SonarQube sonar quality gate fails with upgrade to Java 17 and maven sure-fire plugin

Must-share information (formatted with Markdown):

  • which versions are you using[sonar-maven-plugin:3.9.1.2184:sonar (default-cli)
    [2023-12-23T08:15:10.085Z] [INFO] User cache: /root/.sonar/cache
    [2023-12-23T08:15:10.486Z] [INFO] SonarQube version: 9.9.1.69595
  • how is SonarQube deployed:Docker
  • what are you trying to achieve
    Sonar quality gate fails after upgrade to Java 17 and adding configuration to maven sure-fire plugin

    maven-surefire-plugin

    –add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.nio.charset=ALL-UNNAMED

  • what have you tried so far to achieve this
    Removing configurations allows sonar to go through but the unit tests fails as Illegal reflective access is required for unit test to pass with upgrade to Java 17.
    Also tried adding :: --illegal-access=permit to configration but this option is ignored with java17.
    13:44:36 [ERROR] OpenJDK 64-Bit Server VM warning: Ignoring option --illegal-access=permit; support was removed in 17.0

13:44:36 [ERROR] OpenJDK 64-Bit Server VM warning: Sharing is only supported for boot loader classes because bootstrap classpath has been appended

Logs after sonar scan is successfully completed but task fails and quality report is not uploaded.

[2023-12-23T08:15:30.144Z] SonarQube task ‘AYyVvllAgy9onO3KUx8U’ status is ‘IN_PROGRESS’
[2023-12-23T08:15:33.768Z] SonarQube task ‘AYyVvllAgy9onO3KUx8U’ status is ‘SUCCESS’
[2023-12-23T08:15:33.768Z] SonarQube task ‘AYyVvllAgy9onO3KUx8U’ completed. Quality gate is ‘ERROR’

[2023-12-23T08:15:33.784Z] WARNING: sonar-scanner step failed due to quality gate status=ERROR.

[2023-12-23T08:15:33.784Z] Please visit sonarqube for more information (sonarqube link should be in js-static-analysis previous step).
[2023-12-23T08:15:33.784Z]
[2023-12-23T08:15:33.784Z] HINT: Most common failing reason is that you might need to write more tests or there is a sonarqube
[2023-12-23T08:15:33.784Z] configuration error.

Hey there.

Where does the requirement to add these options come from? A certain dependency / framework?

hello Colin,

If we upgrade from Java 11 to Java 17, maven sure-fire plugin needs the configuration to allow reflective access to java packages. In Java 17 this access is disabled. The details are mentioned here - Strongly Encapsulate JDK Internals (JEP 403: Strongly Encapsulate JDK Internals).

The surefire configuration is needed for unit tests to pass but is causing sonar error

  <plugin>
    <artifactId>maven-surefire-plugin</artifactId>
    <configuration>
      <argLine>--add-opens=java.base/java.lang=ALL-UNNAMED
      </argLine>
    </configuration>
    <dependencies>
      <dependency>
        <groupId>org.apache.maven.surefire</groupId>
        <artifactId>surefire-junit47</artifactId>
        <version>3.0.0-M5</version>
      </dependency>
    </dependencies>
  </plugin>

Similarly options need to be passed for maven-jar-plugin to allow access at runtime.

Thanks for the information.

Are you upgrading to Java 17 because of a SonarQube requirement, or overall just moving your project to Java 17?

If it’s the former, I’d reccomend running your build with Java 11 and only running SonarQube analysis with Java 17, as described in the scanner environment documentation.

# Maven build
mvn verify ...
export JAVA_HOME=/path/to/java-17
mvn sonar:sonar ...

If it’s the latter (your project is moving to Java 17) – the issue isn’t so much that SonarQube is failing the Qualitry Gate, but that your unit tests aren’t running. This community probably can’t help much in that case.