search

Idean / sonar-swift

Open source Swift plugin for SonarQube (also supports Objective-C)
Other
890 stars 277 forks source link

0 bugs, 0 vulnerability, security hotspot 0 #288

Open venkatesh-pv opened 3 years ago

venkatesh-pv commented 3 years ago

hi, i am using blakelite-sonar-swift-0.4.6 plugin After complete my sonar analysis i only get code smell report. How to i get bugs and vulnerability report. image Any suggestions on how to solve this problem ?

wojciech-kopras commented 3 years ago

I have a similar problem. Is this plugin still working with sonar server v.8.7.1 and sonar-scanner v.4.6 runned on Linux ? I ommit building the project and running unittests in run-sonar-swift.sh - I don't need it here. Sanning completes, I can see a new CE execution finished, but I get zero issues in the dashboard for the last execution, even if the sensors report issues.

13:52:53.453 INFO: Processing Tailor report <hidden>
...
13:52:53.453 DEBUG: record issue Analyzed 50 files, skipped 2 files, and detected 2060 violations (0 errors, 2060 warnings).
13:52:54.128 INFO: Sensor Tailor [backelitesonarswiftplugin] (done) | time=1190ms
...
13:52:55.031 INFO: Processing complexity report: <hidden>
13:52:55.046 INFO: Sensor Lizard [backelitesonarswiftplugin] (done) | time=14ms
...
15:59:02.572 INFO: Analysis report generated in <hidden>
...
15:59:02.768 INFO: Analysis report uploaded in 196ms
andrei-chis-zynk commented 3 years ago

@wojciech-kopras

Tested on 2 machines. First machine reports the code smells but the second machine does not. Still investigating what happens with the second machine.

Configuration: MacOS (sonarqube v8.7.1, sonar-scanner v4.6, blakelite-sonar-swift-0.4.6 plugin)

@venkatesh-pv

In the Swift Quality Profile, the rules are only reported as code smells. I guess you can change the category for some rules and consider them as "Bugs".

alean79 commented 3 years ago

@andrei-chis-zynk Have you investigated why in one of your machines, the scanner reports 0 issues of any type? I'm having the exact same issue. Using SonarQube 8.8 Community, with this plugin 0.4.6, and running sonar-scanner from shell.

venkatesh-pv commented 3 years ago

@andrei-chis-zynk How can i change the category for rules

alean79 commented 3 years ago

I resolved this issue... The plugin doesn't detect anything for itself, but only find and upload previously generated reports (for example, running SwiftLint). It's necessary to run SwiftLint and any other tools that you want, in order to this plugin upload meaningful data to SonarQube.

andrei-chis-zynk commented 3 years ago

@alean79 I had an indentation problem inside sonar-project.properties file.

This blocked the report for SwiftLint. sonar.swift.swiftlint.report=reports/*swiftlint.txtsonar...

Yes, if you want anything reported inside SonarQube, you have to run the tools described in the Readme.

@venkatesh-pv Sorry, I thought you can change the main rules category but it seems that it's not possible.

If it helps, you can change the rule category for a particular issue reported in an analysis.