SonarQube Properties and Parameters

Parameters to configure project analysis can be set in multiple places. Here is the hierarchy of parameters:

  • Global analysis parameters, defined in the UI, apply to all the projects (From the top bar, go to Settings > General Settings)
  • Project analysis parameters, defined in the UI, override global parameters (At a project level, go to Configuration > Settings)
  • Project analysis parameters, defined in a project analysis configuration file or an analyzer configuration file, override the ones defined in the UI
  • Analysis / Command line parameters, defined when launching an analysis, override project analysis parameters

For example, if you override the sonar.exclusions parameter via command line for a specific project, it will not be stored in the database. Local analyses in Eclipse, for example, would still be executed with the exclusions defined in the UI and therefore stored in the DB.

Setting properties from the Command Line

SonarQube properties can also be set from the command line, by setting a system property named exactly like the SonarQube property in question. This can be useful when dealing with sensitive information (e.g. credentials), environment information, or for ad-hoc configuration.

A SonarQube property value set via a system property overrides any value set in a build script (for the same property). When analyzing a project hierarchy, values set via system properties apply to the root project of the analyzed hierarchy. Each system property starting with ""sonar." will be taken into account.

sonar-project.properties

Create a configuration file in the root directory of the project: sonar -project.properties

.

Alternatives to  sonar-project.properties

If a  sonar-project.properties  file cannot be created in the root directory of the project, there are several alternatives:

The properties can be specified directly through the command line. Ex:

The property project.settings can be used to specify the path to the project configuration file (this option is incompatible with the project.home and sonar.projectBaseDir properties). Ex:

Alternate Analysis Directory

If the files to be analyzed are not in the directory where the analysis starts from, use the sonar.projectBaseDir property to move analysis to a different directory. E.G. analysis begins from  jenkins/jobs/myjob/workspace  but the files to be analyzed are in  ftpdrop/cobol/project1 .

Multi-module Project Structure

If your project is a Maven project, you have nothing further to do to enable multi-module analysis. Simply execute mvn sonar:sonar from your project's root directory. If your multi-module project is not a Maven project, read on:

There are two ways to define a multi-module structure in SonarQube:

sonar assignment of parameter is not allowed

Gradle defaults for standard SonarQube properties

[$project.group:]$project.name for root module
<root module key>:<module path> for submodules 
project.name
project.description
project.version
project.projectDir
“$project.buildDir/sonar”

Mandatory Parameters

sonar.host.url Server URL

Project Configuration

sonar.projectKey

The project key that is unique for each project. 
Allowed characters are: letters, numbers, '-', '_', '.' and ':', with at least one non-digit. 

When using Maven, it is automatically set to <groupId>:<artifactId>.

 
sonar.sources

Comma-separated paths to directories containing source files.
Compatible with Maven. If not set, the source code is retrieved from the default Maven source code location. 

 

Optional Parameters

Project identity.

sonar.projectName

Name of the project that will be displayed on the web interface.
Set through <name> when using Maven.

sonar.projectVersion "not provided"

Authentication

If Anyone does not have permission to perform analyses, you'll need to supply the credentials of a user with Execute Analysis permission for the analysis to run under.

sonar.login The login or authentication token of a SonarQube user with Execute Analysis permission.  
sonar.password The password that goes with the sonar.login username. This should be left blank if an authentication token is being used.  

Web Services

sonar.ws.timeout Maximum time to wait for the response of a Web Service call (in seconds). Modifying this value from the default is useful only when you're experiencing timeouts during analysis while waiting for the server to respond to Web Service calls.  60
sonar.projectDescription

The project description.
Not compatible with Maven, which uses the <description> attribute.

 
sonar.links.homepage Project home page
Not compatible with Maven, which uses the <url> attribute.
 

sonar.links.ci

Continuous integration 
Not compatible with Maven, which uses the <ciManagement><url> attribute.
 
sonar.links.issue Issue tracker
Not compatible with Maven, which uses the <issueManagement><url> attribute.
 
sonar.links.scm Project sources
Not compatible with Maven, which uses the <scm><url> attribute.
 
sonar.links.scm_dev Developer connection
Not compatible with Maven, which uses the <scm><developerConnection> attribute.
 
sonar.tests

Comma-separated paths to directories containing tests.
Not compatible with Maven, which retrieves test from the default location for Java Maven projects.  

 

sonar.language

Set the language of the source code to analyze. Browse the Plugin Library page to get the list of all available languages. If not set, a multi-language analysis will be triggered.

 

sonar.sourceEncoding

Set the source file encoding.

Encoding of source files. Example of values: UTF-8, MacRoman, Shift_JIS. This property can be replaced by the standard property project.build.sourceEncoding in Maven projects.

The list of available encodings depends on your JVM. See   (column :  )

System encoding

sonar.projectDate

Assign a date to the analysis.

: This parameter is applicable to a few, special use cases, rather than being an "every day" parameter:

To answer those use cases, you can use the sonar.projectDate property. The format is yyyy-MM-dd, for example: 2010-12-01.

The process is the following:

 You may need to adjust your housekeeping settings if you wish to create a long-running history.

Current date

 sonar.branch

Manage SCM branches. 

If you are a user of Developer Cockpit, please see "Limitation" section in the Developer Cockpit Installation and Usage

 

sonar.profile

This property is deprecated since SQ 4.5 LTS (see  .

Default profile for the given language

 

sonar.projectBaseDir

Use this property when you need analysis to take place in a directory other than the one from which it starts. E.G. analysis begins from   but the files to be analyzed are in  . The path may be relative or absolute.

Specify not the the source directory, but some parent of the source directory. The value specified here becomes the new "analysis directory", and other paths are then specified as though the analysis were starting from the new sonar.projectBaseDir.

Note that the analysis process will need write permissions in this directory; it is where the sonar.working.directory will be created.

 
 sonar.working.directory

Set the working directory for an analysis triggered with the SonarQube Scanner or the SonarQube Ant Task (versions greater than 2.0).

Path must be relative and unique for each project.

Beware: the specified folder is deleted before each analysis.

