My setup:
Example of the error:
16:00:54 [INFO] [23:00:54.219] Sensor JavaSquidSensor
16:00:55 [INFO] [23:00:55.030] Java Main Files AST scan...
16:00:55 [INFO] [23:00:55.030] 1532 source files to be analyzed
16:00:58 [ERROR] [23:00:57.927] Class not found: javax.annotation.Nullable
16:00:58 [ERROR] [23:00:57.928] Class not found: javax.annotation.CheckReturnValue
16:00:58 [ERROR] [23:00:58.114] Class not found: javax.annotation.Nullable
According to this stackoverflow question, javax.annotation should be part of java 1.7 and up. Furthermore, I've tried putting it in the local maven repository but that didnt help.
So where is Sonar trying to find this package? Any help?!?
Update:
According to http://docs.oracle.com/javase/7/docs/api/index.html?javax/annotation/package-summary.html the classes you expect are not part of JDK 7.
The classes you're looking for are part of google JSR-305 implementation that was initiated here https://code.google.com/p/jsr-305/source/browse/trunk/ri/src/main/java/javax/annotation/Nullable.java?r=24 and which moved to Findbugs:
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>3.0.0</version>
</dependency>
According to https://jcp.org/en/jsr/detail?id=305 the JSR-305 is finished, but is in dormant status and has not been added to a JDK release yet.
Hope it helps.
To avoid adding SonarQube specific dependencies to your project, define a profile like this:
<profile>
<id>sonarqube</id>
<dependencies>
<dependency>
<groupId>org.joda</groupId>
<artifactId>joda-convert</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
<version>3.0.0</version>
</dependency>
</dependencies>
</profile>
Then run your sonar analysis with a command like
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.1:sonar -Psonarqube,sonarqube-dev
The sonarqube-dev profile is defined in my ~/.m2/settings.xml and it just specifies where my development environment SonarQube installation is
<profile>
<id>sonarqube-dev</id>
<properties>
<!-- no direct db connections in new sonar -->
<sonar.host.url>
http://localhost:9000/
</sonar.host.url>
</properties>
</profile>
What is achieved by all this?
This is more an addendum to the latest answer:
I see similar problems and adding the google findbugs dependency to the project dependencies helps. Similar problems occured with joda convert like
[ERROR] [20:44:25.247] Class not found: org.joda.convert.ToString
Hence I also added
`<dependency>
<groupId>org.joda</groupId>
<artifactId>joda-convert</artifactId>
<version>1.8.1</version>
<scope>provided</scope>
</dependency>`
But note, that I set the scope to provided to prevent these new dependencies to be added to a resulting war file.
However, I still wonder why these errors occur since none of the analyzed classes seem to use these annotations?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With