Java 11 is deprecated as a runtime env to scan your projects

We are using SonarCloud. I don’t understand, what exactly happens on 15th of November if we continue running scans using JDK 11. It is not really clear out of your announcement.

SHOULD we have JDK17 to continue working with SonarCloud or it is a MUST?

HI, @r.alukhanov,

You need to upgrade your build agents to use Java 17 for - at minimum - analysis by the 15th. Really, the sooner the better.

You can still build with a lower version of Java, but don’t forget that you can use the target compile option to compile down to Java 11 using Java 17 to compile.

 
HTH,
Ann

According to your post 25% of the consumers are still using JDK11. Nevertheless you are about to pull the plug for them after giving them 15 days more time. Most of these 25% are probably enterprise customers. It is not as easy to “upgrade build agents” in a corporate environment. There are lot of aspects to evaluate - hardware, compatibility, legal issue, it-security, responsibilities, guidelines, user-support etc.

1 Like

We run our SonarCloud scans through a BitBucket Pipeline and the e-mail from October 26th has a link to a documentation page saying to use pipeline version 1.4.0 or higher (link). We are using version 1.4.0, so we assumed we’re good, but we all still getting the Java 11 warning.

The post here says to use version 2.0.0. If that is indeed required, I think the docs page should be updated as well.

4 Likes

Hi @Alexander_Smakman,

Thanks for noticing. We’ve updated our docs accordingly.

Tony

3 Likes

Can someone please clarify what does this mean: “Just in case you have a doubt: you’ll still be able to scan Java 11 projects.” Do we need to make a change or not? Java 8 and Java 11 are still quite widely in use. Would be awesome if there were some actual suggestions on how to move forward (if it is even needed).

1 Like

Hello @jediwompa ,

You can continue to analyze Java 8 or 11 projects, you don’t need to change anything related to your project itself. In addition, you can of course continue to use any JDK (e.g. 8 or 11) to build your projects.

The only change that might be required is within your pipeline, where the Sonar analysis has to be run at least with JDK 17. You can find more information about this here. Happy to answer any additional questions you might have.

Thanks, we were able to test an example of switching our BitBucket pipeline’s usage of sonarcloud-scan:1.4.0 from to https://bitbucket.org/sonarsource/sonarcloud-scan/commits/tag/2.0.0 (previously it did seem like there was not to be any issue with 1.4.0 as someone pointed out above). Seems like this is all we will have to do.

The documentation and UI feedback on this matter is confusing and lacking imho. Besides the fact that this seems like a bit of burden.

1 Like

We use SonarQube 9.9 LTS and I just found out about the switch with the next LTS by accidentally stumbling upon this thread.

I have checked with a project that we build on Jenkins using a Java 11 agent and I couldn’t find any mention of Java 17, neither in the logs of the scan nor on the project page in SonarQube.

What should I do in order not to miss that information in the future?

Hi @trad,

If you’re on the LTS and you’re staying on the LTS until the next LTS is released, there’s nothing to do.

We’ll communicate about the cumulative changes for the next LTS (including any changes to Java version support) with its release.

 
HTH,
Ann

Thank you, Ann. I have asked because the following statement seemed to indicate that a switch to Java 17 will definitely be necessary with the update to the next LTS:

As we have many pipelines from different teams using different agents, I would like to take advantage of the announcement for the non-LTS version in order to have more time to coordinate the switch across all the teams.

1 Like

Hi,

Yes. It will. But you don’t have to do anything today.

And this is a great strategy.

To keep up with that, you can watch the SonarQube Releases category.

 
Ann

1 Like

All right, thanks, I was aware of that.

Watching the release category answers my question perfectly :raised_hands: Thanks a lot for the quick guidance!

1 Like

Hello All,

It appears it is not that easy for a significant number of users (22%) to move away from Java 11 as a runtime env to trigger your code scans on SonarCloud. This is why we decided to extend the period of support of Java 11 until the 15th of Jan 2024.

If you have trouble changing your configuration to Java 17, please create a dedicated thread on this forum so we can help you and better understand what type of problems you are facing.

Alex

6 Likes

Gradle Task on Azure DevOps Pipeline - SonarCloud Scan - Warning | JAVA 11 build & JAVA 17 Scan - SonarCloud - Sonar Community (sonarsource.com)

Hi Alexandre,
I am getting this warning too.
I am new to this CI/CD, Could you tell me how to upgrade to Java17+ from java 11.

Thanks
Sunil

Hello @Sunil_Bobbala ,

Could you share which DevOps platform and CI/CD system you are using (e.g. GitHub Actions)?

Hi
Still seeing the same sonar java 11 warning message despite downloading latest sonar-scanner-msbuild and downloading https://download.oracle.com/java/17/archive/jdk-17.0.9_windows-x64_bin.zip and updating the JAVA_HOME path to the jdk-17.0.9 bin path. Any suggestions?

Can you please elaborate on this. So i downloaded latest sonar-scanner-msbuild and downnloaded https://download.oracle.com/java/17/archive/jdk-17.0.9_windows-x64_bin.zip and updating the JAVA_HOME path to the jdk-17.0.9 bin path, but still getting sonar warning messages.

I am using BitBucket.