Scan project java before build bin file

yoo · August 21, 2024, 1:24am

Hi guys,
I am trying to write Jenkinsfile to build my java project. To speed up the build I need to check sonarscan and quality gate before running maven build command. I searched and couldn’t find any way to do that.

Colin · August 22, 2024, 5:13am

Hey there.

For a proper analysis, you need to have built your Java project before analyzing it. What makes you think this will speed up the build?

yoo · August 22, 2024, 8:06am

I want sonar only scan code on gitlab before maven build jar file. If sonarqube scan code failed. Jenkins will skip step build jar file.

Colin · August 22, 2024, 9:44am

SonarQube relies on information from the build to perform a proper analysis, so I don’t think this is the right approach.

yoo · August 22, 2024, 10:00am

I want test, if there are many method to bypass the requirement binary file ?

Colin · August 22, 2024, 10:22am

Sure, you can run the normal sonar-scanner and simply set sonar.java.binaries=. (a dummy value), but again, this affects the quality of analysis results.

yoo · August 22, 2024, 11:57am

I configured sonar.jar.binarires=. , But when scan jenkins emit the error:

WARN: Access to the multi-values/property set property 'sonar.java.binaries' should be made using 'getStringArray' method. The SonarQube plugin using this property should be updated.
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 23.953s
INFO: Final Memory: 30M/320M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
java.lang.IllegalStateException: Can not execute Findbugs
	at org.sonar.plugins.findbugs.FindbugsExecutor.execute(FindbugsExecutor.java:185)
	at org.sonar.plugins.findbugs.FindbugsSensor.execute(FindbugsSensor.java:130)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:64)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:88)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:61)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:79)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:61)
	at org.sonar.scanner.scan.SpringModuleScanContainer.doAfterStart(SpringModuleScanContainer.java:82)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scan(SpringProjectScanContainer.java:398)
	at org.sonar.scanner.scan.SpringProjectScanContainer.scanRecursively(SpringProjectScanContainer.java:394)
	at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart(SpringProjectScanContainer.java:363)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
	at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:139)
	at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:188)
	at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:167)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:71)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:65)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at jdk.proxy1/jdk.proxy1.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
	at org.sonarsource.scanner.cli.Main.main(Main.java:62)
Caused by: java.lang.IllegalStateException: One (sub)project contains Java source files that are not compiled (/home/jenkins/agent/workspace/dmin_test-scan-no-binary_testing)

Colin · August 22, 2024, 12:59pm

That issue is coming from GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube. You should either get in touch with the maintainer, or uninstall it.

Topic		Replies	Views
Sonar.java.binaries properties should be written for all Projects SonarQube Server / Community Build java , sonarqube	15	10502	June 28, 2019
Scan source directory of any project SonarQube Server / Community Build sonarqube , scanner	4	1200	December 2, 2021
Can I not use Sonar.java.binaries parameters? SonarQube Server / Community Build java , sonarqube , scanner	3	2361	July 2, 2021
org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes SonarQube Server / Community Build java , sonarqube , scanner	2	614	May 16, 2022
"No analyses found in this build" for the Java project SonarQube Server / Community Build sonarqube	1	241	October 20, 2023

Scan project java before build bin file

Related topics