20

I'm using a local instance of Sonar without a centralized infrastructure. In order to keep the configuration of my project in the pom.xml, I want to configure the project through maven and not through the Sonar UI. For me this has the advantage of keeping things in one place and other developers don't have to configure their local Sonar instance, just unpack and play.

The doc on howto configure the sonar.exclusions property through maven is readily available but the format for sonar.issue.ignore.multicriteria is unclear.

How can you configure sonar.issue.ignore.multicriteria through maven?

revau.lt
  • 2,674
  • 2
  • 20
  • 31

2 Answers2

31

After stepping through the code the format is:

<properties>
        <sonar.issue.ignore.multicriteria>e1,e2</sonar.issue.ignore.multicriteria>
        <sonar.issue.ignore.multicriteria.e1.ruleKey>squid:S00100</sonar.issue.ignore.multicriteria.e1.ruleKey>
        <sonar.issue.ignore.multicriteria.e1.resourceKey>**/*Steps.java</sonar.issue.ignore.multicriteria.e1.resourceKey>
        <sonar.issue.ignore.multicriteria.e2.ruleKey>squid:S1118</sonar.issue.ignore.multicriteria.e2.ruleKey>
        <sonar.issue.ignore.multicriteria.e2.resourceKey>**/PropertyPlaceholderConfig.java</sonar.issue.ignore.multicriteria.e2.resourceKey>
</properties>

The keys e1,e2 can be chosen arbitrarily as long as they are used with .ruleKey and .resourceKey in the depending properties.

The same works for sonar.issue.ignore.block:

 <sonar.issue.ignore.block>e1</sonar.issue.ignore.block>
 <sonar.issue.ignore.block.e1.beginBlockRegexp>@SonarIgnore</sonar.issue.ignore.block.e1.beginBlockRegexp>
 <sonar.issue.ignore.block.e1.endBlockRegexp></sonar.issue.ignore.block.e1.endBlockRegexp>
Michael Piefel
  • 18,660
  • 9
  • 81
  • 112
revau.lt
  • 2,674
  • 2
  • 20
  • 31
  • Probably a typo. I removed it. Sonarqube does not seem to accept more than one path there. – Michael Piefel Mar 09 '15 at 16:00
  • 1
    did you intentionally leave the `endBlockRegexp` part empty? – dokaspar Jun 07 '17 at 07:29
  • It looks like `sonar.exclusions` doesn't exclude the multiple paths like `**/enums/**,**/entity/**,**/constant/**` – PAA Aug 21 '19 at 06:03
  • Please check this answer out, the above answer won’t work for common rules. Hope that helps someone. https://stackoverflow.com/a/60570763/1766402 – Isaiah4110 Mar 10 '20 at 09:45
0

Suppress the sonar warnings from the sonar.gradle file for the android project.

Add this property on sonar.gradle file.

   property "sonar.issue.ignore.multicriteria","e1"
    property "sonar.issue.ignore.multicriteria.e1.ruleKey","xml:S5604"
    property "sonar.issue.ignore.multicriteria.e1.resourceKey","**/AndroidManifest.xml"

This is mainly for the android read and write permission security hotspots on sonarqube server.

Make sure path is perfect otherwise it would not work. Prefer this link for path. https://docs.sonarqube.org/latest/project-administration/narrowing-the-focus/

Shaikh Mohib
  • 278
  • 3
  • 11