How SonarQube determines on what version of JDK was source compiled?

Hi,

I’m getting https://sonar-emea.1dc.com/coding_rules#rule_key=squid%3AS4423 in my project. The value for protocol I’m using is TLS, so I guess the problem is that SonarQube thinks I’m using old version of Java (“The recommended value is “TLS” or “DTLS” as it will always use the latest version of the protocol. However an issue will be raised if the bytecode was compiled with JDK7 or an even older.”). In the pom.xml, I have a property <java.version>11</java.version>. The version of SonarQube I’m using is 6.7 (build 33306).

How SonarQube determines on what version of JDK was source compiled?

Thanks,
Pedro

Hi Pedro,

Welcome to the community!

Your compile version is determined by reading the value of sonar.java.source provided in the analysis parameters (docs). Since you’re (presumably) using the SonarScanner for Maven then that’s presumably being picked up from your pom.

Could you provide the code snippet that you’re seeing this on?

 
Ann

Hi Ann,

I’m sorry it took me so long to reply. Thanks for your response, adding sonar.java.source parameter solved the issue.

Best regards,
Pedro

1 Like