This property can be used to explicitly tell SonarQube which SCM plugin should be used to grab SCM data on the project (in case auto-detection does not work). The value of this property is always lowercase and depends on the plugin (ex. "tfvc" for the TFVC plugin). Check the documentation page of each plugin to know more.  
sonar.scm.forceReloadAll By default, blame information is only retrieved for changed files. Set this property to true to load blame information for all files. This can be useful is you feel that some SCM data is outdated but SonarQube does not get the latest information from the SCM engine. false

Exclusions / Inclusions

See Narrowing the Focus to:

  • Exclude files from analysis
  • Prevent some files from being checked for duplications
  • Prevent some files from being taken into account for code coverage by unit tests and integration tests
  • Ignore issues on certain components and against certain coding rules 
sonar.inclusions Comma-delimited list of file path patterns to be included in analysis. When set,   files matching the paths set here will be included in analysis.  
sonar.exclusions Comma-delimited list of file path patterns to be excluded from analysis.  
sonar.coverage.exclusions Comma-delimited list of file path patterns to be excluded from coverage calculations  
sonar.test.exclusions Comma-delimited list of test file path patterns to be excluded from analysis.  
sonar.test.inclusions Comma-delimited list of test file path patterns to be included in analysis. When set,  test files matching the paths set here will be included in analysis.  
sonar.issue.ignore.allfile Files containing text matching this regular expression will be ignored by analysis.  
If set to true, all files are imported - with respect to inclusions and exclusions, even if there is no matching language plugin installed.
sonar.cpd.exclusions Comma-delimited list of file path patterns to be excluded from duplication detection  

Duplications

Key Description

Default value

sonar.cpd.exclusions (see the Exclusions/Inclusions section)  
sonar.cpd.${language}.minimumtokens A piece of code is considered duplicated as soon as there are at least 100 duplicated tokens in a row (overide with sonar.cpd.${language}.minimumTokens) spread on at least 10 lines of code (override with sonar.cpd.${language}.minimumLines). For Java projects, a piece of code is considered as duplicated when there is a series of at least 10 statements in a row, regardless of the number of tokens and lines. This threshold cannot be overridden.  100
sonar.cpd.${language}.minimumLines 10

Analysis Logging

Control the quantity / level of logs produced during an analysis.

DEBUG: 
Display INFO logs + more details at DEBUG level.
Similar to 

TRACE: 
Display DEBUG logs + the timings of all ElasticSearch queries and Web API calls executed by the SonarQube Scanner.

sonar.verbose

Add more detail to both client and server-side analysis logs.

 There is the potential for this setting to expose sensitive information such as passwords if they are stored as server-side environment variables.
false
sonar.showProfiling

Display logs to see where the analyzer spends time.

This parameter is generating a file containing these timing infos in

false
sonar.scanner.dumpToFile Outputs to the specified file the full list of properties passed to the scanner API as a means to debug analysis.  

Parameters specific to Integration

Those parameters are listed here for completeness of this documentation page - but regular users should not have to worry about them because they mainly target integration use cases.

sonar.analysis.mode

This parameter is set to preview as part of PR analysis.

https://docs.sonarqube.org/display/SCAN/Advanced+SonarQube+Scanner+Usage https://docs.sonarqube.org/display/SONAR/Analysis+Parameters

  Call us on +91 700 483 5930   |   +91 700 483 5706     [email protected]

Is it possible to get some customized parameters in Custom rule?

Following This tutorial , I can write my custom rule checker.

For now, I can only get the key of project via context.getProject().key() .

The key is defined from scanner command line such as -Dsonar.projectKey=keyOfProject

Is It possible I can defined more customized parameters in the same way and received them in my custom rule?

If not, May be this is a new useful API worthy of implementation?

What’s the ultimate goal – how would you use this when developing rules?

Most customised parameters would be defined for the rule and then adjusted as part of a Quality Profile.

In my case, I want to pass an unique ID to the rule, although the rule is already defined in a specific Quality Profile. But I need this unique ID for applying different checks in the same rule.

Is is possible for me to do that?

In this case, we’d probably suggest creating different rules (the behavior of how the check is applied should be defined mostly by what rules are active in a quality profile, not by analysis parameter).

There are some exceptions you could try and model after if you’re really certain this makes sense, like how we adjust rules based on the sonar.java.version analysis parameter.

Thanks Colin. That helps a lot.

Navigation Menu

Search code, repositories, users, issues, pull requests..., provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

  • Notifications You must be signed in to change notification settings

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Kotlin] Bogus errors NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR #1036

@rupert-jung-mw

rupert-jung-mw commented Aug 29, 2024 • edited Loading

When analyzing Kotlin dataclasses, I get one "critical" error for each non-nullable constructor parameter without a default value with the following description:

"The field is marked as non-null, but isn't written to by the constructor. The field might be initialized elsewhere during constructor, or might always be initialized before use."

This is just plain wrong as the property is part of the constructor and to be set there with a non-null value.

Sonar Qube 9.9 (build 65466)

Version
SonarQube 65466
Sonar-FindBugs 4.2.4
Maven 3.9
Kotlin 2.0.20

The text was updated successfully, but these errors were encountered:

@gtoison

gtoison commented Aug 29, 2024

Thank you for reporting this issue, would you be able to share a sample compiled file and the corresponding source?
SpotBugs works by analyzing the bytecode, not the source, so it might be that something gets lost during the Kotlin compilation.

There should be a log line starting with in your analyzer logs, this should tell you the plugin version you are using. Alternatively it should be visible in the SonarQube admin page for plugin, but you need admin rights to see it

Sorry, something went wrong.

Hello ,

thank you, I updated the version in the ticket.

Unfortunately I am not allowed to share files from the project publically. Here is a small reproduction:

Kotlin Source:

"\"case\"") // 'case' is protected SQL keyword, so we have to put it in quotes here data class CaseBE( @Id override val id: CASE_ID = UUID.randomUUID(), override var createdAt: OffsetDateTime, override var updatedAt: OffsetDateTime, var breakdownFormattedAddress: String, // <--- this is perfectly legal, value has to be specified when calling constructor ) : AbstractAuditedBaseBE(id, createdAt, updatedAt)

