sonar-detekt

Now that Sonarqube officially supports Kotlin with detekt issue import, this plugin repository has been archived.

Some links which may help you setup sonar-kotlin with detekt findings:

• Sonar-Kotlin documentation: https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/languages/kotlin/
• External analyzers: https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/importing-external-issues/external-analyzer-reports/

---

Features

• Integrates detekt for static code analysis
• Default quality profiles detekt active (80+ rules) and detekt all (164+ rules)
• Supports SonarQube up from 9.9 LTS
• Supports detekt's yaml config, baseline.xml and excludes
• Seamless integration with official sonar-kotlin plugin (no redundant features)

Non supported features as of 2.x.x

• code coverage
• test reports
• syntax highlighting
• metrics

The official sonar-kotlin plugin now supports these features.

Usage

Sonar Update Center

• Administration > Marketplace > Search for detekt

Building from source

Use Java 17 to build sonar-detekt:

• git clone https://github.com/detekt/sonar-detekt
• cd sonar-detekt
• mvn verify
• cp target/sonar-detekt-<version>.jar $SONAR_HOME/extensions/plugins
• cd $SONAR_HOME/bin/<OS>
• ./sonar.sh restart

Configurations, Baselines and Filters

Read about detekt configuration files here and about detekt baseline formats here.

Best ways to get started is to configure the detekt-gradle-plugin in your project and use its detektBaseline and detektGenerateConfig tasks.

• detektGenerateConfig copies the default configuration file which you can use to turn on and off rules and set appropriate threshold values for some rules.
• detektBaseline analyzes your project and generates a baseline xml file with all your current findings. This findings won't get reported anymore in sonar.

Settings

To make use of this features, you have to set up some properties:

detekt path filters support multiple regex entries by adding a , for separating. detekt yaml configuration path also supports multiple configuration files where the first entered override some values of the later added config files.

Limitations

Sonar analyzes each module individually which makes it harder to search for your config files. If you use relative paths, sonar-detekt first tries to find the provided path inside this module and if it can't find it, we are searching for the file in the parent folder. This leads to the limitation that only projects with sub-projects of depth 1 are supported. If you need more config files in your project hierarchies, provide them in the sub-projects with the same relative path available.

Mentions

As mentioned/used in ...

• Sonarqube code coverage for Kotlin on Android with Bitrise
• Sample Android-Gradle-Sonar-Kotlin integration

License