SONARList Eclipse Plugin showing more issues than server
459 views
Skip to first unread message
sfm...@gmail.com
Oct 30, 2017, 12:25:39 PM10/30/17
to SonarLint
I have installed the latest SONARLint Eclipse plugin ( SonarLint for Eclipse 3.2.0.201706271328). I am using Eclipse version Luna (4.4.2) 64-bit. I am also running Eclipse with JDK 1.8.0_131. Our SONARQube server is version 5.6.6.
Our Jenkins job/SONAR server is setup to use a custom Quality Profile. When we run our Jenkins job the custom Quality Profile is used and the SONAR dashboard is correctly showing 0 issues.
When I run a local analysis on the same project within Eclipse I am seeing > 100 issues. When I look at the rules that were violated, I see that all of them are from the (Java) Sonar way quality profile. It appears that SONARLint is using the default when I am running locally. I dropped and re-bound the projects to verify they were correct. This did not change the results. The auto-binding appears to be finding the correct server projects.
Can you tell me if there is something I can do to debug this issue? Is there some property I need to specify in the preferences so that SONARLint uses the correct Quality Profile?
Thanks,
Steve
Julien HENRY
Oct 30, 2017, 12:35:48 PM10/30/17
to sfm...@gmail.com, SonarLint
Hi Steve,
How do you configure association between your project and the quality profile? If you are using sonar.profile property on scanner side, then SonarLint can't know it and use default quality profile. Please check in the SonarQube server that your project is correctly associated with the right quality profile *inside* the SonarQube server.
++
--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/935f19f5-6cd1-432c-b1cf-8f914b1389d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
sfm...@gmail.com
Oct 30, 2017, 12:54:36 PM10/30/17
to SonarLint
On the server side, the project is associated with the correct Quality Profile on the dashboard.
The way I associated my IDE project to the project on the SONAR server was to right click on the project and select SonarLint->Change binding. I then clicked on Refresh project list to make sure that the server projects were retrieved. I then clicked on Auto bind selected projects. It retrieve and set the correct SONAR project. I then clicked on Finish to save this setting. I then right clicked on the project and selected SonarLint->Analyze to perform a full analysis. We do not have many files so this finished in a few seconds. It showed many issues that I did not see on the server dashboard.
I just tried something and it appears to have resolved my issue. I went to the SonarQube Servers view and right clicked on the server name. I then clicked on Update all project bindings. When I now run an analysis on the same project it is showing 3 minor issues, instead of >100. The server dashboard still shows 0 for Bugs/Vulnerabilities/Code Smells. I'm assuming that the server is not showing the minor issues. I will need to confirm this with our build dept. I did verify that the 3 minor issues were related to rules in our custom quality profile.
Do you know why I had to execute this command? I would have thought that re-binding the project should have updated the binding. I did not see anything documented about having to run this command after I change a binding.
Steve
On Monday, October 30, 2017 at 12:35:48 PM UTC-4, Julien HENRY wrote:
Hi Steve,How do you configure association between your project and the quality profile? If you are using sonar.profile property on scanner side, then SonarLint can't know it and use default quality profile. Please check in the SonarQube server that your project is correctly associated with the right quality profile *inside* the SonarQube server.++
2017-10-30 17:25 GMT+01:00 <sfm...@gmail.com>:
I have installed the latest SONARLint Eclipse plugin ( SonarLint for Eclipse 3.2.0.201706271328). I am using Eclipse version Luna (4.4.2) 64-bit. I am also running Eclipse with JDK 1.8.0_131. Our SONARQube server is version 5.6.6.Our Jenkins job/SONAR server is setup to use a custom Quality Profile. When we run our Jenkins job the custom Quality Profile is used and the SONAR dashboard is correctly showing 0 issues.When I run a local analysis on the same project within Eclipse I am seeing > 100 issues. When I look at the rules that were violated, I see that all of them are from the (Java) Sonar way quality profile. It appears that SONARLint is using the default when I am running locally. I dropped and re-bound the projects to verify they were correct. This did not change the results. The auto-binding appears to be finding the correct server projects.Can you tell me if there is something I can do to debug this issue? Is there some property I need to specify in the preferences so that SONARLint uses the correct Quality Profile?Thanks,Steve
--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.