Decompiled class file

com.xxx.cases.entity @jakarta.persistence.Entity @jakarta.persistence.Table public final data class CaseBE public constructor(id: com.bmw.cc.csvbe.bm.cases.CASE_ID /* = java.util.UUID */ = COMPILED_CODE, createdAt: java.time.OffsetDateTime, updatedAt: java.time.OffsetDateTime, breakdownCity: kotlin.String) : com.bmw.cc.csvbe.persistence.AbstractAuditedBaseBE { @field:jakarta.persistence.Id public open val id: com.bmw.cc.csvbe.bm.cases.CASE_ID /* = java.util.UUID */ /* compiled code */ public open var createdAt: java.time.OffsetDateTime /* compiled code */ public open var updatedAt: java.time.OffsetDateTime /* compiled code */ public final var breakdownFormattedAddress: kotlin.String /* compiled code */ public final operator fun component1(): com.bmw.cc.csvbe.bm.cases.CASE_ID /* = java.util.UUID */ { /* compiled code */ } public final operator fun component2(): java.time.OffsetDateTime { /* compiled code */ } public final operator fun component3(): java.time.OffsetDateTime { /* compiled code */ } public final operator fun component4(): kotlin.String { /* compiled code */ } public open operator fun equals(other: kotlin.Any?): kotlin.Boolean { /* compiled code */ } public open fun hashCode(): kotlin.Int { /* compiled code */ } public open fun toString(): kotlin.String { /* compiled code */ } }

Here's the class file:

The error looks in SonarQube like this, even the marker looks like it is on the wrong line (it says 'L1' for line number for each of the errors)

PS: Actually, there are more bogus errors when analyzing files compiled from Kotlin. There was another problem with 'duplicated lines' referencing to line numbers not even existing in the source (where in fact was not a single duplicated line).

I was under the impression that FindBugs is supporting Kotlin (not only Java)? If not, how can I deactivate it for Kotlin (currently this is breaking our deployment pipelines). I was trying something like

.findbugs.onlyAnalyze>**/*.java</sonar.findbugs.onlyAnalyze>

in pom.xml, but it didn't work.

PS2: The FindBugs errors are not reported in SonarLint connected to the same project, there are only visible in SonarQube for some reason)

For Java the compilation process is relatively straightforward and each byte code instructions maps to a source line.
Kotlin is bit different because (last time I checked) there's a transpilation step where the Kotlin source is turned into a java source and then the compiler adds things such as helper or extension methods that were not in the original Kotlin source, to support the constructs provided by the language.
I don't quite recall the details but from memory there are cases when I'm not able to trace back the source line corresponding to a byte code instruction, sometimes the bytecode is from the Kotlin standard library. So when SpotBugs finds an issue it can happen that it is reported on the first line.

There's a sample Kotlin project analysed during the integration tests. It would help immensely if you could provide me with a sample Kotlin source (with minimal dependencies) illustrating the problem. Sorry for the silly request but I don't know Kotlin!

Regarding Sonarlint, it does not apply the rules corresponding to plugins by design. I think it wouldn't be easy for Sonarsource to provide a plugin API allowing incremental analysis. This explains why you only see the issues in SonarQube.

In the end the problem is most likely with SpotBugs, since the plugin is essentially converting SpotBugs issues into SonarQube issues.

Ah sorry, just saw you had linked a dummy sample .class file, let me look into that.

For the "duplicated lines" issue, I'm not sure what you might be referring to because I could not find that text in the plugin or in SpotBugs, could you please provide more details?

Here's a simple data class you could add to the sample project:

MyData( var mutableProp: String, val immutableProp:String, val immutableProp:String, var mutablePropWithDefault: String = "hello", val immutableNullableProp:String?, var mutableNullablePropWithDefault: String? = "hello", val immutableNullableProp: String?, var mutableNullablePropWithDefaultNull: String? = null, )

I will also try to provoke the line duplication errors on another test branch.

  • 👍 1 reaction

rupert-jung-mw commented Aug 29, 2024

Here's the error about line duplications:

This is how the file looks like:

