Friday, February 10, 2023

How to fix bugs found during SonarQube code analysis | How to resolve defects found in Java Web App during Sonar Scan

Let's say you have configured a build job in Jenkins to implement CI and you are performing code scan using SonarQube. Code scan results shown some defects(bugs) in your Java Code.

If you look at Jenkins console output, you can see analysis was successful.


If you look at SonarQube project dashboard, you are seeing defects like shown below. How do fix those defects? Let's see the steps to fix those defects.



Pre-requisites:
  • Sonarqube is setup and running
  • Jenkins is up and running
  • Java WebApp setup in GitHub
  • build job configured in Jenkins to perform code scan
Now login to SonarQube
Click on Project name MyWebApp


Click on Overall code, click on 3 Bugs
Now this shows what is the issue with code. it needs <!DOCTYPE> declaration before <html> tag


Click on Why this an issue to learn more about the issue and how you can fix it.
Now code to GitHub where Java WebApp is configured, edit the index.jsp under MyWebApp/src/main/webapp

Fix for bug # 1

add <!DOCTYPE html> above <html> tag

Fix for bug # 2

add <html lang="en">

Fix for bug # 3
    <head>
          <title>My WebApp</title>
          <meta content="text/html; charset=utf-8" />
    </head>  


Now commit the code changes.

run the build in Jenkins by clicking on Build now.
Login to SonarQube, now you will see no bugs.


This is how you can fix defects found by SonarQube.

No comments:

Post a Comment

How to Configure GitHub Advanced Security for Azure DevOps | How to Perform Security scan for Azure Repos using GitHub Advanced Security

GitHub Advanced Security for Azure DevOps brings the  secret scanning, dependency scanning  and  CodeQL code scanning  solutions already ava...