Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

XML static code analysis

Unique rules to find Bugs and Code Smells in your XML code

Filtered: 1 rule found

lock-in

Impact

Clean code attribute

Dependencies should not have "system" scope
Bug

Dependencies should not have "system" scope

intentionality - complete

reliability

Bug

CriticalSonarSource default severity
click to learn more

Why is this an issue?

system dependencies are sought at a specific, specified path. This drastically reduces portability because if you deploy your artifact in an environment that’s not configured just like yours is, your code won’t work.

Noncompliant code example

<dependency>
  <groupId>javax.sql</groupId>
  <artifactId>jdbc-stdext</artifactId>
  <version>2.0</version>
  <scope>system</scope>  <!-- Noncompliant -->
  <systemPath>/usr/bin/lib/rt.jar</systemPath>  <!-- remove this -->
</dependency>

Compliant solution

<dependency>
  <groupId>javax.sql</groupId>
  <artifactId>jdbc-stdext</artifactId>
  <version>2.0</version>
  <scope>provided</scope>
</dependency>

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

In-IDE

SaaS

Self-Hosted