = 'REDACTED'
    effort = "max"
    reportLevel = "low"
}

spotbugsMain {
    reports {
        html {
            enabled = true
            destination = file("$buildDir/reports/spotbugs/main/spotbugs.html")
            stylesheet = 'fancy-hist.xsl'
        }
    }
}

In the logs produced when running ‘gradlew sonarqube --debug’:

13:13:52.368 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of SpotBugs issues' skipped because there is no related file in current project

Please let me know if I can provide any additional information!

Hi,

Welcome to the community!

I think I’ve spotted the problem in your screenshot of the URL (thanks for that!). It seems that an XML file is expected. You’re providing an HTML-format report, which analysis can’t read, so it just moves on.

 
HTH,
Ann

Hey Ann!

Thanks for the prompt response!

I tried changing the report to XML and referencing the new path in the project settings.

Here is the new report:

Here is the new path:

Screen Shot 2021-05-06 at 2.47.08 PM2134×522 48.8 KB

It is interesting that the description for the property mentions that it should reference an XML file, while the default value references an HTML file

In the Sonar logs, I see the same “Skipping” message as before.

Could you provide a little more of the log around that message?

 
Ann

Certainly!

    14:46:56.874 [INFO] [org.sonarqube.gradle.SonarQubeTask] 0 files ignored because of scm ignore settings
14:46:56.875 [INFO] [org.sonarqube.gradle.SonarQubeTask] Quality profile for grvy: Kurt Test
14:46:56.875 [INFO] [org.sonarqube.gradle.SonarQubeTask] ------------- Run sensors on module REDACTED
14:46:57.031 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load metrics repository
14:46:57.078 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 http://34.228.42.192:9000/api/metrics/search?f=name,description,direction,qualitative,custom&ps=500&p=1 | time=47ms
14:46:57.087 [DEBUG] [okhttp3.internal.concurrent.TaskRunner] Q10000 scheduled after   0 µs: OkHttp ConnectionPool
14:46:57.090 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load metrics repository (done) | time=58ms
14:46:58.531 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'JavaSquidSensor' skipped because there is no related file in current project
14:46:58.532 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import external issues report' skipped because one of the required properties is missing
14:46:58.532 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Python Sensor' skipped because there is no related file in current project
14:46:58.532 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Cobertura Sensor for Python coverage' skipped because there is no related file in current project
14:46:58.532 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'PythonXUnitSensor' skipped because there is no related file in current project
14:46:58.533 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of Pylint issues' skipped because there is no related file in current project
14:46:58.533 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of Bandit issues' skipped because there is no related file in current project
14:46:58.533 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of Flake8 issues' skipped because there is no related file in current project
14:46:58.533 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'CSS Metrics' skipped because there is no related file in current project
14:46:58.534 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of stylelint issues' skipped because there is no related file in current project
14:46:58.534 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Code Quality and Security for Go' skipped because there is no related file in current project
14:46:58.534 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Go Unit Test Report' skipped because there is no related file in current project
14:46:58.534 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Go Cover sensor for Go coverage' skipped because one of the required properties is missing
14:46:58.535 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of go vet issues' skipped because there is no related file in current project
14:46:58.535 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of Golint issues' skipped because there is no related file in current project
14:46:58.535 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of GoMetaLinter issues' skipped because there is no related file in current project
14:46:58.535 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of GolangCI-Lint issues' skipped because there is no related file in current project
14:46:58.535 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Kotlin Sensor' skipped because there is no related file in current project
14:46:58.535 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'KotlinSurefireSensor' skipped because there is no related file in current project
14:46:58.536 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of detekt issues' skipped because there is no related file in current project
14:46:58.536 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of Android Lint issues' skipped because one of the required properties is missing
14:46:58.536 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'JavaScript analysis' skipped because there is no related file in current project
14:46:58.536 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'TypeScript analysis' skipped because there is no related file in current project
14:46:58.537 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'JavaScript/TypeScript Coverage' skipped because there is no related file in current project
14:46:58.537 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of ESLint issues' skipped because one of the required properties is missing
14:46:58.537 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of TSLint issues' skipped because one of the required properties is missing
14:46:58.537 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Ruby Sensor' skipped because there is no related file in current project
