Gradle sonar scanner fails on an Android/kotlin project: Findbugs needs sources to be compiled

At the time of this writing, the latest gradle sonar scanner 4.4.1.3373 is failing to scan Android/kotlin projects with the following error:

Sensor FindBugs Sensor [findbugs]
Findbugs plugin version: 4.2.3
Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your (sub)project …

This project works and scans without any issues if I roll back the scanner to version 4.2.1.3168. All versions after that are failing with this error. So, the first one that fails is 4.3.0.3225. Both working and failing versions of the scanner use the same version of Findbugs (according to the log) so this doesn’t seem like a Findbugs regression. I have no java code to scan in this project, it’s all kotlin so I am not sure why this is failing. Is there a known issue that I need to work around? Do I need to add or change something in my project to account for new behaviors?

Hey @michalszelagsonos,

Is changing the version of the scanner the only modification done in your analysis?

We introduced an analysis property with version 4.4 of the scanner that enables skipping compile tasks before analysis (sonar.gradle.skipCompile).
It is, however, turned off by default.

It would help us to confirm that this is a different issue altogether.

Thanks,

Dorian

@Dorian_Burihabwa Thank you for responding. To confirm, I am only changing the scanner version when doing the testing. Here’s the summary.

  • I ran the scan with scanner 4.2.1.3168 and everything works as expected - PASS
  • I ran the scan with scanner 4.3.0.3225 which is the next released version and I get the error - FAIL
  • I ran the scan with scanner 4.4.1.3373 which is the current latest, added sonar.gradle.skipCompile=true property to the scan, I still get the error - FAIL

The evidence so far suggests that something in 4.3.0.3225 release broke at least Android kotlin projects, perhaps all kotlin projects. I tried this on several other projects to confirm and this seems to be the case. It’s not a blocker yet, since we can stay on 4.2.1.3168 but this not a good place to be in since we’re blocked on future upgrades until this is resolved.

Is the next step to open a bug for this?

Thank you for being so thorough in your tests, knowing which versions are affected is really useful.
Could you share the analysis logs? There might be some good information in there to prepare a ticket.

Thanks

Here’s the analysis log from the scanner. I redacted all internal info.

Task :sonar
No variant name specified to be used by SonarQube. Default to ‘debug’
Caching disabled for task ‘:sonar’ because:
Caching has not been enabled for the task
Task ‘:sonar’ is not up-to-date because:
Task has not declared any outputs despite executing actions.
User cache: ***
Default locale: “en_US”, source code encoding: “UTF-8” (analysis is platform dependent)
Load global settings
Load global settings (done) | time=249ms
Server id: 97016ACC-AYXL4uBHlGIAMv5AWbMP
User cache: ***
Load/download plugins
Load plugins index
Load plugins index (done) | time=65ms
Load/download plugins (done) | time=144ms
Loaded core extensions: developer-scanner
Process project properties
Process project properties (done) | time=11ms
Execute project builders
Execute project builders (done) | time=0ms
Project key: ***
Base dir: ***
Working dir: ***
Load project settings for component key: ***
Load project settings for component key: *** (done) | time=82ms
Load project branches
Load project branches (done) | time=49ms
Load branch configuration
Found manual configuration of branch/PR analysis. Skipping automatic configuration.
Load branch configuration (done) | time=1ms
Load quality profiles
Load quality profiles (done) | time=120ms
Load active rules
Load active rules (done) | time=10304ms
Load analysis cache
Load analysis cache | time=51ms
Branch name: foo
Load project repositories
Load project repositories (done) | time=51ms
Indexing files…
Project configuration:
Indexing files of module ***
Base dir: ***
Source paths: src/main
Test paths: src/test
Indexing files of module ***
Base dir: ***
Source paths: build.gradle.kts, ***/build.gradle.kts, settings.gradle.kts

47 files indexed
1 source file to be analyzed
1/1 source file has been analyzed
44 source files to be analyzed

Task :sonar
0 files ignored because of scm ignore settings
Quality profile for kotlin: ***
Quality profile for xml: ***
------------- Run sensors on module ***
Load metrics repository
Load metrics repository (done) | time=49ms
Sensor C# Project Type Information [csharp]
Sensor C# Project Type Information [csharp] (done) | time=1ms
Sensor C# Analysis Log [csharp]
Sensor C# Analysis Log [csharp] (done) | time=10ms
Sensor C# Properties [csharp]
Sensor C# Properties [csharp] (done) | time=0ms
Sensor HTML [web]
Sensor HTML [web] (done) | time=1ms
Sensor XML Sensor [xml]
Sensor XML Sensor [xml] (done) | time=80ms
Sensor TextAndSecretsSensor [text]

