Dependency warning

ashish2_sapra2 · November 28, 2021, 11:55am

Hello,

We are using Sonarcloud for scanning our Java GitHub repositories.
In the Sonarcloud project page, we are seeing the following warning message:
Dependencies/libraries were not provided for analysis of SOURCE files. The ‘sonar.java.libraries’ property is empty. Verify your configuration, as you might end up with less precise results.

Does this mean that the source code did not undergo vulnerability scanning?
We are seeing this pretty much for all of our repositories.
How should we resolve this?

felipebz · November 28, 2021, 12:39pm

Hi,

The best way to analyze Java projects is to use the SonarScanner plugin for your build platform. You can use the SonarScanner for Maven, Gradle or Ant and those required properties will be set automatically. It’s much easier than configure them manually.

ashish2_sapra2 · November 28, 2021, 1:08pm

Hi,

We are using the GitHub app for Sonarcloud to run the scans for our repositories. How can we execute SonarScanner in such an environment?