We are trying to analyze a decompiled code from our APK. The decompilation happened with MobSF and we are left mostly with .java files (or smali). We would like to analyze further with sonarqube.
Is it possible to perform this?
Hi,
Welcome to the community!
Theoretically, this should work. Java analysis requires both the class and the source files, and you have both sets, however unconventionally.
Normally for Java analysis, we would recommend using the SonarScanner that corresponds to your build, either Maven or Gradle. That’s because those scanners read most of what’s needed for analysis from the build environment, saving you a lot of work. However, you’ll need to do this by hand with the SonarScanner for CLI. Note that that includes providing a sonar.java.libraries value
HTH,
Ann