sonarqube

问题 I have a React Js app and I will like to know if the npm packages installed and third-party libraries have vulnerabilities. Thank you. 回答1: Run npm audit. From the docs: Scan your project for vulnerabilities and automatically install any compatible updates to vulnerable dependencies 来源： https://stackoverflow.com/questions/63256685/how-to-check-if-npm-packages-installed-in-the-app-have-vulnerabilities

问题 how to reduce the complexity of the given piece of code? I am getting this error in Sonarqube---> Refactor this method to reduce its Cognitive Complexity from 21 to the 15 allowed. this.deviceDetails = this.data && {...this.data.deviceInfo} || {}; if (this.data && this.data.deviceInfo) { this.getSessionInfo(); // tslint:disable-next-line: no-shadowed-variable const { device, driver, ipAddress, port, active, connectionType } = this.data.deviceInfo; this.deviceDetails = { name: device.name || '

问题 how to reduce the complexity of the given piece of code? I am getting this error in Sonarqube---> Refactor this method to reduce its Cognitive Complexity from 21 to the 15 allowed. this.deviceDetails = this.data && {...this.data.deviceInfo} || {}; if (this.data && this.data.deviceInfo) { this.getSessionInfo(); // tslint:disable-next-line: no-shadowed-variable const { device, driver, ipAddress, port, active, connectionType } = this.data.deviceInfo; this.deviceDetails = { name: device.name || '

问题 We are running SQ analysis in Jenkins builds via sonar-maven-plugin. Everything fine for years. But since some weeks from time to time we have builds which hang infinitely. No progress when (or after) loading global setting or active rules. [20:23:11] [INFO] --- sonar-maven-plugin:3.5.0.1254:sonar (default-cli) @ commons-vaadin --- [20:23:11] [INFO] User cache: /var/jenkins/.sonar/cache [20:23:17] [INFO] SonarQube version: 7.0.0 [20:23:17] [INFO] Default locale: "en_US", source code encoding:

问题 We are running SQ analysis in Jenkins builds via sonar-maven-plugin. Everything fine for years. But since some weeks from time to time we have builds which hang infinitely. No progress when (or after) loading global setting or active rules. [20:23:11] [INFO] --- sonar-maven-plugin:3.5.0.1254:sonar (default-cli) @ commons-vaadin --- [20:23:11] [INFO] User cache: /var/jenkins/.sonar/cache [20:23:17] [INFO] SonarQube version: 7.0.0 [20:23:17] [INFO] Default locale: "en_US", source code encoding:

问题 We are using sonarqube and we love the way it works. we are trying to extend sonarqube to enhance in security aspects also. I tried to find some security plugins for sonarqube 6.x to detect vulnerabilities for Java language. But I couldn't find any plugins. I wonder, if there is any plugins for finding vulnerabilities in sonarqube. So 回答1: The SonarQube 7.2 Developer Edition($) (E.T.A. early June 2018) will include a security rules to detect SQL injection vulnerabilities. 来源： https:/

问题 So, we have a TeamCity project building a C# webapi project using .NET 4.5 which includes a SonarQube analysis. At the end of the analysis, we receive the following exception: [13:41:13][Step 14/16] ERROR: Error during SonarQube Scanner execution [13:41:13][Step 14/16] java.lang.IllegalStateException: Line 65 is out of range in the file App_Start/UnityConfig.cs (lines: 64) What did I already check: UPDATE: Further analysis proves that the error is caused due to dotCover code coverage analysis

问题 if (response != null && response.getBody() != null && response.getStatusCode() == HttpStatus.OK) { return new BigDecimal(response.getBody()); } I am getting possible null pointer dereference due to return value of called method on above code. Can someone please let me know the exact issue and why it's an issue? response.getBody() // returns a string value Thanks in advance! Please let me know if any other details are needed. 回答1: Sonar does not know that the two consecutive calls to getBody()

问题 if (response != null && response.getBody() != null && response.getStatusCode() == HttpStatus.OK) { return new BigDecimal(response.getBody()); } I am getting possible null pointer dereference due to return value of called method on above code. Can someone please let me know the exact issue and why it's an issue? response.getBody() // returns a string value Thanks in advance! Please let me know if any other details are needed. 回答1: Sonar does not know that the two consecutive calls to getBody()

问题 Consider the following code segment... public static UserStatus getEnum(int code) { switch (code) { case 0: return PENDING; case 1: return ACTIVE; case 2: return SUSPENDED; case 3: return DELETED; case 4: return LOGIN_DISABLED; default: return null; } } Now number 3 and 4 in cases(case 3 and case 4) are detected as magic numbers by SONAR. To avoid that issue I changed my code segment as follows... public static UserStatus getEnum(int code) { final int Pending=0; final int Active=1; final int