Geek Answers Handbook

Proper setup for "sonar.libraries" in a modern Android Gradle project

What I want to achieve:

In sonar, you can track the third-party dependencies used in all projects by setting the sonar.libraries property and there may be more advantages (for example, detecting violations caused by external libraries?)

What I tried to do:

I set the value to build/intermediates/pre-dexed/debug/*.jar , but this seems to be ineffective.

Question:

Since you no longer need to use the libs folder for third-party dependencies , what is the recommendation for the sonar.libraries property?

+6
source share
2 answers

We need to perform special processing when an Android project is detected. The correct definition of sonar.java.libraries is one of the requirements. A ticket already exists, feel free to vote or submit a pull request. https://jira.sonarsource.com/browse/SONARGRADL-6

Update: we have released version 2.1 of the plugin ( currently RC2 ), which supports Android projects. The sonar.java.[test.]binaries sonar.java.[test.]libraries and sonar.java.[test.]libraries will be automatically populated.

+4
source

The pre-dex folder also seemed like the perfect candidate for me. Unfortunately, if you look at the banks in this folder, you will see that they do not contain compiled classes, but dex files. The dex file is the dalvik executable, its Android and Sonar stuff can do nothing.

I managed to map some of my dependencies by declaring build/intermediates/exploded-aar/**/*.jar in the sonar.libraries property.

With this line, you will see all the “android librairies” (aar) that your project depends on. I have not been able to track all the other simple java libraires (jar) yet

+1
source

More articles:


All Articles