Hi,
My Sonar scan spends a lot of time analyzing code with Spotbugs rules but I cannot view the results in SonarQube. Where do I view the Spotbugs warnings in SonarQube interface ?
As long as I cannot view them, I’d rather disable the Spotbugs rules, but how ?
SonarQube Version 9.9 (build 65466)
Thanks,
Nicolas.
Colin
(Colin)
January 22, 2024, 12:47pm
2
Hey there.
I suggest raising an issue with the maintainer of the spotbugs pplugin – GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube
Hi,
The plugin seems to work fine, it does the analysis and generates files like ./.scannerwork/path/to/project/findbugs-result.xml
.
My issue is, Sonarqube does not show the results anywhere, or it is just that I can’t find them.
I noticed a property sonar.findbugs.reportpaths
but that seems to be used to provide reports that are already generated by the build, for Sonar to re-use.
When I look into the “Issues” tab, it seems that it only shows typical Sonar warnings, not Spotbugs.
So where do I view the Spotbugs warnings in SonarQube interface ?
Thanks,
Nicolas.
Hi,
The issue is I’m using an outdated version of Sonar Scanner which runs Spotbugs analysis although there are no Spotbugs rules in the Quality Profile.
opened 10:29AM - 30 Mar 17 UTC
closed 11:24PM - 01 Jun 17 UTC
bug
I feel that issue #37 is still present as I am running an analysis on my project… with:
- sonarqube 5.6.6
- Findbugs 3.4.4
- SonarJava 4.6.0.8784
I am using sonar way as my quality profile which does not appear to contain any findbugs rule.
My logs are showing:
09:24:38 INFO: Quality profile for java: Sonar way
09:24:38 INFO: Quality profile for jproperties: SonarQube Way
and I still see:
09:24:43 INFO: PMD configuration: /home/jenkins2/workspace/IWS_VE-src-ant@2/.sonar/IWS-src_IWS_IBM_Report/pmd.xml
09:24:44 INFO: Execute PMD 5.4.2 done: 1492 ms
09:24:44 INFO: Sensor PmdSensor (done) | time=1502ms
09:24:44 INFO: Sensor CheckstyleSensor
09:24:44 INFO: Execute Checkstyle 7.3...
09:24:44 INFO: Checkstyle configuration: /home/jenkins2/workspace/IWS_VE-src-ant@2/.sonar/IWS-src_IWS_IBM_Report/checkstyle.xml
09:24:44 INFO: Checkstyle charset: UTF-8
09:24:45 INFO: Execute Checkstyle 7.3 done: 1034 ms
09:24:45 INFO: Sensor CheckstyleSensor (done) | time=1042ms
09:24:45 INFO: Sensor SCM Sensor
09:24:45 INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
09:24:45 INFO: Sensor SCM Sensor (done) | time=0ms
09:24:45 INFO: Sensor Embedded CSS Analyzer Sensor
09:24:45 INFO: 0 source files to be analyzed
09:24:45 INFO: Sensor Embedded CSS Analyzer Sensor (done) | time=291ms
09:24:45 INFO: Sensor Java Properties Squid Sensor
09:24:45 INFO: 6 source files to be analyzed
09:24:45 INFO: 0/0 source files have been analyzed
09:24:46 INFO: Sensor Java Properties Squid Sensor (done) | time=142ms
09:24:46 INFO: 6/6 source files have been analyzed
**09:24:46 INFO: Sensor FindBugs Sensor
09:24:47 WARN: Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your project.**
I am using modules in my project, so I am not sure if that can be related?
Regards,
Nicolas.