Julien HENRY
Oct 30, 2017, 1:11:04 PM10/30/17
to sfm...@gmail.com, SonarLint
When you rebind a projet, SonarLint will only update project specific settings, like the name of the quality profile it is associated to.
Using "update all project bindings" action will update all data, including quality profile content (ie which rules are inside). This could be a costly operation, and most of the time the quality profile is the same for all projects that's why we don't do it each time you bind a project.
Concerning the minor issues, maybe you could share from which rule they come (squid:xxxx), it could help to understand the difference with the server.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/54fae430-ea09-4447-ab09-c15e29619625%40googlegroups.com.
sfm...@gmail.com
Oct 30, 2017, 1:22:32 PM10/30/17
to SonarLint
Thanks for the explanation.
squid:RedundantThrowsDeclarationCheck
Steve
Julien HENRY
Oct 30, 2017, 1:25:20 PM10/30/17
to sfm...@gmail.com, SonarLint
That's really strange, I don't expect a different behavior between SonarQube and SonarLint for this rule.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/8811a9cf-3e2a-4925-9274-fbb7f48f1ace%40googlegroups.com.
sfm...@gmail.com
Oct 30, 2017, 1:33:26 PM10/30/17
to SonarLint
Julien,
Is there anything I can do to provide more information to help you resolve this issue?
I do see in the rules description that the rule is categorized as minor/code smell so I think it should show on the server dashboard under Code Smell issues. I just reran the Jenkins job to verify that it is working with the latest level of code.
Steve
Julien HENRY
Oct 31, 2017, 4:21:27 AM10/31/17
to Steven Marvin, SonarLint
Hi Steve,
The difference of behavior might come from the bytecode. SonarJava need the bytecode to know type hierarchy (and I think this rule rely on it). My guess is that SonarLint is correct, and the problem is more on SonarQube side. Could you please tell us your version of SonarJava (=sonar-java-plugin)?
What is the scanner you are using to do your SonarQube analysis (Scanner for Maven, Scanner for CLI, ...)?
Run the analysis in verbose mode (-X on Maven or for sonar-scanner) and check for messages saying that provided classpath is incomplete.
++
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/1091978c-ddb7-49e6-b78a-b6b09b91bbaf%40googlegroups.com.
sfm...@gmail.com
Oct 31, 2017, 9:11:05 AM10/31/17
to SonarLint
Hi Julien,
Our build group is using the SonarQube Scanner for Jenkins/Maven plugin to perform the analysis. Here is some of the information it logs in the job log. I cannot get any more information about the plugin as I do not have admin authority. I noticed there are some warnings about Bytecode and missing 3rd party classes that we reference in our code. Do you think this could be the issue? If so, I will contact our build department and let them know. I also see that there have been newer versions of this plugin released. It looks like the latest is 2.6.1
SonarQube Runner 2.3
Java 1.8.0_131 Oracle Corporation (64-bit)
Windows Server 2008 R2 6.1 amd64
Java 1.8.0_131 Oracle Corporation (64-bit)
Windows Server 2008 R2 6.1 amd64
INFO: SonarQube Server 5.6.6
11:44:59.687 INFO - Source paths: src/main
11:44:59.687 INFO - Source encoding: windows-1252, default locale: en_US
11:44:59.687 INFO - Index files
11:44:59.748 INFO - Excluded sources:
11:44:59.748 INFO - **/*.xml
11:45:00.337 INFO - 42 files indexed
11:45:00.338 INFO - 0 files ignored because of inclusion/exclusion patterns
11:45:00.350 INFO - Quality profile for java: Payments Java
11:45:03.655 INFO - Sensor Lines Sensor
11:45:03.689 INFO - Sensor Lines Sensor (done) | time=34ms
11:45:03.689 INFO - Sensor JavaSquidSensor
11:45:04.568 INFO - Configured Java source version (sonar.java.source): 8
11:45:04.626 INFO - JavaClasspath initialization
