Can I not use Sonar.java.binaries parameters?

SonarQube
, ,
1

sonarqube :6.7.7
sonar-scanner:2.8
sonar-java-plugin:5.13.1

I want to scan the Java project before compiling,I found out after checking Sonar’s official website:I have to use Sonar.java.Binaries this parameter when the sonar-java-plugin version is higher than 4.1.0, Is there a way for me to scan before compilation without using Sonar.java.binaries parameter?

Looking forward to your reply!

3

Hi @smbands,

Welcome to the Community :smiley:

For on-the-fly analysis that doesn’t require a scan, you can use SonarLint in your favourite IDE.

If you want a full scan with SonarQube, then this is indeed true. We use the artefacts from the build to deepen the analysis and this has been in place for several years now. If you’re building your project with Maven or Gradle, you can use the SonarQube scanner for Maven or Gradle and you get the configuration of sonar.java.binaries for free.

One side note:

This is a pretty old configuration. You might want to look at our recent SonarQube 8.9 LTS for lots of new rules and functionality.

Regards,

Cameron.

4

@Cameron
:grinning:Thanks for your reply!!!
Our work required regular unified scanning of all the projects’ code, which was about 200 codebases.

The new version of SonarQube requires the sonar.java. binaries parameter, which means that it must be compiled before scanning, and it must be compiled successfully.

It may not be easy to implement the compilation task before scanning, so we would like to ask if there is any way to change the parameter sonar.java.binaries to not be required by using the new version of sonar-java-plugin.please tell me.

If there is no way, we can only use the Sonar-Java-Plugin 4.1.0 version. :pensive:
Thanks a lot !!!
Best wishes !

5

HI @smbands,

No, there is no way to do this. Our analyzer relies on information in the .class files to make sure you get a full, valuable analysis of your code.

I would really encourage you to get your code to compile before analysis so you can take advantage of the new rules in recent SonarQube versions – we have added a lot of new high value rules to the Java analyzer since 4.1.0.

Regards,

Cameron.