com.xxx.yyy.spring.rest.control import io.swagger.v3.oas.models.OpenAPI import io.swagger.v3.oas.models.Paths import io.swagger.v3.oas.models.info.Contact import io.swagger.v3.oas.models.info.Info import io.swagger.v3.oas.models.security.SecurityScheme import io.swagger.v3.oas.models.security.SecurityScheme.Type.HTTP import io.swagger.v3.oas.models.servers.Server import org.springdoc.core.customizers.OpenApiCustomizer import org.springdoc.core.models.GroupedOpenApi import org.springframework.beans.factory.annotation.Value import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration private const val PROTOCOL_TLS: String = "https://" private const val PROTOCOL_HTTP: String = "http://" private const val REGION_EMEA: String = "eu-central-1" private const val REGION_US: String = "us-east-1" private const val AWS_CLOUD_XXX: String = "aws.cloud.xxx" private const val DAYTONA: String = "daytona" /** * Configuration of swagger. Please check app/pom.xml springdoc-openapi-maven-plugin. * Swagger config will be used both for exporting Swagger UI and for OpenAPI specification generation. */ @Configuration class SwaggerConfig( @Value("\${info.app.msIdLowerCase}") val msIdLower: String, @Value("\${info.app.msIdUpperCase}") val msIdUpper: String, @Value("\${info.app.groupId}") val groupId: String, @Value("\${info.app.name}") val name: String, @Value("\${info.app.description}") val description: String, @Value("\${info.app.contact}") val contact: String, @Value("\${info.app.version}") val version: String, @Value("\${info.app.namespace}") val namespace: String, @Value("\${info.app.product}") val product: String, @Value("\${info.app.productDepotUrl}") val productDepotUrl: String, ) { val defaultExtensions get() = mapOf( "x-xxx-msId" to msIdLower, "x-xxx-audience" to "component-internal", "x-xxx-2ndLevelSupportGroup" to "$namespace:global:2nd", "x-xxx-3rdLevelSupportGroup" to "$namespace:global:3nd" ) /** * Swagger/OpenAPI-Config for the app itself * (See README.MD for test values) */ @Bean fun appApi(): GroupedOpenApi { return GroupedOpenApi .builder() .group("app") .packagesToScan("$groupId.api.app.v1") .pathsToMatch("/**") .addOpenApiCustomizer(::infoCustomizer) .addOpenApiCustomizer(::tagsSorterCustomizer) .addOpenApiCustomizer(::serverUrlCustomizer) .build() } /** * Groups APIs from the testsupport package into one OpenAPI definition with description available under * [OpenAPI description URL]/testsupport. * Usage of GroupedOpenAPI enables to define multiple OpenAPI definitions. To add next OpenAPI definition for * the specified package or path, add another GroupedOpenAPI bean and another execution configuration in the * app/pom.xml file for springdoc-openapi-maven-plugin. */ @Bean fun testSupportOpenApi(): GroupedOpenApi = GroupedOpenApi .builder() .group("testsupport") .packagesToScan(*arrayOf("$groupId.api.testsupport.v1.boundary")) .pathsToMatch("/**") .addOpenApiCustomizer(basicAuthCustomizer()) .addOpenApiCustomizer(::tagsSorterCustomizer) .addOpenApiCustomizer(::testSupportOpenApiCustomizer) .build() /** * Defines basic authorization security scheme. */ private fun basicAuthCustomizer() = OpenApiCustomizer { openAPI: OpenAPI -> openAPI .components( openAPI.components .addSecuritySchemes( "basic", SecurityScheme().type(HTTP).scheme("basic") ) ) } /** * Adjusts API definition to follow the API validation rule requiring alphabetically sorted tags. * * @see [ * API validation rules](link removed) */ private fun tagsSorterCustomizer(openAPI: OpenAPI) = openAPI.tags(openAPI.tags?.sortedBy { it.name } ?: emptyList()) private fun infoCustomizer(openAPI: OpenAPI) = openAPI.info( Info() .title("XXX CV $name API") .description(description) .version(version) .extensions( mapOf( "x-xxx-apiId" to "xxx-cv-${msIdLower.replace("-", "")}-api", ) + defaultExtensions ) .contact( Contact() .name(description) .url("(link removed)") .email(contact) ) ) /** * Adds a server URL to select in the SwaggerUI */ private fun serverUrlCustomizer(openAPI: OpenAPI) { val urlPrefix = "$PROTOCOL_TLS$msIdLower" val urlPostFixEmea = "$REGION_EMEA.$product.$DAYTONA.$REGION_EMEA.$AWS_CLOUD_XXX/$msIdLower" val urlPostFixUs = "$REGION_US.$product.$DAYTONA.$REGION_US.$AWS_CLOUD_XXX/$msIdLower" openAPI.servers = listOf( // ---------------------------- LOCAL -------------------------------- Server() .url(PROTOCOL_HTTP + "localhost:8080/" + msIdLower) .description("Local development"), Server() .url(PROTOCOL_TLS + "localhost:8081/" + msIdLower) .description("Local development (TLS)"), // ---------------------------- EUROPE ------------------------------- Server() .url("$urlPrefix.test.$urlPostFixEmea") .description("EMEA-TEST"), Server() .url("$urlPrefix.e2e.$urlPostFixEmea") .description("EMEA-E2E"), Server() .url("$urlPrefix.int.$urlPostFixEmea") .description("EMEA-INT"), Server() .url("$urlPrefix.prod.$urlPostFixEmea") .description("EMEA-PROD"), // ------------------------------ US ---------------------------------- Server() .url("$urlPrefix.e2e.$urlPostFixUs") .description("US-E2E"), Server() .url("$urlPrefix.prod.$urlPostFixUs") .description("US-PROD") ) } /** * Customizes API definition for test support API. * Adjusts API definition to follow the API validation rules: sets version number in server URL * and removes version numbers from paths. * * @see [ * API validation rules]((link removed)) */ private fun testSupportOpenApiCustomizer(openAPI: OpenAPI) { with(openAPI) { servers = listOf( Server().url("http://localhost:8080/$msIdLower/test-support/v1") ) paths = paths .mapKeys { it.key.replaceFirst("/test-support/v1", "")} .let{ Paths().apply { putAll(it) } } info = Info() .title("XXX CV " + msIdUpper + "Test Support API") .description("Api shows how to use JPA, JMS and external services.") .version("1.0.0") .extensions( mapOf( "x-xxx-apiId" to "xxx-cv-$msIdLower-testsupport", "x-xxx-tags" to listOf("test-support"), ) + defaultExtensions ).contact( Contact() .name(name) .url(productDepotUrl) .email(contact) ) } } }

Where are these 12.4% duplicated lines from? Also from the class file (which I can't change as dev)?

Ah right, the duplicates lines are part of SonarQube's built-in analysis, this is not from the plugin.
If you open the corresponding source file in SonarQube there should be a vertical gray line at the left of the duplicated lines. Clicking that gray bar should tell you where the duplicates are

Thanks again for reporting the issue and the samples, I'm testing a fix for the bogus :
The compiled bytecode contains this method:

I suppose that this zero-arg constructor is required because it is a JPA entity and (as SpotBugs is saying) it seems to be assigning nulls to non-null fields. However this is generated code, so probably not very relevant to report this to the developpers.

@gtoison

rupert-jung-mw commented Aug 30, 2024 • edited Loading

The zero-arg constructor is automatically generated by the kotlin 'jpa' compiler plugin (which internally uses the no-args plugin), correct. That's basically a JPA-thing, it does just require a zero-arg-constructor and then sets the values via setters.

No branches or pull requests

@gtoison

Alexis Ada Reference Manual

  • Legal Information
  • Contact Alexis

Home

  • warning: Undefined array key "value" in /home/clients/www/drupal/sites/all/modules/fivestar/fivestar.module on line 1121.
  • warning: Undefined array key "value" in /home/clients/www/drupal/sites/all/modules/fivestar/fivestar.module on line 1136.
  • warning: Undefined array key "value" in /home/clients/www/drupal/sites/all/modules/fivestar/fivestar.module on line 1137.

assignment to "in" mode parameter not allowed

You cannot assign a read-only variable.

When you learn about Ada, you are taught that parameters are passed as copy when you are using the in keyword. The fact is that the compiler can decide to pass the parameter by reference and therefore it views the variable as a read-only variable. You cannot write in that variable.

For instance, a loop through a linked list to find the last element in the list could look like this:

The solution to the problem is to create a local instance and copy the read-only variable in the local instance variable.

  • Login to post comments
  • GNAT Errors
  • Compiler Results

Powered by Made to Order Software Corp.

Latest Edits

  • 3.6 Array Types
  • 3.5.5 Operations of Discrete Types
  • 3.5.9 Fixed Point Types
  • Section 7: Packages
  • Introduction

External References

  • Annotated Ada 2005 Reference Manual
  • ACATS 3.0 User's Guide
  • Ada 2005 Tests
  • Annotated Ada 2012 Reference Manual
  • Ada 95 Reference Manual
  • Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
  • Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand
  • OverflowAI GenAI features for Teams
  • OverflowAPI Train & fine-tune LLMs
  • Labs The future of collective knowledge sharing
  • About the company Visit the blog

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Get early access and see previews of new features.