11:45:04.641 WARN - Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property
11:45:04.641 INFO - JavaClasspath initialization (done) | time=15ms
11:45:04.641 INFO - JavaTestClasspath initialization
11:45:04.642 INFO - JavaTestClasspath initialization (done) | time=1ms
11:45:05.098 INFO - Java Main Files AST scan
11:45:05.099 INFO - 42 source files to be analyzed
11:45:11.248 WARN - [JOURNAL_FLUSHER] WARNING Journal flush operation took 2,702ms last 8 cycles average is 560ms
11:45:24.687 INFO - 42/42 source files have been analyzed
11:44:59.687 INFO - Source encoding: windows-1252, default locale: en_US
11:44:59.687 INFO - Index files
11:44:59.748 INFO - Excluded sources:
11:44:59.748 INFO - **/*.xml
11:45:00.337 INFO - 42 files indexed
11:45:00.338 INFO - 0 files ignored because of inclusion/exclusion patterns
11:45:00.350 INFO - Quality profile for java: Payments Java
11:45:03.655 INFO - Sensor Lines Sensor
11:45:03.689 INFO - Sensor Lines Sensor (done) | time=34ms
11:45:03.689 INFO - Sensor JavaSquidSensor
11:45:04.568 INFO - Configured Java source version (sonar.java.source): 8
11:45:04.626 INFO - JavaClasspath initialization
11:45:04.641 WARN - Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property
11:45:04.641 INFO - JavaClasspath initialization (done) | time=15ms
11:45:04.641 INFO - JavaTestClasspath initialization
11:45:04.642 INFO - JavaTestClasspath initialization (done) | time=1ms
11:45:05.098 INFO - Java Main Files AST scan
11:45:05.099 INFO - 42 source files to be analyzed
11:45:11.248 WARN - [JOURNAL_FLUSHER] WARNING Journal flush operation took 2,702ms last 8 cycles average is 560ms
11:45:24.687 INFO - 42/42 source files have been analyzed
11:45:24.691 WARN - Classes not found during the analysis : [javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.slf4j.Logger, org.springframework.boot.context.embedded.EmbeddedServletContainerFactory, org.springframework.http.HttpStatus, org.springframework.jdbc.core.JdbcTemplate, org.springframework.web.servlet.DispatcherServlet,org.springframework.web.servlet.HandlerExecutionChain]
11:45:24.692 INFO - Java Main Files AST scan (done) | time=19594ms
11:45:24.692 INFO - Java Test Files AST scan
11:45:24.692 INFO - 0 source files to be analyzed
11:45:24.693 INFO - Java Test Files AST scan (done) | time=1ms
11:45:24.693 INFO - Sensor JavaSquidSensor (done) | time=21004ms
11:45:24.693 INFO - Sensor PmdSensor
11:45:24.695 INFO - Execute PMD 5.4.2...
11:45:24.726 INFO - Java version: 1.8
11:45:24.692 INFO - Java Test Files AST scan
11:45:24.692 INFO - 0 source files to be analyzed
11:45:24.693 INFO - Java Test Files AST scan (done) | time=1ms
11:45:24.693 INFO - Sensor JavaSquidSensor (done) | time=21004ms
11:45:24.693 INFO - Sensor PmdSensor
11:45:24.695 INFO - Execute PMD 5.4.2...
11:45:24.726 INFO - Java version: 1.8
Is this enough information?
Steve
Julien HENRY
Oct 31, 2017, 9:34:41 AM10/31/17
to Steven Marvin, SonarLint
WARN - Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property
This is indeed what will probably make all rules relying on bytecode less accurate.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/ddfc7c36-29ce-4dc6-9e46-bf5f0524ca77%40googlegroups.com.
sfm...@gmail.com
Oct 31, 2017, 5:50:43 PM10/31/17
to SonarLint
Julien,
I just wanted to update you. We added the sonar.java.libraries property to the Jenkins SonarQube Runner properties and now we are seeing the same 3 issues on the server that we are seeing when doing a local SONARLint analysis.
Thanks for your help!
Steve
Julien HENRY
Nov 6, 2017, 2:21:24 AM11/6/17
to Steven Marvin, SonarLint
Perfect, thanks for the update Steve!
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/49916afd-e64e-483c-b1c1-8a87660fb60d%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages