I'm running SonarQube scanner on a java project. In the properties file there's a property sonar.java.binaries=**/classes
to specify classes location for the projects.
The scan failed showing this error:
ERROR: Error during SonarQube Scanner execution
ERROR: Please provide compiled classes of your project with sonar.java.binaries property
when:
sonar.java.binaries
propertysonar.java.binaries
property to null
sonar.java.binaries=**/classes
but in the project directories there was no classes dir or there were empty onesThe scan was completed successfully when:
sonar.java.binaries=**/classes
and I created a classes folder putting into it a bogus file blabla.class
So my question is: why are the classes required if the scanner is working also without them?
Copied from the official documentation:
Java bytecode is required
Analyzing a Java project without providing the Java bytecode produced by
javac
(Android users: Jack doesn't provide the required.class
files) and all project dependencies (jar files) is possible, but will result in an increased number of false negatives, i.e. legitimate issues will be missed by the analyzer.From SonarJava version 4.12 binary files are required for java projects with more than one java file. If not provided properly, analysis will fail with the message
Please provide compiled classes of your project with sonar.java.binaries property
See Java Plugin and Bytecode for how to provide the Java bytecode if you are not using Maven to run your analysis.
As you see, the bytecode is required. If you don't feed the analyzer with the bytecode then built syntax/dependecy tree will miss some data, and you get more false negatives (issues which should be reported, but weren't).