{"id":37023712,"url":"https://github.com/philippefichet/sonarlint4netbeans","last_synced_at":"2026-01-14T02:51:18.154Z","repository":{"id":37007733,"uuid":"223600488","full_name":"philippefichet/sonarlint4netbeans","owner":"philippefichet","description":"SonarLint integration for Apache Netbeans","archived":false,"fork":false,"pushed_at":"2024-02-21T00:00:07.000Z","size":340066,"stargazers_count":34,"open_issues_count":9,"forks_count":8,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-07-06T12:02:34.720Z","etag":null,"topics":["analyzer","netbeans","netbeans-module","netbeans-plugin","quality","sonarlint","sonarqube","static-analysis","static-analyzer","static-code-analysis"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-2.1","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/philippefichet.png","metadata":{"files":{"readme":"README-CFamily.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-11-23T14:18:08.000Z","updated_at":"2024-11-28T07:06:35.000Z","dependencies_parsed_at":"2023-02-18T19:45:46.897Z","dependency_job_id":"4cc4f6b3-9d0e-43cb-a036-428a60079c57","html_url":"https://github.com/philippefichet/sonarlint4netbeans","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/philippefichet/sonarlint4netbeans","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philippefichet%2Fsonarlint4netbeans","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philippefichet%2Fsonarlint4netbeans/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philippefichet%2Fsonarlint4netbeans/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philippefichet%2Fsonarlint4netbeans/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/philippefichet","download_url":"https://codeload.github.com/philippefichet/sonarlint4netbeans/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/philippefichet%2Fsonarlint4netbeans/sbom","scorecard":{"id":731412,"data":{"date":"2025-08-11","repo":{"name":"github.com/philippefichet/sonarlint4netbeans","commit":"5e31bce20614395b1dc3b005a1bb27c9d5a4d76a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Code-Review","score":0,"reason":"Found 1/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-on-macos.yml:1","Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Warn: no topLevel permission defined: .github/workflows/sonarcloud.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":5,"reason":"binaries present in source code","details":["Warn: binary detected: src/main/sonar/plugins/sonar-html-plugin-3.9.0.3600.jar:1","Warn: binary detected: src/main/sonar/plugins/sonar-java-plugin-7.24.0.32100.jar:1","Warn: binary detected: src/main/sonar/plugins/sonar-javascript-plugin-10.7.0.22914.jar:1","Warn: binary detected: src/main/sonar/plugins/sonar-php-plugin-3.32.0.10180.jar:1","Warn: binary detected: src/main/sonar/plugins/sonar-xml-plugin-2.10.0.4108.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Lesser General Public License v2.1: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.5.0 not signed: https://api.github.com/repos/philippefichet/sonarlint4netbeans/releases/25643856","Warn: release artifact v1.5.0 does not have provenance: https://api.github.com/repos/philippefichet/sonarlint4netbeans/releases/25643856"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-on-macos.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/build-on-macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-on-macos.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/build-on-macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-on-macos.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/build-on-macos.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-on-macos.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/build-on-macos.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/maven.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/maven.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/sonarcloud.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/sonarcloud.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/sonarcloud.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sonarcloud.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/philippefichet/sonarlint4netbeans/sonarcloud.yml/master?enable=pin","Warn: containerImage not pinned by hash: .gitpod.Dockerfile:1: pin your Docker image by updating gitpod/workspace-full-vnc:2022-06-17-15-14-36 to gitpod/workspace-full-vnc:2022-06-17-15-14-36@sha256:f8884ca47d913ef6b06f345f6b1232ca5658d729c59ab463257030ce0c2e568f","Info:   0 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool detected","details":["Info: SAST configuration detected: Sonar","Warn: 0 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T14:32:03.037Z","repository_id":37007733,"created_at":"2025-08-22T14:32:03.037Z","updated_at":"2025-08-22T14:32:03.037Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408780,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analyzer","netbeans","netbeans-module","netbeans-plugin","quality","sonarlint","sonarqube","static-analysis","static-analyzer","static-code-analysis"],"created_at":"2026-01-14T02:51:17.598Z","updated_at":"2026-01-14T02:51:18.125Z","avatar_url":"https://github.com/philippefichet.