"Optional parameters should not be used" error thrown in SonarQube analysis

I'm getting error - "Optional parameters should not be used" in Sonar analysis for C# project. Actually in C# latest version we can define optional parameter but SonarQube analysis says Optional parameters should not be used. How can I solve this issue? I'm using latest SonarQube version 6.0.

  • optional-parameters

Rasik Bapotra's user avatar

  • 1 Your question is like this : I getting some error, It is because of some x ; how can i solve that? Definitely their may be someone ready to help you, please be clear about your issues help him to understand the issues –  sujith karivelil Commented Jan 3, 2017 at 6:00

You can either deactivate the rule on your SonarQube server or mark it as False Positive for your particular case but I would recommend you to have a look at why we created this rule before you deactivate it. You can find more information about this rule on our Rules website or on Microsoft website .

Amaury Levé's user avatar

  • Rules website link mentioned in your reply is not working. –  Rasik Bapotra Commented Jan 13, 2017 at 10:36
  • Hi Rasik, I just checked and both links are working from here (Switzerland). Could you check it is not your firewall? –  Amaury Levé Commented Jan 13, 2017 at 13:09
  • I'm still not able to open it. Can you please send it to [email protected] . –  Rasik Bapotra Commented Jan 19, 2017 at 8:17
  • Not sure if this will change something but I did it. –  Amaury Levé Commented Jan 19, 2017 at 10:56

Your Answer

Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more

Sign up or log in

Post as a guest.

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .

Not the answer you're looking for? Browse other questions tagged c# sonarqube optional-parameters or ask your own question .

  • The Overflow Blog
  • The hidden cost of speed
  • The creator of Jenkins discusses CI/CD and balancing business with open source
  • Featured on Meta
  • Announcing a change to the data-dump process
  • Bringing clarity to status tag usage on meta sites
  • What does a new user need in a homepage experience on Stack Overflow?
  • Feedback requested: How do you use tag hover descriptions for curating and do...
  • Staging Ground Reviewer Motivation

Hot Network Questions

  • Representing permutation groups as equivalence relations
  • What prevents random software installation popups from mis-interpreting our consents
  • Show that an operator is not compact.
  • Star Trek: The Next Generation episode that talks about life and death
  • Where is this railroad track as seen in Rocky II during the training montage?
  • Why is this bolt's thread the way it is?
  • In a tabular with p-column, line spacing after multi-line cell too short with the array package
  • How to automatically assign Material in slot to generated mesh from Geometry Node
  • Calculating greeks by finite difference in MC simulation
  • Numbers, or are they?
  • Intersection of Frobenius subalgebra objects
  • help to grep a string from a site
  • How does the phrase "a longe" meaning "from far away" make sense syntactically? Shouldn't it be "a longo"?
  • Gravitational potential energy of a water column
  • Why didn't Air Force Ones have camouflage?
  • What is the nature of the relationship between language and thought?
  • Current in a circuit is 50% lower than predicted by Kirchhoff's law
  • Why is LiCl a hypovalent covalent molecule?
  • How to change upward facing track lights 26 feet above living room?
  • How can we know how good a TRNG is?
  • Does the average income in the US drop by $9,500 if you exclude the ten richest Americans?
  • Is there a way to prove ownership of church land?
  • Children in a field trapped under a transparent dome who interact with a strange machine inside their car
  • Should Euler be credited with Prime Number Theorem?

sonar assignment of parameter is not allowed

Analysis scope

On this page.

There are many cases where you do not want to analyze every aspect of every source file in your project. For example, your project may contain generated code, source code from libraries, or intentionally duplicated code.

In such cases, it makes sense to skip some or all aspects of analysis for these files, thus removing noise and narrowing the focus to issues that really matter.

To help narrow the focus, SonarQube gives you several options to precisely configure what will be analyzed and how. Most of the properties that define your analysis scope can be defined in the SonarQube UI. Other parameters must be set explicitly in the scanner invocation or in the appropriate configuration file as we describe in more detail below; see the Analysis parameters page for more detail.

.css-4ebt6d{position:relative;--tw-text-opacity:1;color:rgb(0 0 0 / var(--tw-text-opacity));} Setting the initial scope .css-abpesc{width:2rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-abpesc:hover{fill:#290042;}

The initial scope of analysis is controlled by the following parameters:

  • sonar.sources  define the initial scope of analysis for non-test code in your project.
  • sonar.tests  define the initial scope of analysis for test code in your project.

These parameters define the starting point for analysis scope adjustment:

  • Files outside the scope defined by these parameters  will not  be analyzed at all.
  • Files within the scope defined by these parameters  will  be analyzed  unless excluded by further adjustments  (exclusions, inclusions, etc. See below.)

Additionally, these parameters are:

  • only set at the project level. There are no global, server-level equivalents for these parameters.
  • either set automatically by your SonarScanner, set explicitly in the  sonar-project.properties  configuration file, or set on the command line that invokes the scanner. There are no UI settings for these parameters.
  • set explicitly and both accept a comma-delimited list of paths. Pattern matching with wildcards is not supported.

Why is test code scoped separately? .css-p7dib0{width:1.75rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-p7dib0:hover{fill:#290042;}

Test and non-test code are distinguished because

  • Different analysis rules are applied to the two categories.
  • The two categories have different metrics
  • Test code does not count toward lines-of-code limits defined by your license.
  • Test code does not count towards coverage (you don't have to test your test code)

Automatic setting for Maven, Gradle, and .NET

If you are analyzing code using SonarScanner for Maven, SonarScanner for Gradle, or SonarScanner for .NET, the  sonar.sources  and  sonar.tests  parameters are automatically determined based on information in your project configuration. You do not have to explicitly set the parameters. If you do explicitly set the parameters (for example in your  pom.xml , in the case of Maven), this will override the automatically determined values.

If you use SonarScanner for Maven, see also Adjusting the analysis scope of Maven projects .

Defaults settings for other scenarios

If you are not using Maven, Gradle or .NET then

  • By default,  sonar.sources  is set to the current working directory (the path  . ).
  • By default,  sonar.tests  is not set.

