Menu
Why sonar requires binary files (sonar.binaries)? How it uses binaries to do what ever it does with the binaries?
369
For code scanning sonarqube expects binary files, but my code repository does not conatin java binary files. Must-share information (formatted with Markdown): which versions are you using - SonarQube Version 6.1 with JDK 8 running on Linux machine.
sonar.java.binaries (required) Comma-separated paths to directories containing the compiled bytecode files corresponding to your source files. sonar.java.libraries. Comma-separated paths to files with third-party libraries (JAR or Zip files) used by your project.
For instance, SonarQube cannot report on unit test coverage without the data file that is produced by running the unit tests. Obviously, you can't run the unit tests without compiling your code. Some language analysis tools also require the compiled files, in addition to, or in place of, the source code files.
By default, only files that are recognized by your edition of SonarQube are loaded into the project during analysis. For example if you're using SonarQube Community Edition, which includes analysis of Java and JavaScript, but not C++, all . java and . js files would be loaded, but .
sonar.binaries is a deprecated property : you should now use sonar.java.binaries
This property is used by the java analysis (so I'm assuming you are analyzing java code).
The analysis is done file by file at source level, and in order to properly do a semantic analysis the java analyzer reads information of external dependencies from the .class files.
Concretely this is how it works : While analyzing A.java which declares :
class A {
B b;
}
The java analyzer will construct semantic model of class A and for external dependencies look into bytecode for B.class to complete its semantic analysis.
Why is it doing that ? in order to solve type of expressions to have a more accurate analysis. (ie: answering the question : What is the type of b.foo(): we need to find out the definition of foo() method).
This is a deliberate choice of implementation to rely on bytecode for every external dependencies, even if we have the source for them.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
