Ensuring the Java analyzer works at best with incorrect manual configuration of the raw scanner

Hello Java developers,

Some of you rely on the raw SonarScanner rather than on the Maven or Gradle Scanners to scan their Java projects.

Manual configuration of the scan is in that case required to provide location of the binaries and dependencies (sonar-project.properties)… which is sometimes not done properly.

This could lead to not the best analysis experience. Some false-positive issues may arise or some expected results (false-negative) may not be shown.

We therefore reworked 29 rules to mitigate this pain and ensure they work at their best when some information is missing.

On top of that, we also listened the feedback shared by some of you and managed to remove the false-positive issues raised by the following rules:

  • S1128: Unnecessary imports should be removed
  • S1905: Redundant casts should not be used
  • S4970: Derived exceptions should not hide their parents’ catch blocks
  • S1656: Variables should not be self-assigned

This is available now on SonarCloud.io and will come with SonarQube 9.0