Why are Java binaries necessary in Sonar?

Question

I'm trying to check if there are any difference between an analysis with only source code and with source code and the .jar generated after compiling. If I delete the '-Dsonar.java.binaries' property I get this error:

ERROR: Error during SonarQube Scanner execution
ERROR: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

The command I'm using:

sonar-scanner '-Dsonar.host.url=http://192.168.1.25' '-Dsonar.projectKey=org.javaProject:myProject' '-Dsonar.projectName=myProject' '-Dsonar.sourceEncoding=UTF-8' '-Dsonar.sources=src' '-Djavax.net.ssl.trustStore=/certs'

Do you know if it is possible only to analyze source code without any binary file?

score 2 · Accepted Answer · answered Mar 04 '22 at 22:11

2

For SonarQube to be of any significant value, it should be run as part of a build, after the code is compiled and unit tests are run. I frankly don't know if it's possible to run a scan without class files, but I don't suggest you try to pursue that.

If you really only want to look at static analysis issues, I believe there is a "Sonar Lint" tool that runs in Eclipse or possibly other desktop tools.

answered Mar 04 '22 at 22:11

David M. Karr

14,317
20
94
199

Yes, as you said, I only want to check the static analysis issues and I'm using Sonar in a Jenkins pipeline. – Felipe Mar 07 '22 at 12:50
1

Most static analysis issues can only be found by analyzing class files. – David M. Karr Mar 07 '22 at 14:15

Why are Java binaries necessary in Sonar?

1 Answers1