Different issue list when scanned using SonarScanner and SonarScanner for gradle

  • versions used (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube version: 7.9.2
    SonarQube Scanner
    SonarQube Scanner for gradle: id “org.sonarqube” version “2.7”
  • error observed (wrap logs/code around triple quote ``` for proper formatting)
    Using same java project, have different issue list when using SonarQube Scanner and SonarQube Scanner for Gradle.

For example, in a java, using SonarQube scanner for Gradle has extra major issue, which is not reported using SonarQube scanner:
Change this condition so that it does not always evaluate to “true”

  • steps to reproduce
  1. Run by SonarQube scanner
  2. Run by SonarQube scanner for gradle for the same project
  • potential workaround

P.S.: use the #bug:fault sub-category if you’re hitting a specific crash/error , or the #bug:fp sub-category for rules-related behaviour


This response to another thread seems particularly relevant:

When you analyze with Gradle, you’re pretty much guaranteed that the complied binaries will be found be analysis because Gradle knows where it put them and will provide SonarQube analysis with the correct path. The same isn’t necessarily true with the manual configuration required for analysis by the Scanner CLI.