SonarScanner for Gradle 6.0: Automatic JRE provisioning

With version 6.0 of the scanner, when connecting to a SonarQube Server >= 10.6 instance or to SonarQube Cloud, the scanner will now download and cache a Java17 runtime from the server and use that runtime for the analysis.

This means that users will no longer need to have Java17 installed on their machines to run an analysis.

You can now benefit from this feature by specifying the plugin version to be >= 6.0 in your Kotlin build files:

plugins {

id("org.sonarqube") version "6.0.1.5171"

}

Or in your Groovy build files:

plugins {

id "org.sonarqube" version "6.0.1.5171"

}

As per documentation

F.A.Q.

How can I disable JRE provisioning?

  1. Skip JRE provisioning altogether

The download of the provided JRE from the server can be skipped by providing this analysis parameter to the scanner -Dsonar.scanner.skipJreProvisioning=true

With this property set the analysis will be run with the same JRE used to run Gradle.

  1. Provide your own JRE 17 to run the analysis

A specific JRE can also be defined to run the analysis with

-Dsonar.scanner.javaExePath=β€œ/path/to/jre”
This will also make the scanner skip the download of the JRE.

How can I modify JVM parameters for the analysis?

Java-specific parameters should now be provided with SONAR_SCANNER_JAVA_OPTS environment variables, e.g.:

export SONAR_SCANNER_JAVA_OPTS=β€œ-Xmx512m”

Or, as an analysis parameter

-Dsonar.scanner.javaOpts=”-Xmx512m”

I have errors with bouncycastle

SonarScanner for Gradle does not support gradle 8.1 and 8.2. Verify that you do not use one of those versions. SonarScanner for Gradle version 6 has dependency conflicts with Android Gradle Plugin versions below or equals 8.7.2. The easiest solution is to not use SonarScanner for Gradle v6 while the problem exists. Otherwise, you can refer to this post to solve the problem.

Examples of errors thrown when encountering problems with bouncycastle.

  • Caused by: java.lang.ClassNotFoundException: org.bouncycastle.asn1.edec.EdECObjectIdentifiers
  • Failed to create Jar file /home/erwan.serandour/.gradle/caches/jars-9/410b2233b4651a69bb3e6a5980dade24/bcprov-jdk18on-1.78.1.jar

More information on the scanner usage here

Note:

Analysis parameters like http.proxyHost, javax.net.ssl.keyStorePassword and javax.net.ssl.trustStore are no longer supported, and have been replaced with parameters like sonar.scanner.proxyHost, sonar.scanner.keystorePassword and sonar.scanner.truststorePath.


Always refer to the Analysis parameters page for the currently supported list of parameters.

1 Like