Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

XML static code analysis

Unique rules to find Bugs and Code Smells in your XML code

Filtered: 1 rule found

lock-in

Impact

Clean code attribute

Dependencies should not have "system" scope
Bug

Dependencies should not have "system" scope

intentionality - complete

reliability

Bug

Why is this an issue?

system dependencies are sought at a specific, specified path. This drastically reduces portability because if you deploy your artifact in an environment that’s not configured just like yours is, your code won’t work.

Noncompliant code example

<dependency>
  <groupId>javax.sql</groupId>
  <artifactId>jdbc-stdext</artifactId>
  <version>2.0</version>
  <scope>system</scope>  <!-- Noncompliant -->
  <systemPath>/usr/bin/lib/rt.jar</systemPath>  <!-- remove this -->
</dependency>

Compliant solution

<dependency>
  <groupId>javax.sql</groupId>
  <artifactId>jdbc-stdext</artifactId>
  <version>2.0</version>
  <scope>provided</scope>
</dependency>

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Available Since
9.3

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.3

In-IDE

SaaS

Self-Hosted