Sonar scan not the scanning project after java version updated from 11 to 17

For my project, sonarClound was not scanning project because of java source version 11.
After I updated java source version to 17 in my feature branch which is not merged to develop (default branch).
Still sonarCloud is not scanning the project. If I do local sonar scan I can see the analysis.

I am using Java, Maven and Github action workflows.

Note: I have scan the develop branch with java source version 17.

   mvn -B -U sonar:sonar -Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }} 
  ${{ env.sonar_host_url }} 
            -Dsonar.projectKey=${{ env.project_key }} 


Welcome to the community!

This isn’t a question of your value; that simply tells analysis what version you’re coding with/to.

What’s important in this context (I assume - it’s difficult to know for sure without the error message) is the version of Java running the analysis. It sounds like you need to upgrade Java on your build agent.


Thanks G Ann Campbell for replying.
We are running analysis on java 17. Our github action build agent is configured to use Java 17.
I have attached the sonar scan logs. In the logs I can verify jacoco report has been created and uploaded to sonar. I have redacted some organization secrets, name etc from attached logs.

github action code

 - name: SonarQube Scan
        run: |

          # all branches having PR will trigger this
          mvn -B -U  jacoco:report
          RPT=$(find . -name jacoco.xml)
          echo "$RPT"
          cat $(find . -name jacoco.xml)
          if [ "${{ github.event_name }}" == "pull_request" ]; then
            mvn -B -U  sonar:sonar \
            -Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }} \
  ${{ env.sonar_host_url }} \
            -Dsonar.projectKey=${{ env.project_key }} \
            -Dsonar.organization=******* \
            -Dsonar.verbose=true \
            -Dsonar.pullrequest.key=${{env.CHANGE_ID}} \
            -Dsonar.pullrequest.branch=${{env.BRANCH_NAME}} \
            -Dsonar.pullrequest.base=${{env.CHANGE_TARGET}} \
            -Dsonar.pullrequest.provider=GitHub \
            -Dsonar.coverage.jacoco.xmlReportPaths=$RPT \
            -Dsonar.pullrequest.github.repository=*******/******** \
            -Dsonar.pullrequest.github.endpoint= \
            -Dsonar.cpd.exclusions=**/* \
            -Dsonar.test.inclusions=src/main/java/com/*******/emr/sg/**/**/*,src/main/java/com/*******/emr/restapi/sg/**/* \
            mvn -B -U  sonar:sonar \
            -Dsonar.token=${{ secrets.SONARCLOUD_TOKEN }} \
  ${{ env.sonar_host_url }} \
            -Dsonar.projectKey=${{ env.project_key }} \
            -Dsonar.verbose=true \
            -Dsonar.organization=******* \
  ${{ env.BRANCH_NAME }} \
            -Dsonar.coverage.jacoco.xmlReportPaths=$RPT \
            -Dsonar.test.inclusions=src/main/java/com/*******/emr/sg/**/**/*,src/main/java/com/*******/emr/restapi/sg/**/* \

Maven configuration



sonar log.txt (34.8 KB)


I’m confused.

What’s the complaint?


Sorry for the confusion.
In my case Sonar cloud does not show any analysis (0 bugs, 0 code smells, 0 coverage etc.) see first screenshot.
If I run the sonar locally it shows the analysis . See the second screenshot.

I am not sure why sonar cloud not showing analysis.


Can we have the analysis log from the non-local (CI?) analysis?


Logs from github action (non local)

sonar log.txt (34.8 KB)


Thanks for the log. (Sorry, I didn’t realize the first log was the right one.)

So your main branch analysis shows 0s on everything. What shows up under the Code tab? Because in the log, I’m seeing this:

2024-02-22T18:24:19.9235032Z [INFO] 2 languages detected in 2 preprocessed files
2024-02-22T18:24:19.9240786Z [INFO] 427 files ignored because of inclusion/exclusion patterns
2024-02-22T18:24:20.6588623Z [INFO] Project configuration:
2024-02-22T18:24:20.6594918Z [INFO]   Excluded sources: **/build-wrapper-dump.json, src/main/java/com/*****/emr/sg/**/**/*, src/main/java/com/*****/emr/restapi/sg/**/*
2024-02-22T18:24:20.6598057Z [INFO]   Included tests: src/main/java/com/*****/emr/sg/**/**/*, src/main/java/com/*****/emr/restapi/sg/**/*
2024-02-22T18:24:20.6649485Z [INFO]   Excluded sources for coverage: com/*****/emr/sg/conf/*, com/*****/emr/sg/exception/*
2024-02-22T18:24:20.6664265Z [INFO] 2 files indexed

Is it expected that your exclusion configurations leave only 2 files in the analysis?


sorry I redacted org name from the logs. Replaced org name with ***.
attaching logs without removing org name.

