No Java with AutoScan! Planned?

autoscan

(Frédéric Danna) #1

Java does not belong to the list of supported languages )-;
And you say: “Non supported languages (Java, […]) will not be analyzed at all.”
Does “at all” means “never”? If so, could you explain this decision please (for sake of curiosity)?


(Benoit) #2

The reason we currently don’t support Java (and other compiled language) is that our analyzers need the binaries (i.e. compiled sources) to provide relevant results. And automatically compiling any Java project (or other compiled language) is not a trivial task. So, we currently want to fully develop the feature (with proper UI/UX) for interpreted languages only.

AFAIK we might support Java in the future, so I wouldn’t say never but we don’t have a precise plan yet.


[Beta] Automatic Analysis of your repositories with SonarCloud
(Rob Moore) #3

Thanks for the explanation. Is there a way to use the autoscan feature in combination with something like Gradle or Maven for projects that feature Javascript and Java? I ask because we initially set up the project using autoscan and would like to add Java analysis as well.


(Simon Brandhof) #4

Hi Rob, welcome on this forum.

Building a Java project is usually not only a matter of running Gradle or Maven on a fresh environment. Builds require configuration, the most basic example being the JDK version to be used. Duplicating the configuration that is set on CI side (Travis, CircleCI or others) and running the build twice is not considered as a valid option.

Nevertheless it’s easy to activate analysis in your CI. You have two options:

  1. run scanner after the Gradle or Maven build
  2. or configure and run the Gradle or Maven plugins

I hope it helps.


(Rob Moore) #5

Thanks, Simon. It sounds like what you are suggesting is running the Sonar task as part of our CI pipeline and disabling the Github analysis by renaming the properties file. Should we remove the project from Sonarcloud before the initial run using Gradle or is it fine to leave everything as is within Sonarcloud?


(Simon Brandhof) #6

I forgot to mention that the project key should be added to your configuration (see sonar.projectKey). Keeping the key generated by Autoscan is enough for switching analysis to your CI. Value is displayed in the bottom-right of project dashboard, for example:
VoTT%20-%20Microsoft%202019-03-18%2022-40-56