Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why sonar requires binary files (sonar.binaries)

Tags:

sonarqube

Why sonar requires binary files (sonar.binaries)? How it uses binaries to do what ever it does with the binaries?

like image 369
Amit Kaushik Avatar asked Aug 17 '16 06:08

Amit Kaushik

People also ask

Can SonarQube scan binaries?

For code scanning sonarqube expects binary files, but my code repository does not conatin java binary files. Must-share information (formatted with Markdown): which versions are you using - SonarQube Version 6.1 with JDK 8 running on Linux machine.

What are sonar Java binaries?

sonar.java.binaries (required) Comma-separated paths to directories containing the compiled bytecode files corresponding to your source files. sonar.java.libraries. Comma-separated paths to files with third-party libraries (JAR or Zip files) used by your project.

Does SonarQube require compiled code?

For instance, SonarQube cannot report on unit test coverage without the data file that is produced by running the unit tests. Obviously, you can't run the unit tests without compiling your code. Some language analysis tools also require the compiled files, in addition to, or in place of, the source code files.

Does SonarQube only analysis Java code?

By default, only files that are recognized by your edition of SonarQube are loaded into the project during analysis. For example if you're using SonarQube Community Edition, which includes analysis of Java and JavaScript, but not C++, all . java and . js files would be loaded, but .

1 Answers

sonar.binaries is a deprecated property : you should now use sonar.java.binaries

This property is used by the java analysis (so I'm assuming you are analyzing java code).

The analysis is done file by file at source level, and in order to properly do a semantic analysis the java analyzer reads information of external dependencies from the .class files.

Concretely this is how it works : While analyzing A.java which declares : 

class A {
   B b;
}

The java analyzer will construct semantic model of class A and for external dependencies look into bytecode for B.class to complete its semantic analysis.

Why is it doing that ? in order to solve type of expressions to have a more accurate analysis. (ie: answering the question : What is the type of b.foo(): we need to find out the definition of foo() method).

This is a deliberate choice of implementation to rely on bytecode for every external dependencies, even if we have the source for them.

like image 152
benzonico Avatar answered Oct 16 '22 15:10

benzonico
Sign in to Comment

Related questions

Sonar Installation problem
To exclude the generated code from sonar analysis on Quality violation
Sonar: How do I use gradle to inspect an android project
Several quality profiles for one project
SonarQube does not analyze files after upgrade from 4.2 to 4.3
Is there a way to embed coverage from SonarQube into a Github project as an icon?
Integrate Spock's test with Sonar
Sonarqube test report "report refers to a file which is not configured as a test file" when tests and source are together
No unit test success reported to sonar
SONAR complaining to change the condition so that it does not always evaluate to "false"
Sonarqube coverage configuration for React and Jest
How to persist configuration & analytics across container invocations in Sonarqube docker image
Difference between SonarQube and Fortify? [closed]
Associating a Project to Sonar in Eclipse
SonarRunner can't find sonar.projectKey, sonar.projectName, sonar.projectVersion, sonar.sources
difference between sonar and sonarqube
Unsupported major.minor version Exception for sonar-scanner
Multi module project analysis with SonarQube
java.lang.IllegalStateException: Not a JSON Object
Sonar fails with can't be indexed twice. Please check that inclusion/exclusion patterns produce disjoint sets for main and test files

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!