Sonar-maven-plugin Illegal reflective access by net.sf.cglib.core.ReflectUtil

Currently we are using the https://github.com/SonarSource/sonar-scanner-maven in our Maven based build but unfortunately we get the following WARNING during our build:

We are running JDK 11 in our Build:
Maven Version 3.6.3
SonarQube Version 8.4.2 (build 36762) (Developer Edition)

[INFO] --- sonar-maven-plugin:3.7.0.1746:sonar (default-cli) @ project-parent ---
...
[INFO] User cache: /home/jenkinsci/.sonar/cache
[INFO] SonarQube version: 8.4.2
[INFO] Default locale: "en_US", source code encoding: "UTF-8"
....
...
15:20:16  [INFO] ------------- Run sensors on XXXXX
15:20:16  [INFO] Load metrics repository
15:20:16  [INFO] Load metrics repository (done) | time=18ms
15:20:18  WARNING: An illegal reflective access operation has occurred
15:20:18  WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/home/jenkinsci/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
15:20:18  WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
15:20:18  WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
15:20:18  WARNING: All illegal access operations will be denied in a future release
15:20:19  [INFO] Sensor JavaSquidSensor [java]

It looks at the moment that the problem is located within the sonar-tsql-plugin.jar which is downloaded from SonarQube Server so i would say it’s a problem within the SonarQube server (correct me if I’m wrong)…

Based on what I’ve seen the last release of the plugin is of 2019 and in the git repository there are some activities in 2020 … but unfortunately no new release which might fix this issue … (based on what I see in the history I would say it’s not fixed, but I’m not sure)…

Furthermore the git repository does not allow to file in issues for the project …

Hi,

Thanks for the report. We’re aware of these warnings & it’s on our list.

 
HTH,
Ann