Explicit settings

If the defaults are not suitable (for example, if you  do  have test code) you must set the parameters explicitly in the scanner invocation or in the appropriate configuration file (see Analysis parameters ).

When explicitly set, both  sonar.sources  and  sonar.tests  take a comma-delimited list of directories or files.

  • The entries in the list are simple paths. Wildcards ( * ,  ** , and  ? ) are not allowed.
  • A directory in the list means that all analyzable files and directories recursively below it are included. An individual file in the list means that the file is included.
  • The paths are interpreted relative to the project base directory. The base directory is defined by the scanner you are using. In most cases, this is the root directory of the project. If you are using the SonarScanner CLI, your base directory will be the current directory from which you invoke the tool (though this can be overridden using the parameter  sonar.projectBaseDir ).

Let's say your repository looks something like this, with your source and test code clearly separated at the top level:

sonar assignment of parameter is not allowed

In this case, you would set your  sonar.sources  like this:

sonar assignment of parameter is not allowed

and your  sonar.tests  like this:

sonar assignment of parameter is not allowed

If you configure your scope in the  sonar-project.properties  file, it would look like this:

There is no need for any further fine-tuning.

Wildcard patterns

While the  sonar.sources  and  sonar.tests  parameters take simple paths, most of the parameters discussed below use path-matching patterns.

The recognized path-matching patterns are defined using the following wildcards:

  • *  Match zero or more characters (not including the directory delimiter,  / ).
  • **  Match zero or more directory segments within the path.
  • ?  Match a single character (not including the directory delimiter,  / ).

Wildcard examples

  • matches  anyDirectory/anyFile.css
  • doesn't match  org/sonar.api/MyBean.java
  • matches  org/sonar.api/MyBean.java
  • doesn't match  org/sonar/util/MyDTO.java
  • matches  org/sonar/util/MyOtherBean1.java
  • doesn't match  org/sonar/util/MyOtherBean.java
  • matches  org/sonar/MyClass.java
  • doesn't match  org/sonar/util/MyClassUtil.java
  • matches  org/sonar/anyDirectory/anyFile
  • matches org/sonar/MyClass.java
  • doesn't match  org/radar/MyClass.java

Location of UI settings

Unless otherwise noted, all the parameters below are settable at both the global and project level. The UI locations for the settings are found under:

  • Administration > Configuration > General Settings (for global settings)
  • Project Settings > General Settings (for project-level settings)

Any setting made at the global level will apply to all projects unless overridden at the project level (the only exceptions are the global exclusion parameters discussed above).

File exclusion and inclusion

If the directory structure of your project does not cleanly separate source code from test code at the top level, you may have to adjust the scope using exclusions and inclusions.

Inclusions and exclusions should not be part of the initial analysis configuration. We recommend setting them only to solve issues. For example, when you notice that an analysis picked up files that you did not want analyzed.

These are set in the UI for both global and project levels, as follows:

Global level

Administration > Configuration > General Settings >  Analysis Scope > A. File Exclusions

  • Global Source File Exclusions : One or more wildcard patterns defining which files are filtered out from those defined by  sonar.sources . This setting will apply to all projects on your SonarQube server. It cannot be overridden by any project-level source file exclusion. It also cannot be set as a key in a configuration file. If it is set, it must be set in the UI.
  • Source File Exclusions : The same as the global version above except that it  can  be overridden by a project-level source file exclusion. It cannot be set as a key in a configuration file. If it is set, it must be set in the UI.
  • Global Test File Exclusions : Same as the Global Source File Exclusions, above, except that it applies to test files.
  • Source File Inclusions : One or more wildcard patterns defining which files to retain, while filtering out all others, from those defined by  sonar.sources . This applies to all projects on your SonarQube server, though it can be overridden at the project level. It cannot be set as a key in a configuration file. If it is set, it must be set in the UI.
  • Test File Exclusions : Same as the Source File Exclusions, above, except that it applies to test files.
  • Test File Inclusions : Same as the Source File Inclusions, above, except that it applies to test files.

Project level

Project Settings > General Settings >  Analysis Scope > A. File Exclusions

  • Source File Exclusions : One or more wildcard patterns defining which files are filtered out from those defined by  sonar.sources . This can also be set in a configuration file using the key  sonar.exclusions .
  • Source File Inclusions : One or more wildcard patterns defining which files to retain, while filtering out all others, from those defined by  sonar.sources . This can also be set in a configuration file using the key  sonar.inclusions .
  • Test File Exclusions : One or more wildcard patterns defining which files are filtered out from those defined by  sonar.tests . This can also be set in a configuration file with the key  sonar.test.exclusions .
  • Test File Inclusions : One or more wildcard patterns defining which files to retain, while filtering out all others, from those defined by  sonar.tests . This can also be set in a configuration file using the key  sonar.test.inclusions .

To set these parameters by key you can:

  • Set them in the configuration file  <YOUR_PROJECT>/sonar-project.properties .
  • Set them on the command line when invoking the scanner.
  • In the case of Maven, Gradle, or .NET projects, set them in the appropriate framework-specific configuration file.

How the parameter values are interpreted

The wildcard patterns are interpreted relative to the project base directory.

Exclusions and inclusions apply  on top of  the  sonar.sources  and  sonar.tests  settings. Both the exclusion and inclusion parameters act as filters. They only ever reduce the number of files in the analyzable set, they never add to the set.

Let's say your repository looks something like this, with your test code intermingled with your source code:

sonar assignment of parameter is not allowed

You would define your  sonar.sources  like this, taking in the whole  src  directory:

sonar assignment of parameter is not allowed

and then set  Source File Exclusions  (key  sonar.exclusions ) to

The result is that the set of source files to be scanned is everything under  src  minus every  test  subdirectory:

sonar assignment of parameter is not allowed

To define the test files, first set  sonar.tests  to the whole  src  directory:

sonar assignment of parameter is not allowed

and then set  Test File Inclusions  (key  sonar.test.inclusions ) to

The result is that the set of source files to be scanned is everything under  src   minus everything that is not  a  test  subdirectory:

sonar assignment of parameter is not allowed

Naming of parameters

Note that the initial scoping parameter for test code is  sonar.tests  (that's  tests  with an  s !) while the exclusion and inclusion parameters for test code are  sonar.test.exclusions  and  sonar.test.inclusions  (that's  test , without an  s !).

