Warning:Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property.
This warning comes when you are doing sonar analysis of any java project.
In order to resolve the warning message, you need to include sonar.java.libraries alongwith othsr sonar.analysis properties.
Value for sonar.java.libraries: Comma-separated paths to files with third-party libraries (JAR or Zip files) used by your project. Wildcards can be used: sonar.java.libraries=path/to/Library.jar,directory/**/*.jar
After adding this property, re-run your sonar analysis and you can then see there will be no warning message in sonarqube.
Related
We had recently implemented SonarQube in our team and we have a dashboard configured
We've been able to see some of the details but the line coverage and code coverage is 0 always
Can you advise what we're missing ? I've checked the configuration and all of it seems to be in place
Assuming the latest SonarQube version, note that, as mentioned in this thread
Version 5.12 of our SonarJava analyzer deprecated use JaCoCo’s binary format (.exec files) to import coverage.
As a replacement, we developed the sonar-jacoco plugin, which imports JaCoCo’s XML coverage report, and this is the preferred option now. I
That page illustrates how to include those reports for a maven or a gradle project. Again, it depends on the nature of your projects.
Currently, I am using the 1.3 javascript jar. In my code analysis, all the 3rd party files/folders are also being analyzed. I am thinking about upgrading to the new 2.1 javascript plugin. Will this fix the issue? I would like the sonar analysis to scan only the developers code and not the 3rd party code. Otherwise, the developer will just turn off the javascript analysis completely. I have looked at the release notes but did not find anything.
You can setup exclusion patterns to prevent analysis of 3rd party libraries.
you have to define sources files with sonar.sources and files excluded with sonar.exclusions property. For example, in javascript :
sonar: {
sources: ['app','assets'].join(','),
exclusions: ['**/app/dependencies/**', '**/assets/bower_components/**']
}
The code base I am working with has a lot of generated code. In addition, there are also some deprecated files that I would want to exclude from SonarQube analysis. I've read up the documentation and looked at some answers on here about that, but it does not help in my case.
I have a multi-module maven project. So I have multiple projects in my workspace that are all part of a large application. Say I want to exclude this file:
/home/username/workspace/com.mst.rtra.importing.message/bin/com/mst/rtra/importing/message/idl/parse/idlparser.java
I don't really know how to write this in the exclusions settings on SonarQube because of how long the filepath is. Also, what if I want to exclude another file, but from a different module, say :
/home/username/workspace/com.mst.rtra.interpreter.create/
I am confused about I should write this in the exclusions box in project settings. Should I write the absolute file path due to the multi-module nature of this project? Or is there some other convention used?
In addition, if I want to exclude generated files from analysis, I would need to put file:/generated-sources/ as I saw in another answer. However, after analysis, I can still view the analysis results of those files when I open up the project in SonarQube dashboard.
We use ant rather than maven, and an older version of the Sonar ant task at that. But what works for us is setting a sonar.exclusions property in our build.xml, which accepts wildcards for filenames. For example:
<property name="sonar.exclusions" value="**/com/ex/wsdl/asvc/*.java,**/com/ex/wsdl/bsvc/*.java"/>
That skips analyzing all the code generated from a wsdl file for two services. You ought to be able to do something similar for maven.
I'm using STS, and with a Web (WTP); Maven; Groovy stack.
By default, it appears that the Groovy classpath entries weren't marked to be exported, and I was issued with the following warning:
Classpath entry GROOVY_DSL_SUPPORT will not be exported or published.
Runtime ClassNotFoundExceptions may result. Classpath entry
GROOVY_SUPPORT will not be exported or published. Runtime
ClassNotFoundExceptions may result.
So, I added the libraries from Project Properties -> Deployment Assembly -> Add...
However, now I get the following error:
Invalid classpath publish/export dependency
/Users/martypitt/springsource/2.8.1.RELEASE/sts-2.8.1.RELEASE/plugins/org.codehaus.groovy_1.8.4.xx-20111212-0900-e37-RELEASE/lib/antlr-2.7.7.jar.
The project contains another dependency with the same archive name.
I worked around by excluding antlr manually from my pom.xml. However, this seems counter-intuitive, and leaves me concerned about issues later when I deploy to a server outside of STS.
Is there a more appropriate way to resolve this issue?
You do not need to export the DSL support container. It provides editing support for some built in Groovy AST transforms. There is nothing in the classpath container required for compilation or runtime.
Looks like your project is groovy project. Go to eclipse and install groovy addon - from software site - http://dist.springsource.org/snapshot/GRECLIPSE/e4.6/
After this restart eclipse and you should have these in path/eclipse to work with.
Detailed instructions # https://github.com/groovy/groovy-eclipse/wiki
Make sure you have the proxy configured properly - if any.
I am using SONAR for Code Quality checks of my projects. In one project I would like to know the code coverage of a library which is included in the classpath (maven dependency).
Is it possible to configure SONAR (with embedded COBERTURA) to also instrument the specific library for code coverage analysis? As cobertura instruments the bytecode this should be possible but I do not know if it is supported by cobertura (even indepentend from SONAR).
Any hints are welcome.
Regards
Klaus
You would have to set up cobertura(maven target) yourself and import the results(See dynamic analysis)
sonar.dynamicAnalysis=reuseReports
sonar.cobertura.reportPath=PATH_TO_RESULT
But I will not help much:
you would need the src files of the jar to see the coverage, otherwise you would just get % numbers and I'm not even sure sonar will show the extra covered files
the coverage for your whole project will always include the % of the library, so it will go down
It is better to test each project with its own unit tests on its own.