发表新帖
发表新帖

SonarQube “Class Not Found” during Main AST Scan

前端 未结
关注
3 538
北海茫月
北海茫月 2021-01-03 01:20

My setup:

  • Sonarqube 5.1.1
  • Sonar-Maven Plugin 2.6 (also tried 2.7 and 3.6)
  • JDK 1.7.0_51

Example of the error:

1
相关标签:
3条回答
  • 渐次进展
    2021-01-03 01:35

    According to http://docs.oracle.com/javase/7/docs/api/index.html?javax/annotation/package-summary.html the classes you expect are not part of JDK 7.

    The classes you're looking for are part of google JSR-305 implementation that was initiated here https://code.google.com/p/jsr-305/source/browse/trunk/ri/src/main/java/javax/annotation/Nullable.java?r=24 and which moved to Findbugs:

    <dependency>
  <groupId>com.google.code.findbugs</groupId>
  <artifactId>jsr305</artifactId>
  <version>3.0.0</version>
</dependency>

    According to https://jcp.org/en/jsr/detail?id=305 the JSR-305 is finished, but is in dormant status and has not been added to a JDK release yet.

    Hope it helps.

    0 讨论(0)
  • 遇见更好的自我
    2021-01-03 01:45

    This is more an addendum to the latest answer:

    I see similar problems and adding the google findbugs dependency to the project dependencies helps. Similar problems occured with joda convert like

    [ERROR] [20:44:25.247] Class not found: org.joda.convert.ToString

    Hence I also added 

        `<dependency>
        <groupId>org.joda</groupId>
        <artifactId>joda-convert</artifactId>
        <version>1.8.1</version>
        <scope>provided</scope>
    </dependency>`

    But note, that I set the scope to provided to prevent these new dependencies to be added to a resulting war file.

    However, I still wonder why these errors occur since none of the analyzed classes seem to use these annotations?

    0 讨论(0)
  • 北海茫月
    2021-01-03 01:58

    To avoid adding SonarQube specific dependencies to your project, define a profile like this:

        <profile>
        <id>sonarqube</id>
        <dependencies>
            <dependency>
                <groupId>org.joda</groupId>
                <artifactId>joda-convert</artifactId>
                <version>1.2</version>
            </dependency>
            <dependency>
                <groupId>com.google.code.findbugs</groupId>
                <artifactId>jsr305</artifactId>
                <version>3.0.0</version>
            </dependency>
        </dependencies>
    </profile>

    Then run your sonar analysis with a command like

    mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.1:sonar -Psonarqube,sonarqube-dev

    The sonarqube-dev profile is defined in my ~/.m2/settings.xml and it just specifies where my development environment SonarQube installation is

        <profile>
        <id>sonarqube-dev</id>
        <properties>
            <!-- no direct db connections in new sonar -->
            <sonar.host.url>
                http://localhost:9000/
            </sonar.host.url>
        </properties>
    </profile>

    What is achieved by all this?

    • sonarqube analysis specific dependencies don't pollute the project unnecessarily
    • no sonarqube maven plugin defined in pom.xml. Each developer and Jenkins can use whatever sonar plugin and server installation they wish
    0 讨论(0)
 看不清?
提交回复
热议问题