SonarQube scan runs but doesn't generate any results

mgoblue0970 · August 18, 2020, 5:41am

Hello:

I’m running a SonarQube scan for the first time. It’s the CE version, 8.3.1.

I have SQ running on a server at 192.168.56.111. My development workstation is on 192.168.0.11. There are no network problems.

Since I’m new to this, I’m trying to keep it as basic as possible. I’m using the sample HelloWorld in https://github.com/SonarSource/sonar-scanning-examples/blob/master/sonarqube-scanner-maven/maven-basic/src/main/java/com/acme/basic/

I’m not using Git. Just saving the HelloWorld project to the local hard drive

The source code is at /opt/workspace/eclipse/java/my-app/src/main/java/com/mycompany/app/

The scanner is at /opt/sonarqube/scanner/sonar-scanner-4.4.0.2170-linux/bin

Here’s a copy of the properties file. I’m using the same file whether or not I put it in the scanner’s conf directory or the application workspace… I’ve seen different webpages that say it goes in either spot:

sonar.host.url=http://192.168.56.111:9000

sonar.sourceEncoding=UTF-8

sonar.projectKey=com.mycompany.app:my-app

sonar.scm.disabled=True

sonar.sources=/opt/workspace/eclipse/java/my-app/src/main/java/com/mycompany/app

sonar.login=73a9a7ab66a335d0d83aee813d576e184934a336

When I run sonar-scanner and then go check the results, Projects | Name | Overview, it says "The main branch has no lines of code.

Question #1: If sonar.scm.disabled=True is in the props file, how can this error happen? I also went to the project settings in the SQ server and disabled the SCM sensor there too. Same results.

Question #2: I noticed in the terminal output, it said .java files are being ignored. So I changed the sonar.sources property to where the class files are at: /opt/workspace/eclipse/java/my-app/target/classes/com/mycompany/app/. Same results. What should the sonar.sources property be? Does SQ work on the java files or the class files?

The results say “No Issues. Hooray!”. So I added this but of ugliness to the sayHello method in the HelloWorld class:

KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);

Question #3: Still no code issues. SQ should have flagged on the 1024 (as it’s less than 2048) size right?

Thanks!

ganncamp · August 19, 2020, 6:05pm

Hi,

You have a lot of questions here, and generally we try to keep it to one question per thread. Otherwise it can get messy. I’ll give a go at answering what you’ve asked, but if you have followups on multiple items, you’ll need to split that into multiple threads.

sonar-project.properties belongs in your project root.

SCM being enabled or disabled is a red herring.

Java analysis requires both the source files and the compiled class files.

It would be interesting to see that log excerpt

mgoblue0970:

The results say “No Issues. Hooray!”. So I added this but of ugliness to the sayHello method in the HelloWorld class:
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(1024);
Question #3: Still no code issues. SQ should have flagged on the 1024 (as it’s less than 2048) size right?

You really need to solve “The main branch has no lines of code” before you tackle this.

You should execute analysis from project root, and sonar.sources should be relative to that same directory. This is probably the root of your problem.

HTH,
Ann

mgoblue0970 · August 24, 2020, 8:43pm

You should execute analysis from project root, and
sonar.sources should be relative to that same directory.
This is probably the root of your problem

What is the project root considered then?

Because when I just make sonar.sources /opt/workspace/eclipse/java/my-app/
It gives me the finger.

When I make it
/opt/workspace/eclipse/java/my-app/src/main/java/com/mycompany/app/
The scan fails because it errors out on the *.java files.

When I make it
/opt/workspace/eclipse/java/my-app/target/classes/com/mycompany/app/
It doesn’t error out on the *.java files rather it says it’s ignoring them.

So what does SonarQube consider the project root???

Thanks!

ganncamp · August 25, 2020, 5:16pm

Hi,

Project root is where you check out. So after this:

git clone myproj

Project root would be the myproj directory, and you would

cd myproj
#[build required for certain languages]
sonar-scanner

I’ve used the vanilla scanner command here. If a scanner specific to your build system is available, you should use that instead.

HTH,
Ann

mgoblue0970 · August 26, 2020, 12:47am

Hi Ann:

Thanks for your continued support…

Project root is where you check out.

I wrote in the OP this:

Since I’m new to this, I’m trying to keep it as basic as possible.
[…] I’m not using Git. Just saving the HelloWorld project to the local hard drive

I’ve used the vanilla scanner command here.

Me too. I downloaded the one from the link which says:

What is your project's main language?

Other

What is your OS?

Linux

So do I HAVE to use Git then; it’s not possible to just scan something from the local hard drive?

Yes, I know git clone copies a project to the local hard drive but I posted three paths in my last reply and really didn’t get the question answered.

Thanks!

mgoblue0970 · August 26, 2020, 3:41am

Hi Ann:

Got it working…

I need to have a properties file both in the scanner/conf AND my project root. If I don’t have a properties file in scanner/conf and only in the project root, it throws this error:

ERROR: SonarQube server [http://localhost:9000] can not be reached

so I copied the properties file from project root to scanner/conf.

ALSO, as I mentioned in previous posts, this is the project root:

/opt/workspace/eclipse/java/my-app

This is where the source code files are:

/opt/workspace/eclipse/java/my-app/src/main/java/com/mycompany/app/

This is where the binaries are:

/opt/workspace/eclipse/java/my-app/target/classes/com/mycompany/app/

… with that said, here is what the working properties file looks like:

sonar.projectBaseDir=/opt/workspace/eclipse/java/my-app
sonar.sources=src
sonar.java.binaries=/opt/workspace/eclipse/java/my-app/target/classes/com/mycompany/app

So basically the solution is to use projectBaseDir rather than sources and add java.binaries.

Thanks for all your replies and sticking through this with me!!!

ganncamp · August 26, 2020, 6:02pm

Hi,

Just to be really clear:

you don’t have to check out. I was making an assumption AND that’s the easiest way to explain what project root is.
you should not need to set sonar.projectBaseDir. This goes back to starting analysis from project root. So in this case you should
```
cd /opt/workspace/eclipse/java/my-app
sonar-scanner -Dsonar.sources=source -Dsonar.java.binaries=target/classes/com/mycompany/app
```
(Obviously putting those properties in sonar-project.properties is also a viable option)

Ann

system · September 2, 2020, 6:02pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.