Old version of checkstyle detected. Consider updating to >= v8.30

Question

Small question regarding a SonarQube + Checkstyle warning please.

Currently, in my app, in my pom, I use the following Checkstyle plugin:

          <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-checkstyle-plugin</artifactId>
                <version>3.1.2</version>
                <configuration>
                    <outputFile>.out/reports/checkstyle/checkstyle-result.xml</outputFile>
                    <outputDirectory>target/reports/checkstyle</outputDirectory>
                    <outputFileFormat>xml</outputFileFormat>
                </configuration>
            </plugin>

This plugin is doing its job, no worries there.

When I run SonarQube though, I get this warning

Old version of checkstyle detected. Consider updating to >= v8.30
For more information see: https://maven.apache.org/plugins/maven-checkstyle-plugin/examples/upgrading-checkstyle.html

I obviously went to read the website, but I am still having hard time understanding.

The Checkstyle plugin I have is the latest known, version 3.1.2, checked on Maven central etc.

In SonarQube, I am running on the latest version, 8.9 LTS, with the latest version of Checkstyle plugin as well.

What am I missing please? Am I using some kind of wrong plugin?

Answer 1

It is a SonarQube plugin named sonar-checkstyle which needs to be installed or upgraded at the SonarQube server instance. The current version is 8.40.

Note: Refer to

• https://docs.sonarqube.org/latest/setup/install-plugin/
• https://docs.sonarqube.org/latest/instance-administration/plugin-version-matrix/
• https://github.com/checkstyle/sonar-checkstyle
• https://github.com/checkstyle/sonar-checkstyle/releases

Edit 1

Step 1

Firstly, there is a cache directory at <user_home>/.sonar/cache (for me on the Windows 10 is C:\Users\<myuser>\.sonar\cache), please delete all sub directories under this cache directory with purpose to let the org.sonarsource.scanner.maven:sonar-maven-plugin latest version download it from our SonarQube server instance and ensure that all related plugins are new and fresh after upgrading/installing at the SonarQube server instance. (Do not forget to restart it after finishing upgrading/installing to ensure all new are re-loaded)

Step 2

Secondly, make sure that we do not specify the org.sonarsource.scanner.maven:sonar-maven-plugin in our project pom.xml neither at the parent nor anywhere else with purpose to ensure that during executing, it will be a latest version which matches to our SonarQube server instance version.

Anyhow the formal document (https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/) also mentions about How to Fix Version of Maven Plugin as the following: -

How to Fix Version of Maven Plugin

It is recommended to lock down versions of Maven plugins:

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.sonarsource.scanner.maven</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>
        <!--Version that matched with our Sonar server instance version --> 
        </version>
      </plugin>
    </plugins>
  </pluginManagement>
</build>

The latest version is able to be browsed at https://search.maven.org/artifact/org.codehaus.mojo/sonar-maven-plugin or https://search.maven.org/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin The latest is version 3.9.0.2155 (Note: the version ?.y.z is matched with our Sonar server instance version)

Step 3

Last but not least, if our project is a multi-module projects there is a mentioned at the formal document (https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/) as the following: -

In some situations you may want to run the sonar:sonar goal as a dedicated step. Be sure to use install as first step for multi-module projects

mvn clean install

mvn sonar:sonar ...

Then there will be 2 steps here, mvn clean install first so that it is completed and then mvn sonar:sonar ... later on.

Edit 2

The maven-checkstyle-plugin is also able to specify the checkstyle version as mentioned at https://maven.apache.org/plugins/maven-checkstyle-plugin/examples/upgrading-checkstyle.html with the significant sentence as

Maven Checkstyle plugin comes with a default Checkstyle version: for maven-checkstyle-plugin 3.1.2, Checkstyle 8.29 is used by default.

Then the configuration for the maven-checkstyle-plugin will be like the following: -

    <project>
      ...
      <build>
        <pluginManagement>
          <plugins>
            <plugin>
              <groupId>org.apache.maven.plugins</groupId>
              <artifactId>maven-checkstyle-plugin</artifactId>
              <version>3.1.2</version>
              <dependencies>
                <dependency>
                  <groupId>com.puppycrawl.tools</groupId>
                  <artifactId>checkstyle</artifactId>
                  <version>...choose your version...</version>
                </dependency>
              </dependencies>
            </plugin>
          </plugins>
        </pluginManagement>
      <build>
      ...
    </project>

The latest version is able to be browsed at https://search.maven.org/artifact/com.puppycrawl.tools/checkstyle The latest is version 8.42.