Relationship with test coverage reporting

The test scoping parameters (  sonar.tests ,  sonar.test.exclusion , and  sonar.test.inclusion ) do not have anything to do with setting up test coverage reporting (see  Test coverage ). However, SonarQube will report an error if an imported coverage report lists a test file not encountered in the directories specified by the scoping parameters.

The parameter  sonar.coverage.exclusions , on the other hand, is directly related to test coverage reporting (see below).

Code coverage exclusion

Analysis Scope > B. Code Coverage Exclusions

This setting lets you exclude specific files or directories from code coverage reporting. The value of the parameter is a comma-delimited list of path-matching patterns relative to the current working directory.

When setting by key, use  sonar.coverage.exclusions

Duplication exclusions

Analysis Scope > C. Duplication Exclusions

This setting lets you exclude specific files or directories from duplication checking. The value is a comma-delimited list of path-matching patterns relative to the current working directory.

When setting by key, use  sonar.cpd.exclusions

Setting the scope by file type

Languages >  Your Language

Most languages offer a way to restrict the scope of analysis to files matching a set of extensions. You can specify one or more suffixes (file extensions) for each language. For example, for the C language,  .c  and  .h  are set by default.

When setting by key, use the appropriate parameter of the form  sonar.<LANGUAGE>.file.suffixes .

Setting the secret detection scope

By default, SonarQube detects exposed secrets in all files processed by the language analyzers. You can refine the scope of the secret detection: see Adjusting the secret detection scope .

Ignoring issues in files based on content

Analysis Scope > D. Issue Exclusions > Ignore Issues on Files

You can ignore files that contain a block of code matching a given regular expression. All issues as well as security hotspots, will be ignored within those files. In this setting, you can enter one or more regular expression patterns. Any file containing at least one of the specified patterns will be ignored.

For example, let's say you have generated class files in your Java project that you wish to exclude. The files look something like this:

To exclude all such files, you might set this parameter to:

Note that since this value is a regular expression, you need to escape the  (  and  )  parentheses characters and use the expression  .*  match the string in between those parentheses.

The key for this parameter is  sonar.issue.ignore.allfile , however, because it is a multi-value property, we recommend that it only be set through the UI.

Ignoring blocks within files

Analysis Scope > D. Issue Exclusions > Ignore Issues on Blocks

You can ignore specific blocks of code within a file while continuing to scan the remainder of the file. Blocks to be ignored are delimited within the file by start and end strings. You specify these start and end strings by regular expressions. All issues as well as security hotspots within those blocks, will be ignored. You can enter one or more pairs of regular expression patterns. Any code in any file that lies between the start pattern and its corresponding end pattern will be ignored. Note that:

  • If the first regular expression is found but not the second one, the end of the file is considered to be the end of the block.
  • Regular expressions are not matched across multiple lines.

For example, let's say you want to ignore the code in the method  doSomethingElse  using block delimiters, like this:

You could specify the following regular expressions:

Start of block :  \s*//\s*START-NOSCAN

End of block:  \s*//\s*END-NOSCAN

These regular expressions ensure that the start and end block delimiters will be recognized regardless of the number of spaces around the line comment characters ( // ).

The key for this parameter is  sonar.issue.ignore.block . However, because it is a multi-value property, we recommend that it only be set through the UI.

Excluding specific rules from specific files

Analysis Scope > D. Issue Exclusions > Ignore Issues on Multiple Criteria

You can prevent specific rules from being applied to specific files by combining one or more pairs of strings consisting of a rule key pattern   and a file path pattern .

The key for this parameter is  sonar.issue.ignore.multicriteria, however, because it is a multi-value property, we recommend that only be set through the UI.

Rule key pattern

A rule key pattern consists of a rule repository name, followed by a colon, followed by a rule key, or a rule name globbing pattern.

For example:

  • java:S1195  matches exactly the  rule S1195  in the Java rule repository.
  • java:*Naming*  matches all rules in the Java repository that include the string  Naming  in their rule name.

You can find the fully qualified rule ID of the rule definition and the rule name in the rule definition.

For example, for  this rule :

  • Rule ID:  css:S4655
  • Rule name:  "!important" should not be used on "keyframes"

File path pattern

A file path pattern uses the path-matching format described above to specify a set of directories or files.

File path pattern examples

  • Rule key pattern:  *
  • File path pattern:  **/*
  • File path pattern:  bank/ZTR00021.cbl
  • File path pattern:  com/foo/*
  • Rule key pattern:  cpp:Union
  • File path pattern:  object/**/*

Applying specific rules to specific files

You can only apply specific rules to specific files.

  • Global level:  Administration > Configuration > General Settings > Analysis Scope > D. Issue Exclusions > Restrict Scope of Coding Rules
  • Project level:  Project Settings > General Settings > Analysis Scope > D. Issue Exclusions > Restrict Scope of Coding Rules

The mechanics of setting these parameters are the same as for  sonar.issue.ignore.multicriteria , above: Each entry consists of a rule key pattern and a file path pattern. The difference is that in this case, it means that the specified rule will only be applied to the specified set of files.

The key for this parameter is  sonar.issue.enforce.multicriteria . However, because it is a multi-value property, we recommend that it should only be set through the UI.

Multi-value pattern examples

  • Rule key pattern:  checkstyle:com.puppycrawl.tools.checkstyle.checks.coding.MagicNumberCheck
  • File path pattern:  **/*Bean.java
  • Rule key pattern 1:  cobol:COBOL.GotoTransferControlOutsideCurrentModuleCheck
  • File path pattern 1:  bank/creditcard/**/*
  • Rule key pattern 2:  cobol:COBOL.GotoTransferControlOutsideCurrentModuleCheck
  • File path pattern 2:  bank/bankcard/**/*

SonarQube respects ignored files

Your SonarQube analysis will automatically exclude files that are ignored by your source code control system. For example, in git repositories, it respects the  .gitignore  file. SonarQube also respects the ignore directives used in SVN repositories.

This behavior can be disabled by setting sonar.scm.exclusions.disabled = true in the configuration file or command line.

Note that while SonarQube understands standard  .gitignore  directives, it does not understand  .gitignore   negation patterns . These are the patterns preceded by an exclamation mark( ! ). We recommend not using them in SonarQube projects.

Was this page helpful?

