How to scan existing code?

Exactly, the Sonar scanner for Maven fills in those parameters for the dependencies and libraries:

(from the docs: SonarScanner for Maven)

The Maven build already has much of the information needed for SonarQube to successfully analyze a project. By preconfiguring the analysis based on that information, the need for manual configuration is reduced significantly.

So the scanner handles setting these parameters for you, see Java look for “Java Analysis and Bytecode”:

If you are not using Maven or Gradle for analysis, you must manually provide bytecode to the analysis. You can also analyze test code, and for that you need to provide tests binaries and test libraries properties.

Joe

Yup, thanks. I am going to chalk it up to that being the issue, will work to address it and can report back.

1 Like