Background
We start with an official installation of SonarQube 4.3.2 with Sonar Java 2.3. The Sonar Findbugs plugin uses findbugs 2.0.3. This version uses ASM 3.3 for byte code analysis, but Java 8 requires ASM 5.0.x.
FindBugs snapshots have been using ASM 5.0.2 for a while, and a Java 8 compliant FindBugs 3.0.0 release has now been published, but the artifacts are not yet available in Maven Central or any other Maven repository.
In fact, the FindBugs Maven build process is not quite clean, relying on a local snapshot of an external dependency (Apache BCEL).
Thus, for patching SonarQube, we need to do a clean Maven build of FindBugs, then build sonar-findbugs with this updated dependency and finally overwrite the sonar-findbugs plugin in our SonarQube installation.
Whenever patching third-party Maven artifacts, I use a project or company suffix on the version identifiers, e.g.
-eos-1
, to distinguish my patches from official releases.Building FindBugs
git clone https://code.google.com/p/findbugs cd findbugs/findbugs mvn install:install-file -Dfile=lib/bcel-6.0-SNAPSHOT.jar -DgroupId=com.google.code.findbugs -DartifactId=bcel -Dversion=6.0-eos-1 -Dpackaging=jar
Then edit
pom.xml
, setting the version to 3.0.0-eos-1
and replacing the bcel
dependency version 6.0-SNAPSHOT
by 6.0-eos-1
.Now build and install FindBugs
3.0.0-eos-1
to your local repo:mvn clean install
Building sonar-findbugs
git clone https://github.com/SonarSource/sonar-findbugs.git cd sonar-findbugs
Edit
pom.xml
, set findbugs.version
to 3.0.0-eos-1
and maxsize
in the maven-enforcer-plugin
rules to 6000000.Now build and install
sonar-findbugs 2.4-SNAPHOT
in your local repository:mvn clean install
Install the patched plugin
- Stop your SonarQube server.
- Go to
SONARQUBE_HOME/extensions/plugins
and replacesonar-findbugs-plugin-2.3.jar
bysonar-findbugs-plugin-2.4-SNAPSHOT.jar
- Restart your SonarQube server and run a FindBugs analysis under Java 8.
Download patched plugin
You can download the patched plugin from DropBox.
Disclaimer
Use these instructions at your own risk.