Dependencies should not have "system" scope

  • ALM used (GitHub)

  • Java

  • We were using SonarCloud to analyze the projects (BUILT-IN profile used) in our company and as we are using some local libraries we were seeing the “Dependencies should not have “system” scope” bug.

  • We have noticed this is not appearing anymore but we do not know when it stopped.

  • Pom.xml is not being analyzed anymore?

  • What is happening?

  • How can we bring this rule back to our projects?

Thank you.

Hey there.

I’ve moved your post to the section on reporting false-postiives/false-negatives.

It would be useful if you could provide a pom.xml file where you expect the issue to be raised, but it is no longer.

Hi there,

Sorry for the late response.

I hope it will be enough just provide the relevant piece of pom.xml:

  <dependency>
			 <groupId>OsgiTest</groupId>
  			<artifactId>OsgiTest</artifactId>
 			 <version>0.0.1</version>
 			 <scope>system</scope>
			<systemPath>${project.basedir}/src/main/resources/OsgiTest-0.0.1.jar</systemPath>
		</dependency>

Hello @cafeboRojo,

Sorry for the late reply but I am having a hard time reproducing the issue.

Locally I can see the issue in SonarLint. On SonarCloud, I can see the issue, whether I am running in automatic analysis mode or using the scanner for maven.

Are you saying that this part of the XML file raises no issue or that some of the secondary locations of the issue are not highlighted?

Cheers,

Dorian