Upgrading the SonarScan Java Version in my Node Project

zach0811 · October 25, 2023, 4:06pm

Sonar Version: Version v3.23.0+2

How is SonarQube deployed?: Docker

I have a Concourse pipeline that runs a SonarQube Scan. Since the Sonar Scan uses Java, we need to make sure our Sonar Scan uses the appropriate version. I’m trying to update the Java version to 11 but the pipeline is still pointing to Java 1.8.

Here is my Sonar Properties file:

sonar.sourceEncoding=UTF-8
sonar.sources=server/src
sonar.exclusions=server/src/tests/**
sonar.projectBaseDir=.
sonar.java.source=11

As you can see I changed the source from 1.8 to 11.

This change had no effect on the pipeline identifying the intended Java version.

Here is my sonar.yml file. I tried replacing the repository url with “java11” instead of “node”.

platform: linux
image_resource:
  type: docker-image
  source:
    repository: docker.artifactory.company.com/flow/java11
    tag: "latest"
    username: ((user))
    password: ((password))
inputs:
  - name: code-repo
caches:
  - path: code-repo/server/node_modules
run:
  dir: code-repo
  path: cicd/scripts/sonar.sh

This change just broke the pipeline step.

Finally here is my sonar.sh file.

set -e
npm install -g n
n 14.16.0
node -v
npm -v

cd server/
export token=$(command to get token)

echo "registry = npm registry url

npm ci
cd ..
flow sonar scan $ENVIRONMENT

Thank you in advance!Preformatted text

ganncamp · October 26, 2023, 1:40pm

Hi,

Welcome to the community!

Can you check your SonarQube page footer and share the SonarQube version?

This doesn’t impact the JVM version analysis is run with. By the time these properties are read, the JVM has already started. This property tells the analyzer that you’re writing Java 11.

What you need to do is make sure the correct version of Java is installed on your build agent, and that it’s used to fire the analysis job. I’m not familiar with Concourse, so I can’t give you the exact syntax to do that, though.

HTH,
Ann

zach0811 · October 26, 2023, 2:19pm

We are using Version 9.9 (build 65466)

zach0811 · November 1, 2023, 1:23pm

We ended up changing our sonar.sh file to this.

#!/bin/bash
npm install 
export https_proxy=http://company-url.com:7070
set -e -x
flow sonar scan $ENVIRONMENT

This enabled the Sonar Scan step in our pipeline to pass but we received more errors.

We received thus error in the sonar dashboard.

“Javascript/Typescript/CSS rules were not executed. Error when running ‘node -v. Is Node.js available during analysis?”

I’m assuming this is because we took out the node logic from our sonar step.

ganncamp · November 1, 2023, 1:30pm

Hi,

Yes, analysis needs Node.js if you’ve got CSS, JavaScript or TypeScript in your project.

Ann