0

I am working on a Java project and looking to deploy SonarQube on every PR also on our feature branches (not just main) as part of our shift-left strategy. However, we don't want to have to compile Java code every time. Is it possible to run Sonarqube pull request analysis without having compiled java code?

I looked at SQ docs and could not find specifics on how pull request analysis works: https://docs.sonarqube.org/9.7/analyzing-source-code/pull-request-analysis/

Also, looking at other docs, Sonarqube says (https://docs.sonarqube.org/latest/analyzing-source-code/languages/java/)

Java analysis and bytecode Compiled .class files are required for java projects with more than one java file. If not provided properly, analysis will fail with the message:

Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
nnay84
  • 167
  • 1
  • 12
  • 3
    Regardless of how Sonar analyses code, compiling the code seems to be the first check any CI pipeline should do, then unit tests, then static code analysis. – Gonzalo Matheu Feb 10 '23 at 16:32
  • 2
    The page about pull request analysis that you link states: _To decorate pull requests, a SonarQube analysis needs to be run on your code_ And to run a SonarQube analysis the linked page about source code analysis states: _Compiled .class files are required._ What is unclear about these statements? And if you want code coverage then you not only need compiled .class files, you must run your unit tests too. – Thomas Kläger Feb 10 '23 at 16:32
  • 1
    If the problem is that it takes too much to compile the whole project... the solution might be breaking it down in modules and having a artifact repository (local maven cache, nexus, Artifactory, etc) to consume the compiled versions of them. – Gonzalo Matheu Feb 10 '23 at 16:34
  • Thanks @GonzaloMatheu- yes compiling the code is taking a long time. – nnay84 Feb 10 '23 at 17:11

1 Answers1

0

Generally speaking, no. SonarQube requires byte code class files to analyze Java projects. The class files can either be provided by the buld (Maven, Gradle) or manually.

Only in the specific case, that you have only ONE Java file, the class file can be omitted for Sonarqube, see also the Java analyzer docs.

milbrandt
  • 1,438
  • 2
  • 15
  • 20