I’m fairly new to Sonarqube and probably this is an absolute easy question.
In all our projects we have these warnings:
Dependencies/libraries were not provided for analysis of SOURCE files. The ‘sonar.java.libraries’ property is empty. Verify your configuration, as you might end up with less precise results.
We have mainly spring boot applications which are build in our pipelines with gradle to one big jar file, which contains all libraries inside of the inner folder \BOOT-INF\lib\ .
To suppress the message, I’m just setting sonar.java.libraries to the artifact folder where the jar-file of the project lies. But is this a correct setup or does that prevent our libraries from getting scanned by Sonarqube? How to find the right value?