Sonar Scanner for Maven reports warning "missing" when project doesn't have any dependencies

I have a Maven project without any dependencies (see: EasyBundle). Sonnar Scanner for Maven reports the following warning:

12:37:56 [INFO] Sensor JavaSquidSensor [java]
12:37:58 [INFO] Configured Java source version ( 6
12:37:58 [INFO] JavaClasspath initialization
12:37:58 [WARNING] Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using property.
12:37:58 [INFO] JavaClasspath initialization (done) | time=88ms
12:37:58 [INFO] JavaTestClasspath initialization
12:37:58 [INFO] JavaTestClasspath initialization (done) | time=1ms
12:37:59 [INFO] Java Main Files AST scan
12:37:59 [INFO] 14 source files to be analyzed
12:38:03 [INFO] Java Main Files AST scan (done) | time=3866ms
12:38:03 [INFO] Java Test Files AST scan
12:38:03 [INFO] 8 source files to be analyzed
12:38:03 [INFO] 14/14 source files have been analyzed
12:38:04 [INFO] Java Test Files AST scan (done) | time=1405ms
12:38:04 [INFO] Sensor JavaSquidSensor [java] (done) | time=7678ms

It is also visible in SonarQube Web :wink:


It would be great if the scanner could be smart enough to hide the warning when no dependencies are used :slight_smile:


  • SonarQube 7.5.0
  • Sonar Scanner for Maven
  • Java plugins:
    • SonarJava 5.9.2 (build 16552)
    • JaCoCo 1.0.1 (build 143)
    • FindBugs 3.9.1
    • PMD 3.1.3


I can confirm this.
Also tried putting in the <dependecies> tag in the POM and adding no <dependency> tags to it.
The warning still shows up.

Not sure if this happend with SonarQube 7.3, but it does with 7.4 and 7.5.

I think the issue is caused by the Sonar Scanner :wink:

The scanner for Maven automatically collect dependencies, and passes property. When there are no dependencies, the property is empty. SonarJava reads this property and raises a warning when it is empty, considering this is likely a configuration mistake (for people manually providing scanner configuration).

I’m still not clear how to properly fix this, but in the meantime, I have created a ticket:


Hi @Julien_HENRY :slight_smile:

I have two proposals:

  1. Show the warning only if the parameter is not defined:

    • ← correct, no libraries
    • ← correct, one library
    • missing ← warning
  2. Add a new property which allows disabling the warning:

    • and ← correct, no libraries
    • or missing ← warning

The first looks better, but many people prepare configuration by copy&paste anti-pattern, and only remove values which they don’t understand. The second is more secure but introduces the new stupid property :disappointed:

I hope you will find a better approach.


1 Like

This is still an issue in March 2021 … I notice that the original Jira issue is still open with little or no activity since then :frowning: .

Hey there @ed_ward_graham

In fact, I think MSONAR-170 should probably be closed as “Won’t Fix” or “Duplicate” (ping @Julien_HENRY) now that SONARJAVA-3114 has been created (and solved!) in SonarQube v8.7. It should also be addressed on SonarCloud

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.