Sonar scanner can't use Java custome rule

uyoaix · March 1, 2023, 10:06am

SonarQube: Community Edition 7.9.2 (build 30863)
Scanner: SonarScanner 4.7.0.2747
Plugin: sonar-java-plugin-5.13.1.18282.jar 、sonar-l10n-zh-plugin-1.29.jar、sonar-java-swagger-plugin-1.0.1.jar(my custom rule plugin)
java: Java 11.0.14.1 Eclipse Adoptium (64-bit)
os: Windows 11 10.0 amd64
SonarQube deployed: Docker

I could able to see the rules through web interface, then create one Quality Profile and active my rules , set it as default.

First of all, I test my rules with maven：mvn sonar:sonar， it is showing issues against my custome rule plugins in sonarQube. It works.

Then I use sonar-scanner(4.7.0.2747)，there are nothing issue report in Sonarqube with my custom rule Quality Profile, then I execute scanner with default file sonar way, it is showing some other issues.

below is my sonar-project.properties:
sonar.projectKey=xxx-service
sonar.projectName=xxx-service
sonar.sources=src
sonar.sourceEncoding=UTF-8
sonar.language=java
sonar.java.binaries=target/classes

also I try with command line: sonar-scanner -Dsonar.host.url=http://127.0.0.1:9000 -Dsonar.projectKey=customerbusiness-service -Dsonar.sourceEncoding=UTF-8 -Dsonar.sources=src -Dsonar.java.binaries=target/classes

I also try this topic( Sonar scanner is not scanning the JAVA custom rules) , add -Dsonar.scanner.dumpToFile=111
but can’t find which cause this problem:

Generated by a SonarScanner

#Wed Mar 01 17:33:23 CST 2023
awt.toolkit=sun.awt.windows.WToolkit
sonar.projectName=customerbusiness-service
java.specification.version=11
sun.cpu.isalist=amd64
sun.jnu.encoding=GBK
sonar.host.url=http://127.0.0.1:9000
sun.arch.data.model=64
java.vendor.url=https://adoptium.net/
sun.boot.library.path=D:\Program Files\sonar-scanner-4.7.0.2747-windows\jre\bin
sun.java.command=org.sonarsource.scanner.cli.Main -Dsonar.host.url=http://127.0.0.1:9000 -Dsonar.projectKey=customerbusiness-service -Dsonar.sourceEncoding=UTF-8 -Dsonar.sources=src -Dsonar.java.binaries=target/classes -Dsonar.scanner.dumpToFile=111
sonar.sourceEncoding=UTF-8
jdk.debug=release
sun.stderr.encoding=ms936
java.specification.vendor=Oracle Corporation
java.version.date=2022-02-08
java.home=D:\Program Files\sonar-scanner-4.7.0.2747-windows\jre
file.separator=\
java.vm.compressedOopsMode=Zero based
sun.stdout.encoding=ms936
line.separator=\r\n
java.vm.specification.vendor=Oracle Corporation
java.specification.name=Java Platform API Specification
user.script=
sun.management.compiler=HotSpot 64-Bit Tiered Compilers
java.runtime.version=11.0.14.1+1
user.name=Elvis.Wang
sonar.scanner.dumpToFile=111
sonar.scanner.appVersion=4.7.0.2747
file.encoding=GBK
sonar.projectBaseDir=D:\work\volvo-code\customerbusiness-service
java.vendor.version=Temurin-11.0.14.1+1
java.io.tmpdir=C:\Users\ELVIS~1.WAN\AppData\Local\Temp\
java.version=11.0.14.1
sonar.sources=src
java.vm.specification.name=Java Virtual Machine Specification
java.awt.printerjob=sun.awt.windows.WPrinterJob
sun.os.patch.level=
sonar.projectKey=customerbusiness-service
java.library.path=D:\Program Files\sonar-scanner-4.7.0.2747-windows\jre\bin;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;D:\Program Files\Java\jdk-11.0.17\bin;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;D:\Program Files\Git\cmd;D:\Program Files\Go\bin;D:\env\apache-maven-3.6.0\bin;D:\Program Files\Microsoft VS Code\bin;D:\Program Files\Go\bin;C:\Program Files\PowerShell\7\;D:\Program Files\sonar-scanner-4.7.0.2747-windows\bin;C:\Users\Elvis.Wang\AppData\Local\Microsoft\WindowsApps;D:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2022.3.2\bin;;C:\Users\Elvis.Wang\go\bin;C:\Users\Elvis.Wang\AppData\Local\Programs\oh-my-posh\bin;C:\Program Files\Docker\Docker\resources\bin;;.
java.vendor=Eclipse Adoptium
sun.io.unicode.encoding=UnicodeLittle
sun.desktop=windows
java.class.path=D:\Program Files\sonar-scanner-4.7.0.2747-windows\bin\…\lib\sonar-scanner-cli-4.7.0.2747.jar
java.vm.vendor=Eclipse Adoptium
user.variant=
user.timezone=
os.name=Windows 11
java.vm.specification.version=11
scanner.home=D:\Program Files\sonar-scanner-4.7.0.2747-windows\bin\…
sun.java.launcher=SUN_STANDARD
user.country=CN
sonar.scanner.app=ScannerCLI
sun.cpu.endian=little
user.home=C:\Users\Elvis.Wang
user.language=zh
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.awt.headless=true
path.separator=;
os.version=10.0
java.runtime.name=OpenJDK Runtime Environment
java.vm.name=OpenJDK 64-Bit Server VM
sonar.java.binaries=target/classes
java.vendor.url.bug=https://github.com/adoptium/adoptium-support/issues
sonar.language=java
user.dir=D:\work\volvo-code\customerbusiness-service
os.arch=amd64
sonar.working.directory=D:\work\volvo-code\customerbusiness-service\.scannerwork
java.vm.info=mixed mode
java.vm.version=11.0.14.1+1
java.class.version=55.0