14:46:58.538 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of RuboCop issues' skipped because there is no related file in current project
14:46:58.538 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'SimpleCov Sensor for Ruby coverage' skipped because there is no related file in current project
14:46:58.538 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Scala Sensor' skipped because there is no related file in current project
14:46:58.538 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Scoverage sensor for Scala coverage' skipped because there is no related file in current project
14:46:58.539 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of Scalastyle issues' skipped because there is no related file in current project
14:46:58.539 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of Scapegoat issues' skipped because there is no related file in current project
14:46:58.540 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'FindBugs Sensor' skipped because there is no related file in current project
14:46:58.540 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'CodeNarc' skipped because there is no related rule activated in the quality profile
14:46:58.540 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of Checkstyle issues' skipped because there is no related file in current project
14:46:58.541 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of PMD issues' skipped because one of the required properties is missing
14:46:58.541 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Import of SpotBugs issues' skipped because there is no related file in current project
14:46:58.541 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'SurefireSensor' skipped because there is no related file in current project
14:46:58.542 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Removed properties sensor' skipped because there is no related file in current project
14:46:58.542 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'JavaXmlSensor' skipped because one of the required properties is missing
14:46:58.542 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Flex' skipped because there is no related file in current project
14:46:58.543 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Flex Cobertura' skipped because there is no related file in current project
14:46:58.543 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'XML Sensor' skipped because there is no related file in current project
14:46:58.543 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'PHP sensor' skipped because there is no related file in current project
14:46:58.543 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Analyzer for "php.ini" files' skipped because there is no related file in current project
14:46:58.546 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] 'Generic Test Executions Report' skipped because one of the required properties is missing
14:46:58.547 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Sensors : CSS Rules -> JaCoCo XML Report Importer -> C# Properties -> GroovySensor -> GroovySurefireSensor -> Groovy CoberturaSensor -> Groovy JaCoCo Coverage -> HTML -> VB.NET Properties
14:46:58.548 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor CSS Rules [cssfamily]
14:46:58.550 [INFO] [org.sonarqube.gradle.SonarQubeTask] No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
14:46:58.550 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor CSS Rules [cssfamily] (done) | time=2ms
14:46:58.550 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor JaCoCo XML Report Importer [jacoco]
14:46:58.555 [INFO] [org.sonarqube.gradle.SonarQubeTask] 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
14:46:58.556 [INFO] [org.sonarqube.gradle.SonarQubeTask] No report imported, no coverage information will be imported by JaCoCo XML Report Importer
14:46:58.556 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=6ms
14:46:58.556 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor C# Properties [csharp]
14:46:58.557 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] Project 'REDACTED-Hosted': No Roslyn issues reports have been found.
14:46:58.557 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor C# Properties [csharp] (done) | time=1ms
14:46:58.557 [INFO] [org.sonarqube.gradle.SonarQubeTask] Sensor GroovySensor [groovy]
14:46:58.568 [INFO] [org.sonarqube.gradle.SonarQubeTask] Load project repositories
14:46:58.719 [DEBUG] [org.sonarqube.gradle.SonarQubeTask] GET 200 http://34.228.42.192:9000/batch/project.protobuf?key=REDACTED-Hosted | time=150ms
14:46:58.758 [DEBUG] [okhttp3.internal.concurrent.TaskRunner] Q10000 scheduled after   0 µs: OkHttp ConnectionPool
14:46:58.790 [LIFECYCLE] [okhttp3.internal.concurrent.TaskRunner] 
14:46:58.790 [DEBUG] [okhttp3.internal.concurrent.TaskRunner] Q10000 starting              : OkHttp ConnectionPool
14:46:58.791 [DEBUG] [okhttp3.internal.concurrent.TaskRunner] Q10000 run again after 300 s : OkHttp ConnectionPool
14:46:58.791 [DEBUG] [okhttp3.internal.concurrent.TaskRunner] Q10000 finished run in 538 µs: OkHttp ConnectionPool
14:47:00.755 [DEBUG] [org.gradle.process.internal.health.memory.MemoryManager] Emitting OS memory status event {Total: 17179869184, Free: 4656037888}
14:47:00.755 [DEBUG] [org.gradle.launcher.daemon.server.health.LowMemoryDaemonExpirationStrategy] Received memory status update: {Total: 17179869184, Free: 4656037888}
14:47:00.755 [DEBUG] [org.gradle.process.internal.health.memory.MemoryManager] Emitting JVM memory status event {Maximum: 477626368, Committed: 474480640}

This seems significant to me

What language are you analyzing in this project? The JavaSquidSensor should kick in if there are Java files.

 
Ann

This is Groovy project

Spotbugs import is supported for Java. Not Groovy.

 

Ann

That is unfortunate; I thought I could make it work since Spotbugs analyzes the bytecode and the report was XML/HTML.

I don’t see a 2021 roadmap listed on SonarSource’s site: do you know if there are plans to have SonarQube/Cloud 1st party support of Groovy?

Thanks for your help!

I don’t remember seeing that on the list. Sorry.

 

Ann

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.