We are pleased to announce the release of the Sonar scanner for Gradle 7.3.1.
This patch version addresses key issues encountered by users running the scanner alongside the Android Gradle Plugin 9. Specifically, this release:
Fixes Java binary computation in Android projects.
Prevents analysis crashes when task-generated Android sources are present.
We highly encourage everyone to upgrade to this latest version. If you have any feedback or run into any issues, please open a new discussion thread. We’d love to hear about your experience!
Thank you for the heads-up and to the team for shipping the 7.3.1 release! I bumped our version and tested it right away.
While 7.3.1 definitely resolves previous issues, we are unfortunately still hitting an AGP 9.2 strict Provider API crash (MissingValueException / InvalidUserCodeException) specifically during the :app:sonarResolver task.
It appears the plugin is still eagerly querying the lazy task graph for Android resource directories (e.g., generateStagingDebugAndroidTestResValues) before they are evaluated or completed.
For now, we are forced to keep the -x :app:sonarResolver exclusion in our pipeline to bypass the crash and keep our builds green, but I’d really appreciate it if the engineering team could take a look at the logs in the new thread!
We are also encountering a critical regression in this version. Sonar is logging millions of occurrences of the following error:
File ‘XYZ.kt’ not found in project sources
Unfortunately, we cannot share the logs because they contain proprietary information and the log file itself exceeds 5.5 million lines
In addition, we have observed that some modules are no longer being detected in version 7.3.1. Please see the comparison below illustrating the difference.
It is important to note that the only change on our side was upgrading to version 7.3.1. We did not modify any Sonar configuration, analysis settings, or project structure. The issue was not present before the version bump and appears to be directly related to the upgrade.
We have also noticed that the sonarResolver task is being executed for modules where Sonar is not enabled at all. For example:
Task :dev-features:dev-settings:sonarResolver → Sonar is completely disabled for this
Could you please investigate these issues as a matter of priority? This regression is significantly impacting our analysis results.
Thank you for reporting this issue. Could you please open a new discussion with this information, so that we can better track this as a separate problem for us to investigate ?
In the meantime, while we are trying to identify the root of your problem, I would suggest that you stay on version 7.3.0 of the scanner if the analysis succeeds with it and exhibits the expected behaviour.
