What I want to achieve:
In sonar it is possible to track third party dependencies used throughout Projects by setting the property "sonar.libraries" and perhaps there are more benefits (such as detecting which violations are caused by external libraries?)
What I tried to do:
I set the value to build/intermediates/pre-dexed/debug/*.jar but this seems to have little effect.
Question:
Since it is no longer needed to use the "libs" folder for third party dependencies, what is the recommendation for the property called "sonar.libraries"?
We need to implement special processing when an Android project is detected. Correctly setting sonar.java.libraries is one of the requirements. A ticket already exists, feel free to vote or provide a pull request. https://jira.sonarsource.com/browse/SONARGRADL-6
Update: we have released version 2.1 of the plugin (currently RC2) that natively supports Android projects. Properties sonar.java.[test.]binaries and sonar.java.[test.]libraries will be automatically populated.
The pre-dex folder also seemed to me to be the perfect candidate. Unfortunately, if you look into the jars in this folder, you'll see they contain no compiled class, but dex files. A dex file being a "dalvik executable", it's Android material, and Sonar can't do anything of it.
I managed to reference some of my dependencies, by declaring build/intermediates/exploded-aar/**/*.jar in the sonar.libraries property.
With this line you'll see all the "android librairies" (aar) that your project depends on. I've not yet managed to track all the other plain java libraires (jar)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With