Frequently Asked Questions

Which identity providers does SonarCloud support?

  • Only the following code repository platforms are supported as identity providers:
    • GitHub
    • Bitbucket Cloud
    • Azure DevOps Services
    • GitLab
  • You must have an account on one of these code repository platforms to log in to SonarCloud.

How do I get rid of issues that are false-positives?

False Positive and Won't Fix

  • You can mark individual issues as false positive or won't fix through the issues interface. If you're using short-lived branch and pull request analysis, issues marked as false positive or won't fix will retain that status after merge. This is the preferred approach.

Help us improve our vulnerabilities detection

When you mark a vulnerability as false positive or won't fix, explain why in the comment box. This feedback and the vulnerability context (current file content, issue and rule details) are reviewed by our teams to make SonarCloud better.

//NOSONAR

  • Most language analyzers support the use of the generic mechanism: //NOSONAR at the end of the line of the issue. This will suppress all issues - now and in the future - that might be raised on the line.

How do I find and remove projects that haven't been analyzed in a while?

  • In your organization: Administration > Projects Management you can search for Last analysis before to filter projects not analyzed since a specific date, and then use bulk Delete to remove the projects that match your filter.
  • This can be automated using the corresponding Web API: api/projects/bulk_delete?organization=ORG-KEY&analyzedBefore=YYYY-MM-DD.

What are the browsers supported by SonarCloud?

  • SonarCloud supports the following browsers:
    • the last 3 Chrome versions
    • the last 3 Firefox versions
    • the last 3 Safari versions
    • the last 3 Edge versions

What Java versions are supported by SonarCloud?

Java Version of Scanner Environment

  • If you are performing analysis in your local build environment through an installed scanner tool, then the Java runtime environment of the scanner (that is, the Java installed on your build machine) should be at least Java 11.
  • Similarly, if you are analyzing in a CI service, you should configure the Java environment to at least Java 11.
  • If you are exclusively using automatic analysis, that is, where the the SonarCloud service itself does the analysis, you do not have to do anything.
  • Starting October 2020, scanners running in pre-Java-11 environments will fail. We recommend upgrading to at least Java 11 as soon as possible.

Java Version of Targeted Code

  • Pre-Java-11 code (for example, Java 8 code) will continue to be analyzable. The version bump applies only to the environment within which the scanner is running, not the code that is being analyzed. See this page for details.

Should I upgrade beyond Java 11?

  • Java 11 is the current LTS. There are no immediate plans to move beyond it. You can upgrade to, for example, Java 14, but it is not required.

© 2008-2022, SonarCloud by SonarSource SA. All rights reserved.