Correct value for when libraries are bundled with Spring B Application in 1 jar

Hello community,

I’m fairly new to Sonarqube and probably this is an absolute easy question.

In all our projects we have these warnings:

Dependencies/libraries were not provided for analysis of SOURCE files. The ‘’ property is empty. Verify your configuration, as you might end up with less precise results.

We have mainly spring boot applications which are build in our pipelines with gradle to one big jar file, which contains all libraries inside of the inner folder \BOOT-INF\lib\ .

To suppress the message, I’m just setting to the artifact folder where the jar-file of the project lies. But is this a correct setup or does that prevent our libraries from getting scanned by Sonarqube? How to find the right value?

KR Simon

Hey there.

Ideally, you shouldn’t have to set these manually at all! You’ll use a scanner like the SonarScanner for Maven or SonarScanner for Gradle.

Have you tried using one of these scanners?

Hi Colin,

thanks for your answer. Yes, we are using SonarScanner for Gradle and it is configured exactly like it is advised in the link no. 2.

KR Simon