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":":toc:\n:toclevels: 5\n\n= Analyse des fichiers pour C/C++\n\n== Introduction\n\nThe analysis of C/C++ files can be done using the SonarQube plugin `CFamily`. +\nThe `CFamily` plugin is not open source and is only available in the Developer Edition of SonarQube. +\nAs a reminder, this SonarLint integration is not an official plugin supported by SonarSource and the use of non-open source or licensed plugins is the responsibility of the user. +\nHowever, using the plugin is possible, but adding it to the SonarLint integration with Netbeans requires manual actions. +\n\n== Installation\n\nThe `CFamily` plugin is distributed by SonarSource in the official SonarLint plugins. +\nSo, once you get the `CFamily` plugin from SonarQube or an official SonarLint plugin, you can add it in `Tools -\u003e Options -\u003e Miscelaneous -\u003e SonarLint -\u003e Plugins`. +\n\nOnce added, it must be visible in the \"Analyzer\" section. +\n\n.Example with CFamily plugin in \"Analyzer\"\nimage::docs/OptionsSonarLintAnalyzersCFamily.jpg[]\n\n== Configuration\n\nThe configuration of the `CFamily` plugin is explained in the SonarQube documentation: https://docs.sonarqube.org/latest/analysis/languages/cfamily/ +\nTo summarize, there are two ways to configure the plugin:\n\n* SonarSource Build Wrapper, ising the `sonar.cfamily.build-wrapper-output` property and a tool developed by SonarSource.\n* Compilation Database, using the `sonar.cfamily.compile-commands` property\n\nIn all cases, the properties must be set either globally (`Tools -\u003e Options -\u003e Miscelaneous -\u003e SonarLint -\u003e Properties`),\nor in the project if the project type allows it (`SonarLint -\u003e Properties`). +\n\n.Compilation Database\n[TIP]\n====\nThe project https://github.com/nickdiego/compiledb[compiledb] allows to generate the file used by\n`sonar.cfamily.compile-commands` for \"GNU make-based build systems\".\n====\n\n.Project path in the properties\n[TIP]\n====\nProperties can contain `${projectDir}` which will be replaced by the project path when using these properties.\n====\n\n== Different types of C/C++ projects managed by Netbeans\n\n=== CPPLiteProject / \"lightweight C/C++ project\"\n\nCPPLite, also called \"lightweight C/C++ project\", is a type of project that associates Netbeans actions (Build, Clean, ...) to commands that are to be configured. +\nThis type of project can benefit from customization with SonarLint, which means that the rules and properties of SonarLint can also be customized. +\n\n[NOTE]\n====\nSince this type of project is free in the commands used, it may as well use `GNU Make` as build tool.\n====\n\n=== MakeProject / CND\n\nProjects of type `MakeProject`, also known as `CND`, cannot have per-project configuration, as it uses its own solution to display a project's panel and therefore does not use `ProjectCustomizer.createCustomizerDialog`. +\nThis type of project cannot benefit from customization and therefore only SonarLint global rules and properties will be applied to it. +\n\nHere are the classes identified that show the solution chosen for customizing this type of project:\n\n- https://github.com/apache/netbeans/blob/cnd/cnd/cnd.makeproject/src/org/netbeans/modules/cnd/makeproject/MakeProjectImpl.java\n- https://github.com/apache/netbeans/blob/cnd/cnd/cnd.makeproject.ui/src/org/netbeans/modules/cnd/makeproject/ui/MakeCustomizerProviderImpl.java\n- https://github.com/apache/netbeans/blob/cnd/cnd/cnd.makeproject.ui/src/org/netbeans/modules/cnd/makeproject/ui/customizer/ProjectNodeFactory.java\n- https://github.com/apache/netbeans/blob/cnd/cnd/cnd.makeproject.ui/src/org/netbeans/modules/cnd/makeproject/ui/customizer/MakeCustomizer.java\n\n[NOTE]\n====\nAny participation is welcome to better understand or to add a customization to this type of project :)\n====\n\n== Screenshots\n\n.CFamily analyzer\nimage::docs/OptionsSonarLintAnalyzersCFamily.jpg[]\n\n.CND MakeProject example\nimage::docs/CNDMakeProjectEditorAnnotationAndActionItems.jpg[]\n\n.CPPLite Project example\nimage::docs/CPPLiteProjectEditorAnnotationAndActionItems.jpg[]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilippefichet%2Fsonarlint4netbeans","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphilippefichet%2Fsonarlint4netbeans","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphilippefichet%2Fsonarlint4netbeans/lists"}