Sonarqube: How to ignore/skip scanning of isues on certain annotation “ex. @generated” in java

[lea.i.a...@accenture.com]

We are generating java codes via EMF. We want Sonar to skip issue scanning on the codes with annotations @generated but will scan @generated NOT for both class and method level.

Is there a way to do that in SonarQube and SonarLint? Also, can it be applied in other annotation?

I understand the guidelines in the Sonar Doc. However, we don't want to add start and end delimiters on the chunk of codes generated for a thousands of codes. We want to skip only the classes or methods that are annotated with "@generated" but not the whole file. Please let me know if that is possible in Sonarqube. Some of our codes are annotated with "@generated NOT" which should also be scanned for issues.

Please help. Thank you in advance.

[Nicolas Peru]

Hi, 

I am guessing you are talking about java analysis.

Currently this is not possible. We have in mind to add custom issue filter on the java analyzer side to maybe allow this kind of behavior, but nothing planned yet.

May I ask, in order to understand your need and maybe think of a workaround : Is the @generated annotation a custom one ? otherwise what is its full name (package + name) ? 

Then why can't you exclude the whole file ? is this generated code inserted in files with human produced code ? 

Cheers, 

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/4e843dd2-3d75-4736-b4c7-0b741d7a13e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Nicolas PERU | SonarSource

Senior Developer
http://sonarsource.com

https://twitter.com/benzonico

[lea.i.a...@accenture.com]

Thanks Nicolas for immediate response.

I uploaded here snapshot of our code, please see.

This class is generated automatically and will modify by developers when needed and just put @generated NOT on the modified methods. This has been done so that on the next time of automatic generation the codes annotated with @generated NOT will not be replaced or touch and since this has been modified by dev it needs to be scanned by Sonarqube analyzer.

Hoping you understand. Thanks again.

[Nicolas Peru]

Hi, 

This is not an annotation. You are talking about a javadoc tag. 

Sorry but this is definitely not possible today and really not a feature we plan to implement.

Cheers, 

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/09cc53e6-1ff8-4190-97c2-718e5d93a843%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[lea.i.a...@accenture.com]

Hi Nicolas,

Thanks for correcting me and I understand now that what we used is a Javadoc tag and is not supported.

But, what if we corrected our code to use annotation, would it be possibly supported by Sonarqube?.

I attached a sample code here. Please see below snapshot.

Please advise.

Thanks,

Lea

[Nicolas Peru]

Hi, 

As mentionned in my 1st email :  We have in mind to add custom issue filter on the java analyzer side to maybe allow suppresion of issues when some code is annotated, but nothing planned yet.

However I tend to think that if someone is modifying some generated code then the whole file should be analyzed as it needs to be maintained and the bits modified could have (thanks to the feature we will be releasing soon) a consequence on the generated code. So IMO you are fixing the wrong problem by trying to ignore chunks of code and as long as something as been generated and then modified it should be analyzed.

Cheers, 

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/a0c187be-d1ac-4373-a6fd-f7e8eefed9dd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[lea.i.a...@accenture.com]

Hi,

Yes, that's really our scenario. We have thousands of codes automatically generated and some of their methods were modified.

The ultimate goal is to just skip scanning of issues on the codes annotated with @generated but not the whole file.

For the java analyzer you have mentioned, we'll keep checking on that to see any updates. Maybe, this will fix our scenario.

The latest Java installed in our Sonarqube is 4.2.1.6971.

Thank you so much!

regards.