为什么 Sonar 中需要 Java 二进制文件?
我正在尝试检查仅使用源代码的分析和使用源代码以及编译后生成的 .jar 的分析之间是否有任何区别。 如果我删除“-Dsonar.java.binaries”属性,我会收到此错误:
ERROR: Error during SonarQube Scanner execution
ERROR: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
我正在使用的命令:
sonar-scanner '-Dsonar.host.url=http://192.168.1.25' '-Dsonar.projectKey=org.javaProject:myProject' '-Dsonar.projectName=myProject' '-Dsonar.sourceEncoding=UTF-8' '-Dsonar.sources=src' '-Djavax.net.ssl.trustStore=/certs'
你知道是否可以仅分析源代码而不使用任何二进制文件?
I'm trying to check if there are any difference between an analysis with only source code and with source code and the .jar generated after compiling.
If I delete the '-Dsonar.java.binaries' property I get this error:
ERROR: Error during SonarQube Scanner execution
ERROR: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
The command I'm using:
sonar-scanner '-Dsonar.host.url=http://192.168.1.25' '-Dsonar.projectKey=org.javaProject:myProject' '-Dsonar.projectName=myProject' '-Dsonar.sourceEncoding=UTF-8' '-Dsonar.sources=src' '-Djavax.net.ssl.trustStore=/certs'
Do you know if it is possible only to analyze source code without any binary file?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
为了使 SonarQube 具有任何重要价值,它应该在编译代码并运行单元测试之后作为构建的一部分运行。坦率地说,我不知道是否可以在没有类文件的情况下运行扫描,但我不建议您尝试这样做。
如果您真的只想查看静态分析问题,我相信有一个在 Eclipse 或可能的其他桌面工具中运行的“Sonar Lint”工具。
For SonarQube to be of any significant value, it should be run as part of a build, after the code is compiled and unit tests are run. I frankly don't know if it's possible to run a scan without class files, but I don't suggest you try to pursue that.
If you really only want to look at static analysis issues, I believe there is a "Sonar Lint" tool that runs in Eclipse or possibly other desktop tools.