I’m using 8.4 SonarQube version to make an static analysis of a Java project and I was wondering if .class files are necessary to do it.
The official documentation says that they are optional:
But if I execute sonar-scanner without -Dsonar.java.binaries if fails and return this error:
ERROR: Error during SonarQube Scanner execution
ERROR: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
If I execute the same command defining "-Dsonar.java.binaries=." I get correctly the analysis with no error returned.
Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:
8.4 → 8.9.7 → 9.3 (last step optional)
You may find the Upgrade Guide helpful. If you have questions about upgrading, feel free to open a new thread for that here.
Regarding your question, I suppose that wording in the documentation should be a bit stronger. (I believe I recognize it as something I wrote several years ago, when binaries were still optional. I’ll raise the point internally.) For those languages, plus C, C++, and Objective-C, binaries are required, although for different reasons.
For Java we require the .class files because we read them during analysis to do a deeper, more thorough, more accurate analysis. For the other languages, compilation is required because we eavesdrop on it to learn enough about the project to do a thorough analysis.
As you said for Java .class files are required to do a more accurate analysis but I don’t understand why if this files are required I can run sonar-scanner in a project with no .class files and just defining "-Dsonar.java.binaries=." supposing it doesn’t take any binaries (if I don’t put that option it returns the error message I said before and that’s why I put the dot).
And another question: from which version binaries are required?