sonarqube

问题 Sonar shows that me this bug Performance - Method does not presize the allocation of a collection Method mapping(ResponseEntity) does not presize the allocation of a collection Here is the code: private Set<ResponseDTO> mapping(ResponseEntity<String> responseEntity) { final Set<ResponseDTO> result = new HashSet<>(); final JSONObject jsonObject = new JSONObject(responseEntity.getBody()); final JSONArray jsonArray = jsonObject.optJSONArray("issues"); for (int i = 0; i < jsonArray.length(); i++)

问题 SonarQube is just showing a Critical security issue in the very basic Spring Boot application. In the main method. @SpringBootApplication public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } } SonarQube wants me to Make sure that command line arguments are used safely here. I searched this on both StackOverflow and Google, and I am surprised that I couldn't find any single comment about this issue. I am almost sure that there

问题 I want to publish sonarqube with kubernetes. I did successfully with official packages. But i want to use some plugins old version and some custom plugins. In local with docker-compose files, i created a fly-away container that fills the plugins directory(/opt/sonarqube/extensions/plugins) with plugins. And use that volume with sonarqube container. As a conclusion : Sonarqube extensions volume directory is created (or filled) from different container(do the job and die). I want to use the

问题 I am trying to use SonarQube for static code analysis for my organization. All our C# projects already have StyleCop enabled which has helped us a lot in terms of code readability. Now we want to utilize SonarQube for static code analysis. I successfully hosted the SonarQube server locally following the guidelines provided here. I am able to run the analysis successfully and generate the sonarqube report when there are no warning-suppressions in the code. ISSUE: Sonarqube does not consider in

问题 Is there any possibility to configure SonarQube 5.1 with Checkstyle plugin to honor the @SuppressWarnings("deprecation") annotation. I do not want to turn off 'Avoid use of deprecated methods' rule, I just want to SonarQube honor the @SuppressWarnings annotation. I have a Java code in which I need to use deprecated createValidator() method as following: @SuppressWarnings("deprecation") @Override public javax.xml.bind.Validator createValidator() throws JAXBException { return contextDelegate

问题 I have the following piece of code in my program and I am running SonarQube 5 for code quality check on it after integrating it with Maven. I am facing this error Make this "public static processStatus" field final. Make this "public static processStatusId" field final But I don't want to make this as final. Is there any other solution? public abstract class ProcessStatusListPO_ { private ProcessStatusListPO_() { } public static volatile SingularAttribute<ProcessStatusListPO, String>

问题 We have a quite large code base, and one of the projects breaks the SonarQube analysis with the following error. 016-12-15T11:20:30.8989361Z ##[error]ERROR: Error during SonarQube Scanner execution 2016-12-15T11:20:30.8999277Z ##[error]java.lang.IllegalStateException: Line 1203 is out of range in the file Converters/IMSServiceToESBConverter.cs (lines: 1202) We are using SonarQube 6.1 and the latest C# plugin (5.5.1.522). Disabling all rules in the C# profile still causes this problem. 回答1: I

问题 If I have the below classes (A and B) which are each in a separate module and I create a test for A.doSomething() , Sonar will complain about 0% coverage on B.doSomething() although it is being testing indirectly in TestA . Using Ecclema coverage plugin for eclipse, I can see B.doSomething() is considered as covered. Is there a reason for why Sonar acts this way? Is there a way to change the behavior of Sonar's code test coverage to include indirectly tested classes? class A { boolean

问题 SonarQube Server 5.1.2, Sonar-Runner 2.4 As provide in Multi-moduleProject i have created a project structure as Accounts | ->invoice | ->src ->receipt | ->src ->sonar.properties File:sonar.properties sonar.projectKey=org.mycompany.acc sonar.projectName=Account sonar.projectVersion=1.0 sonar.sources=src sonar.modules=invoice,receipt invoice.sonar.projectName=Invoice receipt.sonar.projectName=Receipt When execute with above configuration in sonar-runner i encountered with error "src" folder is

问题 I have the following piece of code in my program and I am running SonarQube 5 for code quality check on it after integrating it with Maven. However, Sonar is complaining that I should Either log or rethrow this exception . What am I missing here? Am I not already logging the exception? private boolean authenticate(User user) { boolean validUser = false; int validUserCount = 0; try { DataSource dataSource = (DataSource) getServletContext().getAttribute("dataSource"); validUserCount = new