Will the SQL content in the Java file be recognized and analyzed?

Hi Experts,

Mybatis can be used in Java projects to write SQL statements using annotations,
For example, @ select

I want to know if files with the suffix. java can analyze SQL issues or vulnerabilities?
If I want these contents to be analyzed, is it feasible to select the SQL language in the language management module and add files with a suffix of .java?

Hey there.

SonarQube supports a few rules regarding SQL statements embedded in Java files you can find here.

However for full T-SQL analysis, they would need to exist in seperate files (with a .sql extension) and analyzed as such, without any of the Java code.

Hi Colin.

Thank you for your answer. I have no further doubts.