No issues reported on SonarQube
Closed this issue · 3 comments
Hi,
I am using SG v8.91, shellcheck v0.7.2, sonar-shellcheck plugin v2.4.0
The plugin is well installed on SG
I am using GiltLab CI/CD, output of shellcheck below
$ shellcheck --version
ShellCheck - shell script analysis tool
version: 0.7.2
license: GNU General Public License, version 3
website: https://www.shellcheck.net
$ export SONAR_PROPERTIES_FILENAME="sonar-project.properties" # collapsed multi-line command
$ for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done;
../docker-cmd.sh:7:28: note: Double quote to prevent globbing and word splitting. [SC2086]
I am not able to visualize any issue on SQ.
Any suggestions ?
Thank you
It depends on the configuration set in sonar-project.properties
and the rules you enabled on SQ for the project. If sonar-project.properties
is not correctly set you should not see any of your code in SQ. Can you check that all Shellcheck rules are enabled for your project?
Another option is that your scripts are not recognized because of their file extension. By default, only the .sh
, .ksh
and .bash
extensions are used to identify scripts: this may not suite your scripts.
Thanks for your answer.
I adjust some configuration and this my result: (still same issue )
gitlab-ci.yml
shell-check:
image: docker.io/koalaman/shellcheck-alpine
stage: quality
script:
- shellcheck --version
- for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done;
allow_failure: true
sonar-project.properties (nothing special)
sonar.projectKey=**
sonar.projectName=**
sonar.projectVersion=**
sonar.sourceEncoding=**
sonar.nodejs.executable=**
sonar.links.homepage=**
sonar.links.scm=**
Output (looks good!)
ShellCheck - shell script analysis tool
version: v0.7.2-79-g290fc8b
license: GNU General Public License, version 3
website: https://www.shellcheck.net
$ for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done;
/builds/**/docker-cmd.sh:7:28: note: Double quote to prevent globbing and word splitting. [SC2086]
/builds/**/docker-cmd.sh:9:12: note: Double quote to prevent globbing and word splitting. [SC2086]
/builds/**/docker-cmd.sh:9:31: note: Double quote to prevent globbing and word splitting. [SC2086]
/builds/**/docker-cmd.sh:12:1: warning: var appears unused. Verify use (or export if used externally). [SC2034]
Still not able to visualize issues on SG.
Any suggestions ?