Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Secrets
ABAP
Apex
AzureResourceManager
C
C++
CloudFormation
COBOL
C#
CSS
Docker
Flex
Go
HTML
Java
JavaScript
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

Kotlin static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your KOTLIN code

Tags

Empty lines should not be tested with regex MULTILINE flag
Code Smell
Cognitive Complexity of functions should not be too high
Code Smell
String literals should not be duplicated
Code Smell
Functions should not be empty
Code Smell
Gradle settings file should always be present
Code Smell
Dependencies should be grouped by destination
Code Smell
Tasks should define "description" and "group"
Code Smell
"rootProject.name" should always be present in Gradle settings
Code Smell
Dependency versions shouldn't be hard-coded
Code Smell
"tasks.register()" should be preferred over "tasks.create()"
Code Smell
Variables assigned values should be read
Code Smell
"It" shouldn't be used as a lambda parameter name
Code Smell
Check for preconditions should be simplified
Code Smell
Redundant type casts and type checks should be removed
Code Smell
Type casts and type checks that can never succeed should be removed
Code Smell
Expression should be simplified with "isEmpty", "isNotEmpty" or "isNullOrEmpty"
Code Smell
Structural equality tests should use "==" or "!="
Code Smell
Element access should use indexed access operators
Code Smell
Single function interfaces should be functional interfaces
Code Smell
Functional interface implementations should use lambda expressions
Code Smell
Singleton pattern should use object declarations or expressions
Code Smell
Delegator pattern should use "by" clause
Code Smell
"when" statements should be used instead of chained "if" statements
Code Smell
"return" statements should be lifted before "if" or "when" statement
Code Smell
"Unit" should be used instead of "Void"
Code Smell
Kotlin coroutines API for timeouts should be used
Code Smell
The return value of functions returning "Deferred" should be used
Code Smell
ViewModel classes should create coroutines
Code Smell
Extension functions on CoroutineScopes should not be declared as "suspend"
Code Smell
Suspending functions should not be called on a different dispatcher
Code Smell
Dispatchers should be injectable
Code Smell
Functions returning Flow/Channel should not be suspending
Code Smell
Suspending functions should be main-safe
Code Smell
Coroutine usage should adhere to structured concurrency principles
Code Smell
"MutableStateFlow" and "MutableSharedFlow" should not be exposed
Code Smell
Redundant methods should be avoided in data classes
Code Smell
Operator "is" should be used instead of "isInstance()"
Code Smell
Character classes in regular expressions should not contain the same character twice
Code Smell
Regular expressions should not be too complicated
Code Smell
Native features should be preferred to Guava
Code Smell
Functions should not have identical implementations
Code Smell
Two branches in a conditional structure should not have exactly the same implementation
Code Smell
"when" statements should not have too many clauses
Code Smell
Sections of code should not be commented out
Code Smell
Unused function parameters should be removed
Code Smell
Unused "private" methods should be removed
Code Smell
Track uses of "FIXME" tags
Code Smell
Redundant pairs of parentheses should be removed
Code Smell
Nested blocks of code should not be left empty
Code Smell
Functions should not have too many parameters
Code Smell
Collapsible "if" statements should be merged
Code Smell
Core plugins IDs should be replaced by their shortcuts
Code Smell
Getter and setter pattern should use property getters and setters
Code Smell
"suspend" modifier should not be redundant
Code Smell
Character classes should be preferred over reluctant quantifiers in regular expressions
Code Smell
Multi-line comments should not be empty
Code Smell
Boolean checks should not be inverted
Code Smell
Code annotated as deprecated should not be used
Code Smell
Unused local variables should be removed
Code Smell
Local variable and function parameter names should comply with a naming convention
Code Smell
Unnecessary imports should be removed
Code Smell
Boolean literals should not be redundant
Code Smell
Class names should comply with a naming convention
Code Smell
Function names should comply with a naming convention
Code Smell
Track uses of "TODO" tags
Code Smell
Deprecated code should be removed
Code Smell
Track lack of copyright and license headers
Code Smell
"when" statements should not be nested
Code Smell
Control flow statements "if", "for", "while", "when" and "try" should not be nested too deeply
Code Smell
"if ... else if" constructs should end with "else" clauses
Code Smell
Expressions should not be too complex
Code Smell
Lambdas should not have too many lines
Code Smell
Kotlin parser failure
Code Smell
Functions should not have too many lines of code
Code Smell
Statements should be on separate lines
Code Smell
"when" clauses should not have too many lines of code
Code Smell
Files should not have too many lines of code
Code Smell
Lines should not be too long
Code Smell
Unicode-aware versions of character classes should be preferred
Code Smell
Tabulation characters should not be used
Code Smell

Dependency versions shouldn't be hard-coded

Code Smell

MajorSonarSource default severity
click to learn more

gradle

Why is this an issue?

In general hard-coded values is a well known bad practice that affects maintainability. In dependency management, this issue is even more critical because there is the risk of accidentally having different versions for the same dependency in your configuration.

Keeping hard-coded dependency versions increases the cost of maintainability and complicates the update process.

How to fix it

There are several ways to fix it:

extract the versions in variables
use Spring dependency management plugin: io.spring.dependency-management
use centralized dependencies with Version Catalogs

Code examples

Noncompliant code example

dependencies {
    testImplementation("org.mockito:mockito-core:4.5.1")
    testImplementation("org.mockito:mockito-inline:4.5.1")
}

Compliant solution

ext {
    mockitoVersion = "4.5.1"
}

dependencies {
    testImplementation("org.mockito:mockito-core:$mockitoVersion")
    testImplementation("org.mockito:mockito-inline:$mockitoVersion")
}

Resources

Documentation

Sharing dependency versions between projects

Conference presentations

Dependency management? Model it!

Standards

Version Catalogs

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

© 2008-2023 SonarSource S.A., Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, and SONARCLOUD are trademarks of SonarSource S.A. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.
Privacy Policy | Cookie Policy

In-IDE

SaaS

Self-Hosted