Populating sonar.java.libraries

Alvaro_Carrasco · August 20, 2024, 8:57pm

ALM: Bitbucket Cloud
CI system: Bitbucket Pipelines
Scanner command: - pipe: sonarsource/sonarcloud-scan:2.0.0
Languages: scala, java

We have a large number of dependencies that are kept in the coursier cache. What’s the best way to populate the sonar.java.libs setting with these dependencies? Do I have to create an explicit comma-separated list of all of them? Or do I just include the entire cache directory? If I include the whole directory, we’ll probably also be tracking test and dev dependencies, which would be better to omit.

The cache is configured as follows on bitbucket-pipeline.yml:

  caches:
    coursier: ~/.cache/coursier/v1

This is what I am getting when I configure it using the following:
-Dsonar.java.libraries=~/.cache/coursier/v1/**/*.jar

INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 18.591s
INFO: Final Memory: 21M/88M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: No files nor directories matching '~/.cache/coursier/v1/**/*.jar'

I get the same result if i just give it the directory: ~/.cache/coursier/v1

I am sure that the directory and the jar files are there on the pipeline build instance, but the sonar scanner doesn’t see it. Why?

Colin · August 22, 2024, 6:00am

Hey @Alvaro_Carrasco

We highly suggest using the SonarScanner for Maven or SonarScanner for Gradle if you’re using either of those build systems to build your Java code (which covers most Java projects).

As noted in the pipe:

NOTE: For projects using Maven or Gradle please execute a respective scanner directly instead of using this pipe (see examples).

This automatically configures properties like sonar.java.libraries. At the very least, running it this way once will let you browse what the scanner sets for these properties by checking the background task > Show SonarScanner Context.

Alvaro_Carrasco · August 22, 2024, 4:25pm

We are not using maven or gradle. We’re using sbt.

Colin · August 23, 2024, 5:56am

I’ve never tried this out (it’s third-party) but this sbt plugin appears to set some useful default parameters.

Following parameters have default value provided by plugin.

  "sonar.host.url"
  "sonar.projectKey"
  "sonar.projectVersion"
  "sonar.sources"
  "sonar.java.binaries"
  "sonar.java.test.binaries"
  "sonar.java.libraries"
  "sonar.java.test.libraries"

It might be interesting just to see how it sets sonar.java.libraries

github.com

olaq/sbt-sonar-scanner-plugin/blob/b15d5c245fd9562ef8e976e41ddcf0794555313e/src/main/scala/com/olaq/sbt/SonarScannerPlugin.scala#L38C5-L40C24


      
          "sonar.java.libraries" -> dependencyClasspath.in(Compile).value
            .map(p => p.data.absolutePath)
            .mkString(","),

Topic		Replies	Views
Project contains .java files error when implementing Sonarcloud on React Native using Bitbucket Pipeline SonarQube Cloud	1	1477	October 18, 2021
Problems when caching sonar in Bitbucket Pipelines SonarQube Cloud java , scanner , bitbucketcloud , sonarqube-cloud	12	2093	July 15, 2022
Update Bitbucket Pipeline C/C++/Obj-C Example to Address Sonar Scanner Java Error SonarQube Cloud scanner , bitbucket , sonarqube-cloud	2	394	August 29, 2023
Error when Run pipeline SonarQube Cloud	7	790	April 21, 2021
Dependencies/libraries were not provided for analysis of SOURCE files SonarQube Cloud sonarqube-cloud	3	894	February 15, 2024

Populating sonar.java.libraries

Related topics