feature
It is recommended to use this analyzer to start the analysis of Java Maven projects.
compatibility
Maven version |
2.X |
3.X |
---|---|---|
compatibility |
As of maven-sonar-plugin 3.4.0.905, SonarQube < 5.6 is no longer supported.
If using a SonarQube instance prior to 5.6, you should use maven-sonar-plugin 3.3.0.603.
As of maven-sonar-plugin 3.1, Maven < 3.0 is no longer supported.
If using Maven prior to 3.0, you should use maven-sonar-plugin 3.0.2.
prerequisites
- Maven 3.x
- SonarQube is installed
- At least the minimum version of Java supported by the SonarQube server is in use (Java 8 for the latest LTS)
- Language plugins are installed for each language you wish to analyze
- You have read Analyze the code source .
default setting
Global Settings
Edit the settings.xml file located in $MAVEN_HOME/conf or ~/.m2 to set the plugin prefix and optional SonarQube server URL.
example:
<settings>
<pluginGroups>
<pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
</pluginGroups>
<profiles>
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<!-- Optional URL to server. Default value is http://localhost:9000 -->
<sonar.host.url>
http://myserver:9000
</sonar.host.url>
</properties>
</profile>
</profiles>
</settings>
Analyze a Maven project
Analyzing a Maven project involves running the Maven goal: sonar:sonar
in the same directory as the pom.xml file.
mvn clean verify sonar:sonar
# In some situation you may want to run sonar:sonar goal as a dedicated step. Be sure to use install as first step for multi-module projects
mvn clean install
mvn sonar:sonar
# Specify the version of sonar-maven-plugin instead of using the latest. See also 'How to Fix Version of Maven Plugin' below.
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.4.0.905:sonar
To get coverage information, you need to generate a coverage report before analysis. For more information, see Unit Test Code Coverage for Java Projects .
Configure SonarQube Analysis
Analysis parameters are listed on the Analysis Parameters page . You have to configure them in the <properties> section of your pom.xml like this:
<properties>
<sonar.exclusions> [...] </sonar.exclusions>
</properties>
Safety
Any user who has been granted the Perform Analysis privilege can run the analysis.
If the " Anyone" group does not have the " Execute Analysis" permission, or the SonarQube instance is protected (this sonar.forceAuthentication
property is set to , the analysis token for a user with " Execute Analysis"true)
permission must be provided through this property . sonar.login
sonar-scanner -Dsonar.login=[my analysis token]
Exclude modules from SonarQube analysis
You can:
-
Define the property <sonar.skip>true </sonar.skip> in the pom.xml of the module to be excluded
- Use build profiles to exclude certain modules (e.g. for integration tests)
- Use advanced reactor options (like "-pl"). For example mvn sonar:sonar -pl! module2
example project
To help you get started, you can find a simple project example here : https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner-maven
How to fix the version of the maven plugin
It is recommended to lock the version of the Maven plugin :
Project is analyzed using Maven 3
<build> <pluginManagement> <plugins> <plugin> <groupId>org.sonarsource.scanner.maven</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>3.4.0.905</version> </plugin> </plugins> </pluginManagement> </build>
Troubleshooting
If you get a java.lang.OutOfMemoryError, you can set the MAVEN_OPTS environment variable in *nix environments:
|
In a Windows environment, avoid double quotes as they can be misinterpreted.
|