-
Notifications
You must be signed in to change notification settings - Fork 106
No rules for Bug or Vulnerability #103
Comments
The plugin doesn't currently differentiate many tslint issues by Bug or Vulnerability, they all go into the Code Smell bucket. It's not a lot of work to have them go into different buckets, just a case of my needing to go through each rule and assess what bucket it should live in. Plugin might need a tweak to parse the info from the settings file but not a big So - working as intended so far, just not very usefully for you until I allocate rules violations properly! |
Hi Paul, thanks for the quick response 👍 Yeah that does answer my question, sounds good. May I suggest adding this information on README.md? It may be relevant to more people out there. Also, another suggestion (I actually tried to create a branch to make this change and open a PR to you, but didn't find the option to Create Branch here) is to add the following on README.md too:
This line is magical. I spent a whole workday trying to figure out why did Sonar see my project as JavaScript, and not TypeScript, thus applying the JS Profile and detecting only 14 (fourteen) LoC on the whole project....setting explicitly sonar.language solved the problem. |
Interesting - what version of SonarQube? The sonar.language setting arguably shouldn't be needed - ideally you would filter your sources to exclude *.js if required (or uninstall the JavaScript analysis plugin), so I've not been including it in my own projects of late but I agree that's worth at least a troubleshooting note! |
I'm running a "Dockered" version of Sonar. My base image is 5.6, from the official Sonarqube repo on Docker Hub (https://hub.docker.com/r/library/sonarqube/)
|
Ta - another test environment to set up :D |
So I've added Bug and Vulnerability against rules that are most readily identifiable as such but it's all a bit of a matter of taste. You can amend the type of a violation in your own quality profiles via the admin interface, but the changes made in RC2 (which when released will include the above) won't apply to existing projects unless you remove and re-add the quality profile from the affected projects (or just bin the projects and re-run). |
This will be awesome, thanks! |
First of all, this is more like a question than an issue, but I found no other place to post it. I'm sorry in advance if this area is inappropriate for this. In case it's OK, here is my case:
I went through the documentation over here, installed the plugin and analysed a TS project, but I found that the plugin comes with 0 rules for Bugs or Vulnerabilities. This includes the demo Sonar, linked on README.md, so of course any analysis will detect 0 of either on any TS project.
I'm running Sonar on a Docker container, and the image has TS Lint installed and available on PATH. I tried including "sonar.ts.tslint.rulesDir=/opt/tools/node-v6.4.0-linux-x64/lib/node_modules/tslint/lib/rules" on sonar-project.properties (this dir on the container has many .ts files, with rules that came with tslint), but still, 0 bugs/vulnebs. detected.
In my case, manually creating and maintaining rules on Sonar application itself is not a viable option.
Am I missing some configuration or does the plugin not support Bugs and Vulnerabilities yet? Without those, I see little benefit of running a static analysis on a TS project.
Thank you
The text was updated successfully, but these errors were encountered: