Fail to execute "mvn sonar:sonar" using Java 21

matsev · October 20, 2023, 9:18am

How can the sonar-maven-plugin be configured to analyze Java 21 based projects?Copied from my question at Stack Overflow:

How can the sonar-maven-plugin be configured to successfully analyze Java 21 projects?

How can I mitigate the following findbugs error triggered by mvn sonar:sonar after upgrading from Java 17 to Java 21?

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594:sonar (default-cli) on project my-project: 
Can not execute Findbugs: java.lang.RuntimeException: edu.umd.cs.findbugs.NoClassesFoundToAnalyzeException:

In the Java 17 version, I am able to execute the sonar-maven-plugin, but it fails after the upgrade. These are the relevant parts of my root pom file:

<project...>
    <properties>
        <java.version>21</java.version>   <!-- updated from 17 -->
    </properties>

    <build>
        <pluginManagement>
            <plugins>
                <plugin>
                    <groupId>org.sonarsource.scanner.maven</groupId>
                    <artifactId>sonar-maven-plugin</artifactId>
                    <version>3.10.0.2594</version>
                </plugin>
            </plugins>
        </pluginManagement>
    </build>
</project>

Maven and Java versions

mvn -v
Apache Maven 3.9.4 [...]
Java version: 21 [...]

Expected result

The mvn sonar:sonar command should execute successfully when executed by the build server.

Actual result

[INFO] --- sonar:3.10.0.2594:sonar (default-cli)
[...]
[INFO] Sensor FindBugs Sensor [findbugs]
[INFO] Loading findbugs plugin: [...]/target/sonar/findbugs/findsecbugs-plugin.jar
[INFO] Findbugs output report: [...]/target/sonar/findbugs-result.xml
The following errors occurred during analysis:
  Error scanning com/company/example/SomeClass for referenced classes
    java.lang.IllegalArgumentException: Unsupported class file major version 65
      At org.objectweb.asm.ClassReader.<init>(ClassReader.java:199)
      At org.objectweb.asm.ClassReader.<init>(ClassReader.java:180)
      At org.objectweb.asm.ClassReader.<init>(ClassReader.java:166)
      At edu.umd.cs.findbugs.asm.FBClassReader.<init>(FBClassReader.java:35)
      At edu.umd.cs.findbugs.classfile.engine.asm.ClassReaderAnalysisEngine.analyze(ClassReaderAnalysisEngine.java:48)
      At edu.umd.cs.findbugs.classfile.engine.asm.ClassReaderAnalysisEngine.analyze(ClassReaderAnalysisEngine.java:34)
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getClassAnalysis(AnalysisCache.java:261)
      At edu.umd.cs.findbugs.classfile.engine.ClassInfoAnalysisEngine.analyze(ClassInfoAnalysisEngine.java:75)
      At edu.umd.cs.findbugs.classfile.engine.ClassInfoAnalysisEngine.analyze(ClassInfoAnalysisEngine.java:38)
      At edu.umd.cs.findbugs.classfile.impl.AnalysisCache.getClassAnalysis(AnalysisCache.java:261)
      At edu.umd.cs.findbugs.FindBugs2.buildReferencedClassSet(FindBugs2.java:806)
      At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:249)
      At org.sonar.plugins.findbugs.FindbugsExecutor$FindbugsTask.call(FindbugsExecutor.java:235)
      At java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
      At java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
      At java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
      At java.base/java.lang.Thread.run(Thread.java:1583)

and many similar examples like Unable to get XClass for java/lang/invoke/MethodHandles$Lookup, Unable to get XClass for reactor/core/publisher/Mono, etc

Related:
When do you plan to support the Java 21 LTS for the sonar-maven-plugin?

Colin · October 20, 2023, 9:23am

Hey there.

You should probably reach out to the maintainers of GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube. This isn’t a problem with a Maven plugin, rather one of the community supported analyzers installed on your SonarQube instance.

matsev · October 20, 2023, 9:30am

I am not sure I understand, can you please elaborate? This stack trace was recorded by the build server (and not by the SonarQube server). Thus, it seems to me like the sonar-maven-plugin has a dependency to findbugs which in turn has a dependency to asm (that does not support Java 21)?

Colin · October 20, 2023, 9:41am

The scanner pulls the analyzers (plugins) from the SonarQube server, which in your case includes GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube, which somebody would have manually installed.

matsev · October 20, 2023, 4:04pm

Thanks for explaining.

system · October 27, 2023, 4:04pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sonar failed: A required class was missing while executing org.sonarsource.scanner.maven:sonar-maven- SonarQube Server / Community Build	2	1961	October 20, 2021
Maven error after sonar 7.7 update SonarQube Server / Community Build	5	1163	June 24, 2019
Can not execute Findbugs: One (sub)project contains Java source files that are not compiled SonarQube Server / Community Build maven	1	4878	November 27, 2019
Error during analysis SonarQube Server / Community Build scanner	4	2559	April 12, 2021
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746 Writing rules	3	2551	January 4, 2022

Fail to execute "mvn sonar:sonar" using Java 21

Related topics