Skip to end of metadata
Go to start of metadata

NOTE This feature requires SQ 7.2+ and SonarJava 5.6+.

Import of SpotBugs, FindSecBugs Reports

SonarJava allows to import into SonarQube/SonarCloud issues generated by SpotBugs. Because SpotBugs and FindBugs share the same output format, it's also possible to import reports from FindBugs and its extensions (FindSecBugs, fb-contrib). Please refer to the SpotBugs or FindSecBugs documentations to know how to generate the issues reports.

Once you have the report generated, you need to feed the property "sonar.java.spotbugs.reportPaths". This property accepts one or more SpotBugs reports, paths to report files should be absolute or relative to the project base directory.

sonar.java.spotbugs.reportPaths=./target/spotbugsXml.xml

Using spotbugs-maven-plugin, the default name of the report is spotbugsXml.xml. Using findbugs-maven-plugin, the default name is findbugsXml.xml

Because FindSecBugs, fb-contrib are extensions of SpotBugs, their issues are included in the file generated for SpotBugs issues. There is no specific file for them.

Import of PMD Reports

Please refer to the PMD documentation to know how to generate the issues reports.

Once you have the report generated, you need to feed the property "sonar.java.pmd.reportPaths". This property accepts one or more PMD reports, paths to report files should be absolute or relative to the project base directory. 

sonar.java.pmd.reportPaths=./target/pmd.xml

Import of Checkstyle Reports

Please refer to the Checkstyle documentation to know how to generate the issues reports.

Once you have the report generated, you need to feed the property "sonar.java.checkstyle.reportPaths". This property accepts one or more Checkstyle reports, paths to report files should be absolute or relative to the project base directory. 

sonar.java.checkstyle.reportPaths=./target/checkstyle-result.xml

Maven User?

If you are a Maven user and you want to quickly play with all of this:

  1. Open your pom.xml and in the <plugins> section add the following plugins:

    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-pmd-plugin</artifactId>
      <version>3.10.0</version>
    </plugin>
    <plugin>
      <groupId>com.github.spotbugs</groupId>
      <artifactId>spotbugs-maven-plugin</artifactId>
      <version>3.1.1</version>
      <configuration>
        <effort>Max</effort>
    	<threshold>Low</threshold>
    	<failOnError>true</failOnError>
    	<includeFilterFile>${session.executionRootDirectory}/spotbugs-include.xml</includeFilterFile>
        <plugins>
    	  <plugin>
    	    <groupId>com.h3xstream.findsecbugs</groupId>
    		<artifactId>findsecbugs-plugin</artifactId>
    	    <version>LATEST</version> <!-- Auto-update to the latest stable -->
    	  </plugin>
        </plugins>
      </configuration>
    </plugin>
  2. Add or update the <properties> section with:

    <properties>
      <sonar.java.spotbugs.reportPaths>./target/spotbugsXml.xml</sonar.java.spotbugs.reportPaths>
      <sonar.java.pmd.reportPaths>./target/pmd.xml</sonar.java.pmd.reportPaths>
      <sonar.java.checkstyle.reportPaths>./target/checkstyle-result.xml</sonar.java.checkstyle.reportPaths>
    </properties>
  3. Execute:

    mvn clean package spotbugs:spotbugs pmd:pmd checkstyle:checkstyle sonar:sonar
  • No labels