Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SonarQube "Class Not Found" during Main AST Scan

My setup:

  • Sonarqube 5.1.1
  • Sonar-Maven Plugin 2.6 (also tried 2.7 and 3.6)
  • JDK 1.7.0_51

Example of the error:

16:00:54 [INFO] [23:00:54.219] Sensor JavaSquidSensor
16:00:55 [INFO] [23:00:55.030] Java Main Files AST scan...
16:00:55 [INFO] [23:00:55.030] 1532 source files to be analyzed
16:00:58 [ERROR] [23:00:57.927] Class not found: javax.annotation.Nullable
16:00:58 [ERROR] [23:00:57.928] Class not found: javax.annotation.CheckReturnValue
16:00:58 [ERROR] [23:00:58.114] Class not found: javax.annotation.Nullable

According to this stackoverflow question, javax.annotation should be part of java 1.7 and up. Furthermore, I've tried putting it in the local maven repository but that didnt help.

So where is Sonar trying to find this package? Any help?!?

Update:

  • I've tried modifying the sonar-maven-plugin to include a dependency on javax.annotation
  • I've tried putting the dependency in my maven's settings.xml
  • Upgrading my JDK to 1.8 has not helped.
like image 747
wilson Avatar asked Jul 20 '15 23:07

wilson


3 Answers

According to http://docs.oracle.com/javase/7/docs/api/index.html?javax/annotation/package-summary.html the classes you expect are not part of JDK 7.

The classes you're looking for are part of google JSR-305 implementation that was initiated here https://code.google.com/p/jsr-305/source/browse/trunk/ri/src/main/java/javax/annotation/Nullable.java?r=24 and which moved to Findbugs:

<dependency>
  <groupId>com.google.code.findbugs</groupId>
  <artifactId>jsr305</artifactId>
  <version>3.0.0</version>
</dependency>

According to https://jcp.org/en/jsr/detail?id=305 the JSR-305 is finished, but is in dormant status and has not been added to a JDK release yet.

Hope it helps.

like image 97
Kraal Avatar answered Oct 17 '22 04:10

Kraal


To avoid adding SonarQube specific dependencies to your project, define a profile like this:

    <profile>
        <id>sonarqube</id>
        <dependencies>
            <dependency>
                <groupId>org.joda</groupId>
                <artifactId>joda-convert</artifactId>
                <version>1.2</version>
            </dependency>
            <dependency>
                <groupId>com.google.code.findbugs</groupId>
                <artifactId>jsr305</artifactId>
                <version>3.0.0</version>
            </dependency>
        </dependencies>
    </profile>

Then run your sonar analysis with a command like

mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.1:sonar -Psonarqube,sonarqube-dev

The sonarqube-dev profile is defined in my ~/.m2/settings.xml and it just specifies where my development environment SonarQube installation is

    <profile>
        <id>sonarqube-dev</id>
        <properties>
            <!-- no direct db connections in new sonar -->
            <sonar.host.url>
                http://localhost:9000/
            </sonar.host.url>
        </properties>
    </profile>

What is achieved by all this?

  • sonarqube analysis specific dependencies don't pollute the project unnecessarily
  • no sonarqube maven plugin defined in pom.xml. Each developer and Jenkins can use whatever sonar plugin and server installation they wish
like image 44
kosoant Avatar answered Oct 17 '22 05:10

kosoant


This is more an addendum to the latest answer:

I see similar problems and adding the google findbugs dependency to the project dependencies helps. Similar problems occured with joda convert like

[ERROR] [20:44:25.247] Class not found: org.joda.convert.ToString

Hence I also added

    `<dependency>
        <groupId>org.joda</groupId>
        <artifactId>joda-convert</artifactId>
        <version>1.8.1</version>
        <scope>provided</scope>
    </dependency>`

But note, that I set the scope to provided to prevent these new dependencies to be added to a resulting war file.

However, I still wonder why these errors occur since none of the analyzed classes seem to use these annotations?

like image 24
Gerd Aschemann Avatar answered Oct 17 '22 05:10

Gerd Aschemann