I'm trying to check if there are any difference between an analysis with only source code and with source code and the .jar generated after compiling. If I delete the '-Dsonar.java.binaries' property I get this error:
ERROR: Error during SonarQube Scanner execution
ERROR: Your project contains .java files, please provide compiled classes with sonar.java.binaries property, or exclude them from the analysis with sonar.exclusions property.
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
The command I'm using:
sonar-scanner '-Dsonar.host.url=http://192.168.1.25' '-Dsonar.projectKey=org.javaProject:myProject' '-Dsonar.projectName=myProject' '-Dsonar.sourceEncoding=UTF-8' '-Dsonar.sources=src' '-Djavax.net.ssl.trustStore=/certs'
Do you know if it is possible only to analyze source code without any binary file?
For SonarQube to be of any significant value, it should be run as part of a build, after the code is compiled and unit tests are run. I frankly don't know if it's possible to run a scan without class files, but I don't suggest you try to pursue that.
If you really only want to look at static analysis issues, I believe there is a "Sonar Lint" tool that runs in Eclipse or possibly other desktop tools.