uyoaix · March 1, 2023, 3:15pm

After I enable debug in sonnar-scanner, I find this warning:

WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property.

Then I Google search this, it shows that this is an issue need fix.
Sonar Scanner for Maven reports warning “missing sonar.java.libraries” when project doesn’t have any dependencies - SonarCloud - Sonar Community (sonarsource.com)
[MSONAR-170] Misleading warning when project has no dependencies - Jira (atlassian.net)

Last I find this jira , say this issue had fixed in version: 6.1.2
[SONARJAVA-3114] Message about missing bytecode dependencies should appear only when dependencies are actually missing - Jira (atlassian.net)

I want to know that: what shoud I change about this sonarjava

when I develop Java custom rule，sonar-java-plugin version >= 6.1.2

<dependency>
            <groupId>org.sonarsource.java</groupId>
            <artifactId>sonar-java-plugin</artifactId>
            <type>sonar-plugin</type>
            <version>>=6.1.2</version>
            <scope>provided</scope>
        </dependency>

2 . Or deployed sonarqube with one plugin >= 6.1.2 in \sonarqube_extensions\plugins directory,
e.g: sonar-java-plugin-6.15.1.26025.jar

uyoaix · March 1, 2023, 3:23pm

And I find this way to solve this

Configuration of parameter sonar.java.libraries when launched from Jenkins - Stack Overflow

Commons-lang StringUtils isNotBlank method still raise NPE - Clean Code / Report False-positive / False-negative… - Sonar Community (sonarsource.com)

At last, I add sonar.java.libraries with my maven repository , and it works.

sonar.java.libraries=D:\\env\\mvnRepo

ganncamp · March 3, 2023, 6:53pm

Hi,

Welcome to the community!

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

7.9.2 → 8.9.10 → 9.9

You may find the Upgrade Guide and the LTS-to-LTS Upgrade Notes for 7.9 to 8.9, as well as the LTS to LTS release upgrade notes for 8.9 to 9.9 helpful. If you have questions about upgrading, feel free to open a new thread for that here.

Ann

uyoaix · March 4, 2023, 11:39am

Thank you very much, Ann.
I also want to upgrade the version to the lastest LTS, but the sonarqube I used is belonged to our customer, they don’t want to upgrade it.

I have another problem, Can you help me take a look?

Sonar-scanner takes 10 times as long for analyzing