SonarQube 4.5.4 with Java plugin 3.5 doesn't recognize special Lombok annotations

Asked 8/9, 2015 at 8:32 Answered 12/1, 2022 at 15:51

Solved java sonarqube lombok sonarqube-4.5

I have recently updated SonarQube to version 4.5.4 and the Java plugin to version 3.5.

We have classes annotated with @Data, but it seems that the rule squid:S1068 doesn't handle this "special" annotations. Altough they should be ignored since version 3.4 according to https://github.com/SonarSource/sonar-java/pull/257 and https://jira.sonarsource.com/browse/SONARJAVA-990.

Please see attached screenshot. Did I forget to configure something?

UPDATE:

I wanted to ensure that our used Java plugin 3.5 has included the changes of commit https://github.com/benzonico/sonar-java/commit/5e7de16f59450061227d4103f64e351d1f93d9e9 so I reverse engineered the .jar file to see the source of rule squid:S1068 UnusedPrivateFieldCheck.java. Extended Lombok releated changes are there and apparently working!

Iphagenia answered 8/9, 2015 at 8:32 Comment(4)

How are you doing your analysis (maven or sonar-runner) ? how do you provide bytecode (and especially the bytecode of the @Data annotation) to the analyzer ? if bytecode is not provided type won't be resolved and issue will be raised. – Callus 8/9, 2015 at 9:2

We use Sonar Maven plugin for the analysis: mvn sonar:sonar -Dsonar.branch=some_branch_name. I think we do not provide the bytecode currently. @Callus Thats a very useful statement, I'm going to try your suggestion now – Iphagenia 8/9, 2015 at 9:18

With maven it is normally done automatically by the maven plugin. – Callus 8/9, 2015 at 13:53

Worked for me. #46363465 – Killerdiller 29/5, 2018 at 11:2

Finally I'm able to answer my own question with help of @benzonico's comment.

In our CI system's Sonar build log I found many warning messages: [WARN] [16:51:48.435] Class 'com/bla/bla/Application' is not accessible through the ClassLoader.

The bytecode analysis needs to get fixed for all classes and its dependencies in order to get a correct result. I had to set following Sonar properties:

sonar.java.binaries=target/classes
sonar.java.libraries=target/dependency/*.jar

Note that without sonar.java.binaries=target/classes it's not working, at least on our CI system (TeamCity).

Before running mvn sonar:sonar all Maven dependencies (transient ones too) are moved to the folder target/dependency by running mvn dependency:copy-dependencies before the analysis now.

Now the CI build log is cleaner, Lombok annotations get recognized.

Iphagenia answered 8/9, 2015 at 15:10 Comment(3)

please note that those keys (sonar.java.binaries etc) change with different versions of the java plugin, see docs.sonarqube.org/display/PLUG/Java+Plugin+and+Bytecode – Shackleton 6/11, 2015 at 10:19

mvn dependency:copy-dependencies did the trick for me, thank you! – Rajasthani 12/4, 2021 at 10:9

how about gradle? – Suspend 1/12, 2023 at 9:29

similarly you can add to command line directly:

Steps:

CD to the path which you want to run it on, and when you run sonar-runner add the following parameters:

-Dsonar.java.binaries=target/classes -Dsonar.java.libraries=target/lib/*.jar

Note: For me it was target/lib for the jars, not target/dependency.

Operational answered 19/10, 2015 at 17:58 Comment(0)

add these properties:

-Dsonar.language=java
-Dsonar.java.binaries=target/classes
-Dsonar.java.libraries=target/lib/*.jar

Mayflower answered 12/1, 2022 at 15:51 Comment(0)

Recommended topics

Hot tags