Dependency warning


We are using Sonarcloud for scanning our Java GitHub repositories.
In the Sonarcloud project page, we are seeing the following warning message:
Dependencies/libraries were not provided for analysis of SOURCE files. The ‘’ property is empty. Verify your configuration, as you might end up with less precise results.

Does this mean that the source code did not undergo vulnerability scanning?
We are seeing this pretty much for all of our repositories.
How should we resolve this?


The best way to analyze Java projects is to use the SonarScanner plugin for your build platform. You can use the SonarScanner for Maven, Gradle or Ant and those required properties will be set automatically. It’s much easier than configure them manually.


We are using the GitHub app for Sonarcloud to run the scans for our repositories. How can we execute SonarScanner in such an environment?