The following classes needed for analysis were missing: apply test isTrusted makeConcatWithConstants

I am getting this error:

 The following classes needed for analysis were missing:

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

INFO: SonarScanner
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Mac OS X 10.13.6 x86_64
Maven + Springboot 2.1.4 project



  • what are you trying to achieve
    Run sonnar-scanner and publish the results to a enterprise sonar portal.

  • what have you tried so far to achieve this
    When I run the sonar-scanner it recognises the file and run the scanner but it throws the following message, consequently the coverage results are 0%.
    INFO: Findbugs output report: /Users/myuser/www/genesis-link-service/.scannerwork/findbugs-result.xml

    The following classes needed for analysis were missing:

I would really appreciate your help.

Many thanks in advance

Hello @vhbazanm,

Just a small question for you, if you are trying to analyze a maven project, why are you not using the dedicated maven scanner?
To me, you should rely on the dedicated SonarSource maven scanner plugin for your project, rather than the standard sonar.scanner, which is not optimal for maven. The maven plugin would configure your analysis, taking into account most of the complexity of your maven architecture.

Then, can you please provide a bit more details about your SonarQube instance?

  • What is the version of your SQ instance?
  • What is the version of the SonarSource Java analyzer embedded in your SQ instance?

Also, I can not find a trace of this log line in the latest versions of the SonarSource Java analyzer. Are you sure it comes from one of our analyzers?

Finally, surefire is only the tool that executes and details test completions in Java, it is not related to coverage. Consequently, I don’t see how this line could work, because it is not at all related to coverage:

The same comment apply for findbugs. Findbugs is another static analyzer which is going to produce a report which can be included in the project, by injecting some extra issues on top of the ones coming from SonarSource analyzers, it is not related to coverage.

EDIT: Please also share the entire logs of your analysis, as it might help better understanding what is happening.

Hope this helps,

I’m running into the same issue when using the Gradle task.

Hello Ray,

If you are running into the same issue, please provide the same info initially provided, but fitting your project, and answer my previous questions.


Gradle plugin version 3.1.1

Enterprise Edition Version 8.7 (build 41497)

Dunno. Shouldn’t you be able to tell that from the SQ instance?

> Task :sonarqube
Unresolved imports/types have been detected during analysis. Enable DEBUG mode to see them.

The following classes needed for analysis were missing:

BTW, even with the scary looking messages, it seems as though it all works just fine.

Enabling DEBUG, as suggested, gives stacktraces that suggest the issue is in findbugs code, triggered from org.sonar.plugins.findbugs.FindbugsExecutor$

This error message is definitely reported by findbugs, and definitely not about SonarSource’s Java analyzer.

I would advise you to try getting assistance on findbugs side.
On this forum, I fear we won’t be able to help you.


But I’m not configuring Findbugs, I’m just calling the Sonarqube Gradle plugin. Shouldn’t that plugin work out of the box? Or at least tell me how to configure it properly?

1 Like

My guess is that your SonarQube instance has the findbugs plugin installed. Note that you can check what plugins are installed by querying https://localhost:9000/deploy/plugins/index.txt (replacing localhost:9000 by your instance URL).
This means that even if you are correctly calling the Sonarqube Gradle plugin, without any particularities or parameters, it will still execute all the plugins installed on your SQ instance. Concretely, on top of running all the native SonarQube plugins provided by SonarSource, it will still execute findbugs in the process, leading to following issues.

SonarSource analyzers, included in all SonarQube instances, are indeed working out of the box. Now, we are talking about a third-party plugin, and we can not guarantee the same behavior as soon as they are installed.

Unfortunately, I don’t know how to disable the findbugs plugin/analysis, and I won’t be able to help much more on this. Removing the plugin could help.