search

sbaudoin / sonar-shellcheck

SonarQube plugin to analyze Shell scripts with ShellCheck
Apache License 2.0
55 stars 10 forks source link

No issues reported on SonarQube #32

Closed MehdiFi closed 2 years ago

MehdiFi commented 3 years ago

Hi, I am using SG v8.91, shellcheck v0.7.2, sonar-shellcheck plugin v2.4.0

The plugin is well installed on SG image

I am using GiltLab CI/CD, output of shellcheck below

$ shellcheck --version
ShellCheck - shell script analysis tool
version: 0.7.2
license: GNU General Public License, version 3
website: https://www.shellcheck.net
$ export SONAR_PROPERTIES_FILENAME="sonar-project.properties" # collapsed multi-line command
$ for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done;
../docker-cmd.sh:7:28: note: Double quote to prevent globbing and word splitting. [SC2086]

I am not able to visualize any issue on SQ. Any suggestions ? Thank you

sbaudoin commented 3 years ago

It depends on the configuration set in sonar-project.properties and the rules you enabled on SQ for the project. If sonar-project.properties is not correctly set you should not see any of your code in SQ. Can you check that all Shellcheck rules are enabled for your project?

Another option is that your scripts are not recognized because of their file extension. By default, only the .sh, .ksh and .bash extensions are used to identify scripts: this may not suite your scripts.

MehdiFi commented 2 years ago

Thanks for your answer.

I adjust some configuration and this my result: (still same issue )

gitlab-ci.yml shell-check: image: docker.io/koalaman/shellcheck-alpine stage: quality script: - shellcheck --version - for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done; allow_failure: true

sonar-project.properties (nothing special) sonar.projectKey=** sonar.projectName=** sonar.projectVersion=** sonar.sourceEncoding=** sonar.nodejs.executable=** sonar.links.homepage=** sonar.links.scm=**

Output (looks good!) ShellCheck - shell script analysis tool version: v0.7.2-79-g290fc8b license: GNU General Public License, version 3 website: https://www.shellcheck.net $ for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done; /builds/**/docker-cmd.sh:7:28: note: Double quote to prevent globbing and word splitting. [SC2086] /builds/**/docker-cmd.sh:9:12: note: Double quote to prevent globbing and word splitting. [SC2086] /builds/**/docker-cmd.sh:9:31: note: Double quote to prevent globbing and word splitting. [SC2086] /builds/**/docker-cmd.sh:12:1: warning: var appears unused. Verify use (or export if used externally). [SC2034]

Still not able to visualize issues on SG. Any suggestions ?

sbaudoin commented 2 years ago

@MehdiFi from your .gitlab-ci.yml file it seems that you do not execute the sonar-scanner in your GitLab pipeline: you must run it if you want to see the ShellCheck issues in SonarQube. Can you tell me how you run the scanner, please?