Sonar.findbugs.allowuncompiledcode setting ignored

(Using SonarQube v 7.7.0.23042, SonarQube Scanner 3.3.0.1492, Java 1.8.0_121 Oracle Corporation (64-bit), and Mac OS X 10.14.3 x86_64)

I’m trying to scan a tree of Java files with no classfiles present. I keep getting the error:

Please provide compiled classes of your project with sonar.java.binaries property

However I don’t want to build these files, I just want them scanned. I installed FindBugs and set the sonar.findbugs.allowuncompiledcode in the sonar-project.properties file. It doesn’t help. I also tried adding -Dsonar.findbugs.allowuncompiledcode=true to the commandline and that didn’t help either. What am I missing?

Thanks for any help!
-Jason

Hi Jason,

The FindBugs plugin relies on SonarJava, and SonarJava requires byte code. You’re not going to be able to analyze your Java files without first compiling them.

 
Ann

Got it. Thanks for the reply. I guess I don’t understand what the allowuncompiledcode setting does. Can you explain what it means because although it sounds self-explanatory, I’m getting it wrong.

Is there a feature in SQ (unrelated to/doesn’t use FindBugs) that will analyze the Java files without bytecode?

Hello,

The SonarJava analyzer, SonarQube native’s analyzer for java files, requires bytecode. You can still choose not to provide it, but a large majority of the rules won’t be executed, or their performance will be considerably degraded (False Positives or False Negative). Without bytecode, it’s impossible to build the semantic model of a project.

Maybe the checkstyle community plugin does not require bytecode to perform its analysis, but I’m not even sure.

Hope this helps,
Michael

Hi,

Both SonarJava and FindBugs want both source and class files. FindBugs can run without them, SonarJava won’t. Since FindBugs relies on SonarJava, the practical effect is that that parameter is now useless (note that this was not always the case).

 
HTH,
Ann