44/44 source files have been analyzed
22 source files to be analyzed

Task :sonar
Sensor TextAndSecretsSensor [text] (done) | time=490ms
Sensor VB.NET Project Type Information [vbnet]
Sensor VB.NET Project Type Information [vbnet] (done) | time=0ms
Sensor VB.NET Analysis Log [vbnet]
Sensor VB.NET Analysis Log [vbnet] (done) | time=9ms
Sensor VB.NET Properties [vbnet]
Sensor VB.NET Properties [vbnet] (done) | time=0ms
Sensor JaCoCo XML Report Importer [jacoco]
Importing 1 report(s). Turn your logs in debug mode in order to see the exhaustive list.
Sensor JaCoCo XML Report Importer [jacoco] (done) | time=42ms
Sensor Kotlin Sensor [kotlin]

22/22 source files have been analyzed

Task :sonar
Sensor Kotlin Sensor [kotlin] (done) | time=6250ms
Sensor Gradle Sensor [kotlin]
Sensor Gradle Sensor [kotlin] (done) | time=8311ms
Sensor KotlinSurefireSensor [kotlin]
parsing [***/build/test-results/testDebugUnitTest]
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Resource not found: *** under the directory *** while reading test reports. Please, make sure your “sonar.junit.reportPaths” property is configured properly
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Searching for ***
Sensor KotlinSurefireSensor [kotlin] (done) | time=56ms
Sensor Import of Android Lint issues [kotlin]
Importing ***/build/reports/lint-results-debug.xml
Sensor Import of Android Lint issues [kotlin] (done) | time=27ms
Sensor CSS Rules [javascript]
No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
Sensor CSS Rules [javascript] (done) | time=0ms
Sensor ThymeLeaf template sensor [securityjavafrontend]
Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
Sensor FindBugs Sensor [findbugs]
Findbugs plugin version: 4.2.3
Loading findbugs plugin: /build/sonar//findbugs/findsecbugs-plugin.jar
Findbugs output report: /build/sonar//findbugs-result.xml
Sensor FindBugs Sensor [findbugs] (done) | time=1662ms
Sensor IaC Docker Sensor [iac]

0 source files to be analyzed
0/0 source files have been analyzed
3 source files to be analyzed
3/3 source files have been analyzed
3 source files to be analyzed
3/3 source files have been analyzed

Task :sonar FAILED
Sensor IaC Docker Sensor [iac] (done) | time=52ms
Sensor Serverless configuration file sensor [security]
0 Serverless function entries were found in the project
0 Serverless function handlers were kept as entrypoints
Sensor Serverless configuration file sensor [security] (done) | time=2ms
Sensor AWS SAM template file sensor [security]
Sensor AWS SAM template file sensor [security] (done) | time=0ms
Sensor AWS SAM Inline template file sensor [security]
Sensor AWS SAM Inline template file sensor [security] (done) | time=0ms
------------- Run sensors on module ***
Sensor C# Project Type Information [csharp]
Sensor C# Project Type Information [csharp] (done) | time=7ms
Sensor C# Analysis Log [csharp]
Sensor C# Analysis Log [csharp] (done) | time=1ms
Sensor C# Properties [csharp]
Sensor C# Properties [csharp] (done) | time=0ms
Sensor HTML [web]
Sensor HTML [web] (done) | time=0ms
Sensor TextAndSecretsSensor [text]
Sensor TextAndSecretsSensor [text] (done) | time=34ms
Sensor VB.NET Project Type Information [vbnet]
Sensor VB.NET Project Type Information [vbnet] (done) | time=0ms
Sensor VB.NET Analysis Log [vbnet]
Sensor VB.NET Analysis Log [vbnet] (done) | time=2ms
Sensor VB.NET Properties [vbnet]
Sensor VB.NET Properties [vbnet] (done) | time=0ms
Sensor JaCoCo XML Report Importer [jacoco]
Importing 1 report(s). Turn your logs in debug mode in order to see the exhaustive list.
Sensor JaCoCo XML Report Importer [jacoco] (done) | time=9ms
Sensor Kotlin Sensor [kotlin]
Sensor Kotlin Sensor [kotlin] (done) | time=1ms
Sensor Gradle Sensor [kotlin]
Sensor Gradle Sensor [kotlin] (done) | time=800ms
Sensor KotlinSurefireSensor [kotlin]
parsing [/target/surefire-reports]
Sensor KotlinSurefireSensor [kotlin] (done) | time=0ms
Sensor CSS Rules [javascript]
No CSS, PHP, HTML or VueJS files are found in the project. CSS analysis is skipped.
Sensor CSS Rules [javascript] (done) | time=0ms
Sensor ThymeLeaf template sensor [securityjavafrontend]
Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=1ms
Sensor FindBugs Sensor [findbugs]
Findbugs plugin version: 4.2.3
Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your (sub)project (
).