Hi,
My Sonar scan spends a lot of time analyzing code with Spotbugs rules but I cannot view the results in SonarQube. Where do I view the Spotbugs warnings in SonarQube interface ?
As long as I cannot view them, I’d rather disable the Spotbugs rules, but how ?
SonarQube Version 9.9 (build 65466)
Thanks,
Colin
January 22, 2024, 12:47pm
2
Hey there.
I suggest raising an issue with the maintainer of the spotbugs pplugin – GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube
Hi,
The plugin seems to work fine, it does the analysis and generates files like ./.scannerwork/path/to/project/findbugs-result.xml.
My issue is, Sonarqube does not show the results anywhere, or it is just that I can’t find them.sonar.findbugs.reportpaths but that seems to be used to provide reports that are already generated by the build, for Sonar to re-use.
When I look into the “Issues” tab, it seems that it only shows typical Sonar warnings, not Spotbugs.
Thanks,
Hi,
The issue is I’m using an outdated version of Sonar Scanner which runs Spotbugs analysis although there are no Spotbugs rules in the Quality Profile.
opened 10:29AM - 30 Mar 17 UTC
closed 11:24PM - 01 Jun 17 UTC
bug
I feel that issue #37 is still present as I am running an analysis on my project… with:
- sonarqube 5.6.6
- Findbugs 3.4.4
- SonarJava 4.6.0.8784
I am using sonar way as my quality profile which does not appear to contain any findbugs rule.
My logs are showing:
09:24:38 INFO: Quality profile for java: Sonar way
09:24:38 INFO: Quality profile for jproperties: SonarQube Way
and I still see:
09:24:43 INFO: PMD configuration: /home/jenkins2/workspace/IWS_VE-src-ant@2/.sonar/IWS-src_IWS_IBM_Report/pmd.xml
09:24:44 INFO: Execute PMD 5.4.2 done: 1492 ms
09:24:44 INFO: Sensor PmdSensor (done) | time=1502ms
09:24:44 INFO: Sensor CheckstyleSensor
09:24:44 INFO: Execute Checkstyle 7.3...
09:24:44 INFO: Checkstyle configuration: /home/jenkins2/workspace/IWS_VE-src-ant@2/.sonar/IWS-src_IWS_IBM_Report/checkstyle.xml
09:24:44 INFO: Checkstyle charset: UTF-8
09:24:45 INFO: Execute Checkstyle 7.3 done: 1034 ms
09:24:45 INFO: Sensor CheckstyleSensor (done) | time=1042ms
09:24:45 INFO: Sensor SCM Sensor
09:24:45 INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
09:24:45 INFO: Sensor SCM Sensor (done) | time=0ms
09:24:45 INFO: Sensor Embedded CSS Analyzer Sensor
09:24:45 INFO: 0 source files to be analyzed
09:24:45 INFO: Sensor Embedded CSS Analyzer Sensor (done) | time=291ms
09:24:45 INFO: Sensor Java Properties Squid Sensor
09:24:45 INFO: 6 source files to be analyzed
09:24:45 INFO: 0/0 source files have been analyzed
09:24:46 INFO: Sensor Java Properties Squid Sensor (done) | time=142ms
09:24:46 INFO: 6/6 source files have been analyzed
**09:24:46 INFO: Sensor FindBugs Sensor
09:24:47 WARN: Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your project.**
I am using modules in my project, so I am not sure if that can be related?
Regards,