Does Maven require active build for correct analysis?

When running Maven with the sonar scanner plugin, does it have to be actively building (compiling) in order to get correct interprocedural analysis?

I did an analysis with the command line

mvn clean package sonar:sonar '-Dsonar.projectKey= …

using a new key to get a clean start. This is with Maven 3.6 using sonar-maven-plugin:3.5.0.1254 and connecting to a SonarQube 8.6.0 server.

After both the local scan (Maven side) and remote analysis (SQ server side) are done, I download some issues. In particular, I download all the instances of issue java:S2111, which flags calls to BigDecimal(double) (calling the constructor with a double parameter). All have status OPEN.

Then I run again, using just

mvn sonar:sonar '-Dsonar.projectKey= …

That is, I’ve already compiled the code (all the .class files are still there), so I just want to scan the code again. (In real use, this might be because of a change to a Quality Profile.)

When everything is done the second time, I find that many of the instances of java:S2111 have been closed. It turns out that all of the closed issues are calls to BigDouble() with a parameter which is double in another file (i.e., not a double literal or local variable).

It seems that having the .class files present isn’t sufficient for interprocedural analayis (in this case, detecting that the parameter is, in fact, a double); I have to be actively compiling as part of THAT Maven build. Is this correct?