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License

IMAGES

  1. Sonar.exclusions parameter is not working

    sonar assignment of parameter is not allowed

  2. Sonar parameter configuration for dataset construction.

    sonar assignment of parameter is not allowed

  3. Details of parameters for sonar equation.

    sonar assignment of parameter is not allowed

  4. How do we change the 'parameters' to rules?

    sonar assignment of parameter is not allowed

  5. [번역] 'var' on function parameter is not allowed

    sonar assignment of parameter is not allowed

  6. Sonar parameter embedding layer.

    sonar assignment of parameter is not allowed

VIDEO

  1. ICSE CLASS IX

  2. #javascript #challenge #day20 Output Program 54 destructuring assignment, the rest parameter Day20

  3. FANUC 16-TB: How to protect programs O8000 through O8999

  4. Sonar Technician interview questions

  5. Comprendre Bases

  6. Detection & Estimation Theory

COMMENTS

  1. How to remove 'Assignment of Parameter 'variable' is not allowed'

    In your if condition block, you are setting variable to null and it happens to be your method parameter. Instead of assigning the value to the method parameter, create a local variable and use it and return the value of the local variable from the method if at all it is intended.

  2. Sonar violation on "disallowed assignment of parameters"

    1 - There is a bug in the checkstyle plugin. 2 - The code sonar analysed is not quite the code you posted here. I believe that violation should apply in the following case: /**. * @param lastAccessTime the lastAccessTime to set. */. public void setLastAccessTime(Date lastAccessTime) lastAccessTime = lastAccessTime == null ? null : new Date ...

  3. New Rule: Variable should not be reassigned

    Reassigning existing variable to new value introduces additional complexity to the code and violates the immutability paradigm. New variable should be created instead of mutating of existing one. This should have an exception for the for loops and do/while loops as those (unfortunately) rely on the reassignment. snippet of Noncompliant Code found at GitHub - kamilbeben/variable-reassignment ...

  4. Analysis parameters & SonarQube

    Analysis parameters

  5. Analysis parameters

    Analysis / Command line parameters: Defined when launching an analysis with -D on the command line. Note that only parameters set through the UI are stored in the database. For example, if you override the sonar.exclusions parameter via command-line for a specific project, it will not be stored in the database.

  6. S3900 FP: Re-assignment of parameters is ignored #2591

    martin-strecker-sonarsource changed the title S3900 FP: when string value is re-assigned S3900 FP: Re-assignment of parameters is ignored Apr 5, 2023 pavel-mikula-sonarsource moved this from To do to In progress in Best Kanban Apr 6, 2023

  7. Analysis parameters

    Note that only parameters set through the UI are stored in the database. For example, if you override the sonar.exclusions parameter via the command line for a specific project, it will not be stored in the database.Subsequent analyses, or analyses in SonarLint with connected mode, would still be executed with the exclusions defined in the UI and therefore stored in the DB.

  8. Pointer and reference local variables should be "const" if the

    Add the reproducer option to the scanner configuration: sonar.cfamily.reproducer= "Full path to the button.c file" Re-running the scanner should generate a file named sonar-cfamily.reproducer in the project folder. Please share this file (I can send you a PM if you want to share it privately) I'm looking forward to nail down this false positive!

  9. SonarQube Properties and Parameters

    For example, if you override the sonar.exclusions parameter via command line for a specific project, it will not be stored in the database. Local analyses in Eclipse, for example, would still be executed with the exclusions defined in the UI and therefore stored in the DB. ... Allowed characters are: letters, numbers, '-', '_', '.' and ...

  10. Is it possible to get some customized parameters in Custom rule?

    gebitang (gebitang) January 4, 2021, 3:55am 1. Following This tutorial, I can write my custom rule checker. For now, I can only get the key of project via context.getProject ().key () . The key is defined from scanner command line such as -Dsonar.projectKey=keyOfProject. Is It possible I can defined more customized parameters in the same way ...

  11. Remove Assignments to Parameters

    First, if a parameter is passed via reference, then after the parameter value is changed inside the method, this value is passed to the argument that requested calling this method. Very often, this occurs accidentally and leads to unfortunate effects. Even if parameters are usually passed by value (and not by reference) in your programming ...

  12. Analysis Parameters & SonarCloud

    Setting configuration on the command line. For CI-based analysis (not automatic analysis), parameters can also be set on the command line using the -D option indicator when launching an analysis.This can be done with the standalone command-line tool sonar-scanner, as well as with any of the build-tool-specific variants like SonarScanner for Maven and SonarScanner for Gradle.

  13. S3928 reports "the parameter name ' ' is not declared in the argument

    Its not in a constructor, and its not a parameter. Here is a bit more context and an expanded example that should help. The function's intention is to get the column header indexes for each text label (in case the user re-orders columns) ExcelWorkbook inputSheet is a function parameter.

  14. Parsing error when using template type parameter with assignment by

    close #2317 There is a PEG issue with the order of template-parameter: type-parameter parameter-declaration type-parameter type-constraint rule matches in case of non integral data type. Sa...

  15. Narrowing the focus with analysis scope

    By default, sonar.sources is set to the current working directory (the path .). By default, sonar.tests is not set. Explicit settings. If the defaults are not suitable (for example, if you do have test code) you must set the parameters explicitly in the scanner invocation or in the appropriate configuration file (see Analysis Parameters).

  16. [Kotlin] Bogus errors NP_NONNULL_FIELD_NOT_INITIALIZED_IN ...

    Issue Description When analyzing Kotlin dataclasses, I get one "critical" error for each non-nullable constructor parameter without a default value with the following ...

  17. assignment to "in" mode parameter not allowed

    2. You cannot assign a read-only variable. When you learn about Ada, you are taught that parameters are passed as copy when you are using the in keyword. The fact is that the compiler can decide to pass the parameter by reference and therefore it views the variable as a read-only variable. You cannot write in that variable.

  18. c#

    1. You can either deactivate the rule on your SonarQube server or mark it as False Positive for your particular case but I would recommend you to have a look at why we created this rule before you deactivate it. You can find more information about this rule on our Rules website or on Microsoft website. Rules website link mentioned in your reply ...

  19. Narrowing the focus with an analysis scope

    By default, sonar.sources is set to the current working directory (the path .). By default, sonar.tests is not set. Explicit settings. If the defaults are not suitable (for example, if you do have test code) you must set the parameters explicitly in the scanner invocation or in the appropriate configuration file (see Analysis parameters).