sonar-findbugs icon indicating copy to clipboard operation
sonar-findbugs copied to clipboard

Published 20 hours ago verified publisher icon spotbugs

NOSONAR not ignored

Open isaguimiot opened this issue 1 year ago • 2 comments

Issue Description

Some issues raised by findbugs have a //NOSONAR tag in the source code, but now they appear in the issues, instead of being ignored. (see screenshot attached) nosonar

Environment

We updated Sonarqube to 10.6 and use findbugs 4.2.7 (had to rollback after a bug was introduced in 4.2.8 : "missing bug code for keySECXXEVAL")

There's a topic on sonarqube community about this bug : https://community.sonarsource.com/t/nosonar-does-not-work/97763/4 They say it's a findbugs problem.

Could you investigate ?

isaguimiot avatar Aug 22 '24 21:08 isaguimiot

As far as I know this was never a feature of the findbugs plugin, because it analyses the compiled .class files where there's no NOSONAR comment. I suppose that SonarQube was silencing the issues raised by plugin when there was a NOSONAR comment on the line

gtoison avatar Aug 26 '24 05:08 gtoison

Hello @isaguimiot I got an answer from Colin at Sonarsource (here) and this is indeed supposed to work, even if the plugin does not check for NOSONAR Since the problem is not reproduced in his testing, Colin is asking if you could provide a sample project reproducing the problem

gtoison avatar Sep 03 '24 15:09 gtoison

I'll close this since there was no feedback; the plugin (or SpotBugs) do not process the NOSONAR comment. Possibly SonarQube itself processes it to suppress issues?

gtoison avatar Nov 08 '24 12:11 gtoison