No issues reported on SonarQube

Question

No issues reported on SonarQube

Closed this issue 2 years ago · 3 comments

Hi,
I am using SG v8.91, shellcheck v0.7.2, sonar-shellcheck plugin v2.4.0

The plugin is well installed on SG

I am using GiltLab CI/CD, output of shellcheck below

$ shellcheck --version
ShellCheck - shell script analysis tool
version: 0.7.2
license: GNU General Public License, version 3
website: https://www.shellcheck.net
$ export SONAR_PROPERTIES_FILENAME="sonar-project.properties" # collapsed multi-line command
$ for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done;
../docker-cmd.sh:7:28: note: Double quote to prevent globbing and word splitting. [SC2086]

I am not able to visualize any issue on SQ.
Any suggestions ?
Thank you

Answer 1 · 2021-08-21T21:01:45.000Z

It depends on the configuration set in sonar-project.properties and the rules you enabled on SQ for the project. If sonar-project.properties is not correctly set you should not see any of your code in SQ. Can you check that all Shellcheck rules are enabled for your project?

Another option is that your scripts are not recognized because of their file extension. By default, only the .sh, .ksh and .bash extensions are used to identify scripts: this may not suite your scripts.

Answer 2 · 2021-10-21T15:14:05.000Z

Thanks for your answer.

I adjust some configuration and this my result: (still same issue )

gitlab-ci.yml
shell-check:
image: docker.io/koalaman/shellcheck-alpine
stage: quality
script:
- shellcheck --version
- for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done;
allow_failure: true

sonar-project.properties (nothing special)
sonar.projectKey=**
sonar.projectName=**
sonar.projectVersion=**
sonar.sourceEncoding=**
sonar.nodejs.executable=**
sonar.links.homepage=**
sonar.links.scm=**

Output (looks good!)
ShellCheck - shell script analysis tool
version: v0.7.2-79-g290fc8b
license: GNU General Public License, version 3
website: https://www.shellcheck.net
$ for file in $(find $CI_PROJECT_DIR -type f -name '*.sh'); do shellcheck --format=gcc $file; done;
/builds/**/docker-cmd.sh:7:28: note: Double quote to prevent globbing and word splitting. [SC2086]
/builds/**/docker-cmd.sh:9:12: note: Double quote to prevent globbing and word splitting. [SC2086]
/builds/**/docker-cmd.sh:9:31: note: Double quote to prevent globbing and word splitting. [SC2086]
/builds/**/docker-cmd.sh:12:1: warning: var appears unused. Verify use (or export if used externally). [SC2034]

Still not able to visualize issues on SG.
Any suggestions ?

Answer 3 · 2021-11-14T18:32:31.000Z

@MehdiFi from your .gitlab-ci.yml file it seems that you do not execute the sonar-scanner in your GitLab pipeline: you must run it if you want to see the ShellCheck issues in SonarQube. Can you tell me how you run the scanner, please?