Sonar only includes main compileClasspath leading to "following classes needed for analysis missing"


(andrew.oberstar) #1

This issues is made apparent when using SLF4J and appropriately marking the slf4j-api as a compile dependency and logback as a runtime dependency. When running ‘sonarAnalyze’, I get the following message:

:build
:sonarAnalyze
The following classes needed for analysis were missing:
  org.slf4j.impl.StaticLoggerBinder
  BUILD SUCCESSFUL

While analysis does complete, my limited understanding (from this StackOverflow post) is that it may be skipping some portion of Findbugs analysis. Based on the source code the default classpath passed into Sonar is the main compileClasspath. I was able to get around this particular error with the following code:

//needed the filter because some elements didn't exist (e.g. resources folder) and FIndbugs can't handle that
sonar.project.libraries = sourceSets.main.runtimeClasspath.filter { it.exists() }

I’m also concerned about similar issues happening when I analyze JUnit tests, since JUnit will not be on the main classpath. It seems reasonable for Gradle to have a different default here (maybe the test source set’s runtimeClasspath).

What do you think?


(Peter Niederwieser) #2

Since the plugin’s default is to only analyze the main source set, it seems logical to only include the main source set’s dependencies. Of course you can reconfigure this to match your needs. Maybe we should pass the runtime class path instead of the compile class path. From the Sonar documentation, I can’t tell which is right.


(andrew.oberstar) #3

Looks like not including test is the correct setting. However, I do think using the runtimeClasspath would be a good idea. I agree, the documentation isn’t very clear, but I don’t see what issues it would cause.