Java 11 is deprecated as a runtime env to scan your projects

Dear Community,

We wanted to give you a heads-up that we’re moving away from supporting Java 11 as a runtime environment for the Scanners. We’re encouraging everyone to migrate their scan pipelines to Java 17 as soon as possible. The documentation has been updated accordingly for SonarCloud. For SonarQube, Java 11 will be deprecated starting from SonarQube 10.2, and SonarQube 9.9 LTS is not impacted.
We do this move because Java 21 is arriving soon on the 19th of September 2023 and our policy is to only support the two latest Java LTS.

We plan to drop support for Java 11 as a runtime environment on October 31st, 2023 January 15th, 2024. Just in case you have a doubt: you’ll still be able to scan Java 11 projects.

We understand that this may cause some inconvenience, but we’re doing it to improve our services.
If you have any questions or concerns, please don’t hesitate to reach out.

Status of Integrations Migration (last update: 6th of September 2023):

Name Status Minimum Version (to use)
Scanner CLI Ready
Scanner CLI Docker Ready
GitHub Action Ready 2.0.0
Bitbucket Pipe Ready 2.0.0
CircleCI Ready 2.0.0
AzureDevOps Ready 1.42.0
TravisCI Ready Ticket + PR
Scanner for NPM In Progress 3.1.0
Scanner for DotNet In Progress Ticket
SonarCloud Tutorials In Progress Internal Ticket - SC-9089



Can I double check you are planning to update the github action as well?

We use the Bitbucket Pipe. Are there any plans to update this one, too?


Thank you for your messages @DuncSmith and @ms-tng

It looks like some actions were taken out of order and a warning began to be issued by SonarCloud this morning. Ideally this should be seamless, at most requiring updating the version of the action/pipe used (if pinned to a specific version).

I am following up on this.


A post was split to a new topic: Java 11 deprecated vs SonarScanner for Gradle


We are working to upgrade all integrations to rely on Java 17. This will take some days.


1 Like

Our projects are complaining about the java version 11 being deprecated but we are using the CircleCI SonarSource orb for testing : GitHub - SonarSource/sonarcloud-circleci-orb: Support of SonarScanner CLI in CircleCI .This one includes it’s own Java version 11.
Is this on the schedule for updating or do we need to find an other way of using SonarQube?

@Edwin_Barendse It’s coming


The .NET scanner still needs to be updated too it looks – still using sonar-scanner-cli 4.8: SonarSource/sonar-scanner-msbuild: SonarScanner for .NET (

Thanks. The Scanner for .NET will eventually be updated (I imagine soon) – but in fact, no JVM is embedded in the Scanner for .NET (users always bring their own), so nothing prevents those users from upgrading to Java 17.

1 Like

Thanks Colin! Looks like I just have to add setup/java to my GitHub Action to change the default JVM from 11 to 17. FYI, your SonarCloud setup guide for GitHub Actions (SonarCloud) still instructs to use Java 11.


Thanks @IGx89. I’ve got a PR opened internally to fix this.

@Colin will there be a consolidated effort to bump the scanner versions in the individual repos of the SonarSource Github Org ?

Simlar to the PR on the circleci repo that you posted above (c.f. SC-8256 Update scanner version by ivan-murenko-sonarsource · Pull Request #23 · SonarSource/sonarcloud-circleci-orb · GitHub) the same will apply to the NPM module here:

We are working on it to bump the scanner versions everywhere.

Hi Alexandre,

Sorry for jumping in but just wanted to confirm if the Travis CI scanner will also be updated or if there is anything I need to do manually, please let me know. We’re mainly using PHP projects if that changes anything!

Thanks in advance!

1 Like

This is actually a very good question. As far as I know, we (Sonar) don’t maintain the SonarCloud Travis addon. I’ll double-check internally and get in touch with TravisCI if needed to inform them about the Java 11 deprecation.


In meanwhile DockerHub scanner image was rollbacked to Java 11…

Probably due to this release : Release · SonarSource/sonar-scanner-cli · GitHub

docker pull sonarsource/sonar-scanner-cli:latest && docker run -it sonarsource/sonar-scanner-cli:latest java -version
latest: Pulling from sonarsource/sonar-scanner-cli
Digest: sha256:6681b53d255f7a2069d00c4892eb3df248be74f8c17f20436f8b1725cbde3a09
Status: Image is up to date for sonarsource/sonar-scanner-cli:latest
openjdk version "11.0.20" 2023-07-18

This is totally unpredictable when latest was pointing some days ago to JDK 17 and Scanner 5.0.1


@jonesbusy Thanks for the ping. That wasn’t supposed to happen (we backported a security fix to the 4.x branch). I think this is the first time we backported a fix on another major version… and we didn’t account for this.

I’ve just raised this internally and we’re already looking into it.


Hi @jonesbusy,

Thanks for notifying us this quickly. We updated the latest tag. It should point to the latest major version again (5.0.1, see Docker hub). Sorry for the disruption.