Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FindBugs scanner complains with only a Kotlin DSL Gradle build script in the sources #1037

Open
Vampire opened this issue Sep 30, 2024 · 2 comments
Open

FindBugs scanner complains with only a Kotlin DSL Gradle build script in the sources #1037

Vampire opened this issue Sep 30, 2024 · 2 comments

Comments

@Vampire
Copy link

Vampire commented Sep 30, 2024

Issue Description

I have a project that is analyzed with SonarQube 9.9.

As the “Dependency-Check Integration” plugin’s scanner is reporting the findings on the build scripts, I added the build scripts as source files for the analyzed project.

I just ported it from Groovy DSL build scripts to Kotlin DSL build scripts (which are not named build.gradle.kts, but <project-name>.gradle.kts).

For the subprojects where also other sources are available, this works.
But in the root project only the build script is in the SonarQube sources.
As there is no other code, there is also no sonar.java.binaries set.

If I now run the SonarQube analysis, I get:

Can not execute Findbugs
[...]
Caused by: java.lang.IllegalStateException: One (sub)project contains Java source files that are not compiled (/var/lib/teamcity-buildAgent/work/aed74103c764f0f2).
Property sonar.java.binaries was not set, it is required to locate the compiled .class files. For instance set the property to: sonar.java.binaries=target/classes

The error message is actually wrong.
There is no Java source file, the build script is the only source in that module.
And a .kts file typically is of course not compiled and thus no binaries available.
If there are only .kts files in the source (or maybe at least if there are only .gradle.kts files), the FindBugs scanner should probably not get invoked and complain about missing class files.

Not adding the Kotlin DSL Gradle build script or excluding it fixes that problem that makes the analysis fail. But that is of course a sub-optimal solution as then the file is not available as source for other scanners and also not available in the web ui.

Environment

Component Version
SonarQube 9.9
Sonar-FindBugs 4.2.7
Gradle 7.6.4
Java 17
@gtoison
Copy link
Contributor

gtoison commented Sep 30, 2024

Thank you for reporting the issue!
Would it make sense to ignore .kts files when checking if the project has sources but no compiled code?
In other words: if the project has .kts sources but no compiled .class file it should be fine (nothing for SpotBugs to analyse)

@Vampire
Copy link
Author

Vampire commented Sep 30, 2024

Sounds like it to me, yes, unless they can be analysed without provided class files.

Or maybe some way to exclude globs only from FindBugs scanner sources, not from whole SQ sources.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Vampire @gtoison