Fail to execute "mvn sonar:sonar" using Java 21

How can the sonar-maven-plugin be configured to analyze Java 21 based projects?Copied from my question at Stack Overflow:

How can the sonar-maven-plugin be configured to successfully analyze Java 21 projects?

How can I mitigate the following findbugs error triggered by mvn sonar:sonar after upgrading from Java 17 to Java 21?

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin: (default-cli) on project my-project: 
Can not execute Findbugs: java.lang.RuntimeException: edu.umd.cs.findbugs.NoClassesFoundToAnalyzeException:

In the Java 17 version, I am able to execute the sonar-maven-plugin, but it fails after the upgrade. These are the relevant parts of my root pom file:

        <java.version>21</java.version>   <!-- updated from 17 -->


Maven and Java versions

mvn -v
Apache Maven 3.9.4 [...]
Java version: 21 [...]

Expected result

The mvn sonar:sonar command should execute successfully when executed by the build server.

Actual result

[INFO] --- sonar: (default-cli)
[INFO] Sensor FindBugs Sensor [findbugs]
[INFO] Loading findbugs plugin: [...]/target/sonar/findbugs/findsecbugs-plugin.jar
[INFO] Findbugs output report: [...]/target/sonar/findbugs-result.xml
The following errors occurred during analysis:
  Error scanning com/company/example/SomeClass for referenced classes
    java.lang.IllegalArgumentException: Unsupported class file major version 65
      At org.objectweb.asm.ClassReader.<init>(
      At org.objectweb.asm.ClassReader.<init>(
      At org.objectweb.asm.ClassReader.<init>(
      At edu.umd.cs.findbugs.asm.FBClassReader.<init>(
      At edu.umd.cs.findbugs.classfile.engine.asm.ClassReaderAnalysisEngine.analyze(
      At edu.umd.cs.findbugs.classfile.engine.asm.ClassReaderAnalysisEngine.analyze(
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getClassAnalysis(
      At edu.umd.cs.findbugs.classfile.engine.ClassInfoAnalysisEngine.analyze(
      At edu.umd.cs.findbugs.classfile.engine.ClassInfoAnalysisEngine.analyze(
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getClassAnalysis(
      At edu.umd.cs.findbugs.FindBugs2.buildReferencedClassSet(
      At edu.umd.cs.findbugs.FindBugs2.execute(
      At org.sonar.plugins.findbugs.FindbugsExecutor$
      At java.base/
      At java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(
      At java.base/java.util.concurrent.ThreadPoolExecutor$
      At java.base/

and many similar examples like Unable to get XClass for java/lang/invoke/MethodHandles$Lookup, Unable to get XClass for reactor/core/publisher/Mono, etc

When do you plan to support the Java 21 LTS for the sonar-maven-plugin?

Hey there.

You should probably reach out to the maintainers of GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube. This isn’t a problem with a Maven plugin, rather one of the community supported analyzers installed on your SonarQube instance.

I am not sure I understand, can you please elaborate? This stack trace was recorded by the build server (and not by the SonarQube server). Thus, it seems to me like the sonar-maven-plugin has a dependency to findbugs which in turn has a dependency to asm (that does not support Java 21)?

The scanner pulls the analyzers (plugins) from the SonarQube server, which in your case includes GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube, which somebody would have manually installed.

Thanks for explaining.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.