Sonar javascript static code analyze - javascript riport missing. Maven project

Question

Help me, please. I don't know why missing only javascript static code analyze riports.

So, I have a maven project with multiple modules and the javascript codes in the frontend project.

• SonarJS plugin installed
• i'm running: mvn clean install sonar:sonar
• i have configure sonar from pom.xml instead of sonar-project.properties
• sonar version: 6.7 community edition

In the sonar overview it has java static code analyze riport both of modules, but nothin about javascript codes.

Here is my pom.xml settings in the parent project.

 <?xml version="1.0" encoding="UTF-8"?>
 <project ... >
...
<version>0.0.1-SNAPSHOT</version>
<modules>
    <module>backend</module>
    <module>frontend</module>
</modules>
<properties>
    ...
    <!-- sonar -->
    <sonar.version>3.4.0.905</sonar.version>
    <sonar.host.url>http://my.sonar.domain.url</sonar.host.url>
    <sonar.login>asdsd43f8g7fs498u9s8df7s97zf9er97zf7</sonar.login>
    <sonar.javascript.file.suffixes>.js,.jsx,.vue</sonar.javascript.file.suffixes>
    <sonar.sources>src/main/</sonar.sources>
    <sonar.test>src/test/</sonar.test>
    <sonar.jacoco.itReportPath>${project.testresult.directory}/coverage/jacoco/jacoco-it.exec</sonar.jacoco.itReportPath>
    <sonar.jacoco.reportPath>${project.testresult.directory}/coverage/jacoco/jacoco.exec</sonar.jacoco.reportPath>
    <sonar.java.codeCoveragePlugin>jacoco</sonar.java.codeCoveragePlugin>
    <!-- For Java -->
    <sonar.junit.reportsPath>reports/java/surefire-reports</sonar.junit.reportsPath>

    <!-- For JavaScript -->
    <sonar.javascript.lcov.reportPath>reports/js/lcov.dat</sonar.javascript.lcov.reportPath>
    ...
</properties>
<dependencies> ... </dependencies>
<build>
    <pluginManagement>
        <plugins>
            ...
            <plugin>
                <groupId>org.sonarsource.scanner.maven</groupId>
                <artifactId>sonar-maven-plugin</artifactId>
                <version>${sonar.version}</version>
                <executions>
                    <execution>
                        <id>sonar-run</id>
                        <phase>verify</phase>
                        <goals>
                            <goal>sonar</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            ....
        </plugins>
    </pluginManagement>
   </build>
</project>

UPDATE:

I have run sonar analyze with -X debug. The logs below:

[DEBUG] 15:08:27.144 'src/main/resources/static/js/template/template.js' excluded by org.sonar.plugins.javascript.JavaScriptExclusionsFileFilter
[DEBUG] 15:08:27.145 'src/main/resources/static/js/navigation/navigationEvents.js' excluded by org.sonar.plugins.javascript.JavaScriptExclusionsFileFilter
[DEBUG] 15:08:27.145 'src/main/resources/static/js/navigation/navigation.js' excluded by org.sonar.plugins.javascript.JavaScriptExclusionsFileFilter
[DEBUG] 15:08:27.145 'src/main/resources/static/js/navigation/moduleLoader.js' excluded by org.sonar.plugins.javascript.JavaScriptExclusionsFileFilter

But doesn't have any exculde settings.

Answer 1

You wrote in the comment that:

sonar.javascript.exclusions=**/node_modules/**,**/bower_components/**,**/js/**

If you didn't specify it in any pom.xml file, then that value is taken from the server. You can see the configuration by opening: https://sonar.host/admin/settings?category=javascript or Administration → Configuration → JavaSctript. Next you have to find the JavaScript Exclusions section:

Probably you will also see **/js/**. From my point of view you should delete that entry because it has no sense. If you cannot then you have to overwrite the default value by adding:

<sonar.javascript.exclusions>**/node_modules/**,**/bower_components/**</sonar.javascript.exclusions>

or

<sonar.javascript.exclusions></sonar.javascript.exclusions>

Answer 2

I'd say that first you want to try to execute coverage with sonar.properties file just to figure out - which keys you are still missing, preferably for js exclusively. Also, correct setting may depend on actual Sonar version that you are using.

One thing I see is that you have sonar.lcov.javascript.reportPath twice. Which one is the correct one (to start with use the hardcoded path, to make sure, you are getting the reports)

Secondly,in my project file I also had to specify the plugin to use (something like sonar.js.coveragePlugin = lcov ). Pehaps that you also want to add, since you are using lcov.

Finally, I also have the following flag set: sonar.dynamicAnalysis=reuseReports

That was needed to reuse the reports that were generated during the build.

On a side note, my configuration was created a 3 years back, for sonar version that was latest back then. There might have been some changes with the new releases of Sonar.

Answer 3

In pom of maven module containing JS code, set sonar.sources (and tests if you want) of your JS code