What does this warning mean, and what would be the work around?

we have just released 2 custom plugins with custom rules and they follow all the tutorial recommandations : sonar-java/CUSTOM_RULES_101.md at master · SonarSource/sonar-java · GitHub

It seems to work fine, but we have this in logs :

2022.03.10 17:21:27 WARN web[o.s.s.p.PluginJarLoader] Use of ‘Plugin-Dependencies’ mechanism is planned for removal. Update the plugin “my-plugin” [javacustom] to shade its dependencies instead.

Is this a false positive ? (since I DO use shade like in the example) Would it be about “createDependencyReducedPom” ?


Hey @Tristan107

I am not seeing the message you posted when building an empty custom rules plugin.

  • Can you share a longer sample from the logs?
  • What command are you using to build the plugin?
  • What version of Java are you using to build it?


Ok, thanks, I guess you are confirming it’s probably a false positive if I’m using “shade” already.

I would have liked to know what this warning is checking at what is it pointing at though ?

As far as I know it’s related to the skipDependenciesPackaging config:

Anyway, the deprecation was reverted in SonarQube 9.3: [SONAR-15776] Remove deprecation for 'Plugin-Dependencies' attribute declared by plugins - SonarSource

1 Like

Thanks for the catch @felipebz :slight_smile:

@Tristan107 Have you tried recently with a more recent version of SQ?

Thanks for the informations Felipe.
@Dorian_Burihabwa : we are using only LTS versions.

Alright then if upgrading to the latest SonarQube version can you confirm that the warning is not preventing your custom plugin from running?

I just wanted to know what was this warning, which is written in sonar source code and which you should be able to find why exactly it is here, and what is checked before triggering this warning.

Felipe has brought some good informations, except I already have this :

and my manifest (original or shaded) doesn’t include “Plugin-Dependencies” instruction.

It includes this though :
Plugin-RequirePlugins: java:
Could it be enough to trigger the warning ?