Prerequisites

You must have previously installed and configured Maven for Sonar and read Analyzing Code Source.

Analyzing a Maven Project

Analyzing a Maven project consists of running a Maven goal in the directory where the pom.xml file sits. If possible, an install goal should be performed prior to the sonar one.

Recommended Way

skipTests=true not to run unit tests twice: during the install goal and again during the sonar goal. You can also deactivate the integration tests execution. Please refer to the Maven documentation.

Using Eclipse

Make sure you're not using the eclipse plugin maven embedder. Define a new maven runtime pointing to your local maven install, use the latest maven eclipse plugin and uncheck "resolve workspace artifacts" in the maven project launch window.
Have a look at the first comment of this ticket: http://jira.codehaus.org/browse/SONAR-929

Advanced Reactor Options

Note that Advanced Reactor Options (such as "--projects" and "--resume-from") are not supported by Sonar and should not be used.

Alternative Way

When the above configuration is not possible, you can run an analysis in one command, but unit tests will run twice: once in the install goal and once in the sonar one. Do not use the DskipTests=true parameter, otherwise Sonar will not execute unit tests and therefore not report on them.

The -Dmaven.test.failure.ignore=true is there to make sure that even if unit tests fail, the Sonar analysis will be performed.

Configuring the Sonar Analysis

A pom.xml file sample is available here.

Additional analysis parameters are listed on the Analysis Parameters page.

Security

Since Sonar 3.4, if a project cannot be accessed anonymously, the 'sonar.login' and 'sonar.password' properties are required to run an analysis on this project. These properties have to be set to the credentials of a user having the 'User' role on this project. You can set them either:

directly on the command line by adding -Dsonar.login=myUser -Dsonar.password=myPassword
or in the pom.xml file
or in the Maven profile (settings.xml file)

A project cannot be anonymously accessed when either:

the 'sonar.forceAuthentication' property is set to 'true'
or the 'sonar.forceAuthentication' property is set to 'false' and the 'Anyone' group has not been granted a 'User' role on the project

Sample Projects

To help you getting started, a simple project sample is available on github that can be browsed or downloaded: projects/languages/java/maven/java-maven-simple

How to Fix Version of Maven Plugin

It is recommended to lock down versions of Maven plugins. Two versions of the Sonar maven plugin exist, one for Maven 2 and one for Maven 3. Fixing its version depends on the Maven versions used to analyse the project:

Project analyzed with Maven 2 only

Add the following code to the pom.xml file:

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>1.0</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>

The version 1.0-beta-1 is not supported anymore.

Project analyzed with Maven 3 only

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>2.0</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>

Project analyzed with both Maven 2 and Maven 3

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>${sonarVersion}</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>
<profile>
  <id>maven-2</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <missing>${basedir}</missing>
    </file>
  </activation>
  <properties>
    <sonarVersion>1.0</sonarVersion>
  </properties>
</profile>
<profile>
  <id>maven-3</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <exists>${basedir}</exists>
    </file>
  </activation>
  <properties>
    <sonarVersion>2.0</sonarVersion>
  </properties>
</profile>

Analyzing a Multi-module and Multi-language Project

Since Sonar 3.3, it is possible to run an analysis on a multi-module project whose modules contains source code from different languages.

To do so, just add the 'sonar.language' property to the pom of each module.

To help you getting started, a multi-language project sample is available on github that can be browsed or downloaded: projects/languages/multi-language/multi-language-java-javascript-maven

Analyzing with Maven