Vulnerability issue shows on my local but not SonarQube Dashboard.

[pdax-johnlester]

I setup my SonarQube (9.9) and SonarScanner (5.0.1) and added the to the Sonar-Flutter plugin (0.5.0) on my local.

When the flutter analyze --no-fatal-warnings --no-fatal-infos runs during sonar scan, it returns an issue since I intetionally added that issue/vulnerability to check if it will be reflected on the SQ Dashboard. But i have no luck it is always success and no vulnerabilities found.

The code coverage results shows correctly but the analysis report doesn't.

Can someone assist me with this issue?

[pdax-johnlester]

Here's the sonar-properties.yaml:

# Project identification
sonar.host.url=http://localhost:9000/
sonar.projectKey=MAP-FE
sonar.projectName=MAP-FE
sonar.projectVersion=2.6.0
sonar.token=token

# Source code location.
# Path is relative to the sonar-project.properties file. Defaults to .
# Use commas to specify more than one folder.
sonar.sources=lib
sonar.tests=test
# Encoding of the source code. Default is default system encoding.
sonar.sourceEncoding=UTF-8

# Analyzer mode
# Can be:
# - DETECT (attempt to detect automatically) - default
# - MANUAL (an existing report needs to be provided)
# - FLUTTER (flutter analyze)
# - DART (dart analyze)
# - DARTANALYZER (dartanalyzer)
# sonar.dart.analyzer.mode=MANUAL

# Allows reuse of an existing analyzer report when mode is MANUAL
# sonar.dart.analyzer.report.path=analysis-results.txt

# Analyzer report output mode
# Can be:
# - DETECT (attempt to detect automatically, requires Dart SDK on the PATH) - default
# - MACHINE (a new machine readable output that is available for Dart 2.12+)
# - LEGACY (attempts to parse human readable output from dart/flutter) - default
# sonar.dart.analyzer.report.mode=MACHINE

sonar.qualitygate.wait=true

sonar.flutter.coverage.reportPath=coverage/lcov.info

sonar.dart.analyzer.options.override=false

sonar.coverage.exclusions=lib/core/presentation/global_components/*.dart,\
lib/core/presentation/global_bloc_components/*.dart,\
lib/core/presentation/global_page/*.dart,\
lib/features/*/presentation/components/*.dart,\
lib/features/*/presentation/pages/*.dart,\
**/presentation/data_table_source/*.dart,\
**/presentation/mixins/*.dart,\
lib/application/config/app_router/*,\
lib/core/di/injector.config.dart,\
lib/core/resources/*,\

Here's the intentional code smell that i put on the code:

• Avoid final parameters rule

Here's the output from the SQ Dashboard:

[pdax-johnlester]

Will close this one now. I figured out that there are only 133 rules are activated on dartanalyzer quality profile. What I did is to expand and activate other rules. This may help on others may experience this kind of issue.