Skip to main content
1 min read Intermediate Source Code

TroubleShoot

Windows SonarQube Error

C:\Users\Administrator>cd Downloads\WebGoat-main

C:\Users\Administrator\Downloads\WebGoat-main>sonar-scanner.bat -D"sonar.projectKey=WebGoat" -D"sonar.sources=." -D"sonar.host.url=http://127.0.0.1:9000" -D"sonar.token=sqp_df97d5a7eb0dbe9064ee4ab3b8fc7b7f95675f51"
05:48:57.761 INFO  Scanner configuration file: C:\sast\sonar-scanner-cli-6.2.1.4610\sonar-scanner-6.2.1.4610-windows-x64\bin\..\conf\sonar-scanner.properties
05:48:57.769 INFO  Project root configuration file: NONE
05:48:57.792 INFO  SonarScanner CLI 6.2.1.4610
05:48:57.794 INFO  Java 17.0.12 Eclipse Adoptium (64-bit)
05:48:57.796 INFO  Windows Server 2022 10.0 amd64
05:49:18.559 ERROR Error during SonarScanner Engine execution
org.sonar.java.AnalysisException: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.

        at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart(SpringGlobalContainer.java:144)
        at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:226)
        at org.sonar.core.platform.SpringComponentContainer.execute(SpringComponentContainer.java:205)
        at org.sonar.scanner.bootstrap.ScannerMain.runScannerEngine(ScannerMain.java:149)
        at org.sonar.scanner.bootstrap.ScannerMain.run(ScannerMain.java:66)
        at org.sonar.scanner.bootstrap.ScannerMain.main(ScannerMain.java:52)

05:49:18.912 INFO  EXECUTION FAILURE
05:49:18.913 INFO  Total time: 21.157s

Solution

The error you're seeing is caused by the SonarQube Scanner trying to analyze Java files in your project without having access to compiled Java classes (.class files). Here’s how to resolve this issue.

Steps to Fix the SonarQube Scan Error for Java Files

  1. Option 1: Provide Compiled Classes If you want to include the Java files in the scan, you need to provide the compiled .class files by setting the sonar.java.binaries property to the path where the compiled Java classes are located.

    For example, if your compiled classes are in a folder like target/classes, you can modify the sonar-scanner command as follows:

     sonar-scanner.bat -D"sonar.projectKey=WebGoat" -D"sonar.sources=." -D"sonar.host.url=http://127.0.0.1:9000" -D"sonar.token=sqp_df97d5a7eb0dbe9064ee4ab3b8fc7b7f95675f51" -D"sonar.java.binaries=target/classes"

    Adjust target/classes to the actual location of your compiled classes.

  2. Option 2: Exclude Java Files from Analysis If you don’t want to analyze the Java files (maybe you're focusing on Python), you can exclude them by using the sonar.exclusions property.

sonar-scanner.bat -D"sonar.projectKey=WebGoat" -D"sonar.sources=." -D"sonar.host.url=http://127.0.0.1:9000" -D"sonar.token=sqp_df97d5a7eb0dbe9064ee4ab3b8fc7b7f95675f51" -D"sonar.exclusions=**/*.java"

This will exclude all Java files from being scanned, focusing only on other file types like Python, JavaScript, etc.