2024-02-22T18:24:20.6588623Z [INFO] Project configuration:
2024-02-22T18:24:20.6594918Z [INFO]   Excluded sources: **/build-wrapper-dump.json, src/main/java/com/qhrtech/emr/sg/**/**/*, src/main/java/com/qhrtech/emr/restapi/sg/**/*
2024-02-22T18:24:20.6598057Z [INFO]   Included tests: src/main/java/com/qhrtech/emr/sg/**/**/*, src/main/java/com/qhrtech/emr/restapi/sg/**/*
2024-02-22T18:24:20.6649485Z [INFO]   Excluded sources for coverage: com/qhrtech/emr/sg/conf/*, com/qhrtech/emr/sg/exception/*
2024-02-22T18:24:20.6664265Z [INFO] 2 files indexed
2024-02-22T18:24:20.6693554Z [INFO] Quality profile for java: QHR Sonar Java

only exception and config java file are excluded. Rest of the files (more than 200) are included.


That’s not what your log says:

I think we’ve found the source of the difference. Going back to the log you uploaded yesterday, you’re passing a lot of parameters on the analysis command line.

Now, here’s something intersting:

2024-02-22T18:23:56.5022136Z if [ "workflow_dispatch" == "pull_request" ]; then
2024-02-22T18:23:56.5022691Z   mvn -B -U  sonar:sonar \
2024-02-22T18:23:56.5023318Z   -Dsonar.token=*** \
2024-02-22T18:23:56.5023816Z \
2024-02-22T18:23:56.5024396Z   -Dsonar.projectKey=*****_******** \
2024-02-22T18:23:56.5024920Z   -Dsonar.organization=***** \
2024-02-22T18:23:56.5025418Z \
2024-02-22T18:23:56.5025846Z   -Dsonar.verbose=true \
2024-02-22T18:23:56.5026293Z   -Dsonar.pullrequest.key= \
2024-02-22T18:23:56.5026793Z   -Dsonar.pullrequest.branch=develop \
2024-02-22T18:23:56.5027307Z   -Dsonar.pullrequest.base= \
2024-02-22T18:23:56.5027815Z   -Dsonar.pullrequest.provider=GitHub \
2024-02-22T18:23:56.5028423Z   -Dsonar.coverage.jacoco.xmlReportPaths=$RPT \
2024-02-22T18:23:56.5029148Z   -Dsonar.pullrequest.github.repository=*****/******** \
2024-02-22T18:23:56.5029958Z   -Dsonar.pullrequest.github.endpoint= \
2024-02-22T18:23:56.5030649Z   -Dsonar.cpd.exclusions=**/* \
2024-02-22T18:23:56.5031630Z   -Dsonar.test.inclusions=src/main/java/com/*****/emr/sg/**/**/*,src/main/java/com/*****/emr/restapi/sg/**/* \
2024-02-22T18:23:56.5032866Z   -Dsonar.coverage.exclusions=com/*****/emr/sg/conf/*,com/*****/emr/sg/exception/*
2024-02-22T18:23:56.5033593Z else
2024-02-22T18:23:56.5034131Z   mvn -B -U  sonar:sonar \
2024-02-22T18:23:56.5034710Z   -Dsonar.token=*** \
2024-02-22T18:23:56.5035211Z \
2024-02-22T18:23:56.5035772Z   -Dsonar.projectKey=*****_******** \
2024-02-22T18:23:56.5036272Z   -Dsonar.verbose=true \
2024-02-22T18:23:56.5036707Z \
2024-02-22T18:23:56.5037153Z   -Dsonar.organization=***** \
2024-02-22T18:23:56.5037677Z \
2024-02-22T18:23:56.5038241Z   -Dsonar.coverage.jacoco.xmlReportPaths=$RPT \
2024-02-22T18:23:56.5039262Z   -Dsonar.test.inclusions=src/main/java/com/*****/emr/sg/**/**/*,src/main/java/com/*****/emr/restapi/sg/**/* \
2024-02-22T18:23:56.5040477Z   -Dsonar.coverage.exclusions=com/*****/emr/sg/conf/*,com/*****/emr/sg/exception/*
2024-02-22T18:23:56.5041212Z fi

This is a cleaned-up quote from your log. You conditionally set the analysis command based on whether it’s a PR or not. (You shouldn’t need to do that. The PR values are picked up automatically from your environment, but anyway…)

What’s interesting is that in both branches, you include -Dsonar.verbose=true. And yet, the log that follows is not verbose. Explicitly, everything in the log is INFO-level or above. A verbose log would include DEBUG statements, and yours does not.

So the question is: what exactly is the analysis command that’s being run, where is it coming from, and what command-line flags does it include? (Okay, yes. That’s three questions. :nerd_face:.)