Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You must have previously installed and configured Maven for Sonar and SonarQube and read Analyzing Code Source.

...

Analyzing a Maven project consists of running a Maven goal: sonar:sonar in the directory where the pom.xml file sits. If possible, an install goal should be performed prior to the sonar one.

Recommended Way

mvn
Code Block
Code Block
languageperl
# The sonar:sonar goal must be executed in a dedicated mvn command
mvn clean install
-DskipTests=true
mvn mvn sonar:sonar
 
# The following command may lead to unexpected issues
mvn clean install sonar:sonar
 
# Use skipTests=true to not

...

 run unit tests twice: once during the install goal and again during the

...

 

 sonar:sonar goal
mvn clean install -DskipTests=true
mvn sonar:sonar
Note
titleUsing Eclipse

Make sure you're not using the eclipse plugin maven embedderEclipse plugin Maven Embedder (m2eclipse). Define a new maven Maven runtime pointing to your local maven Maven install, use the latest maven eclipse plugin Maven Eclipse plugin, m2e, and uncheck "resolve workspace artifacts" in the maven Maven project launch window.
Have a look at the first comment of this ticket: http://jira.codehaus.org/browse/SONAR-929

Note
titleAdvanced Reactor Options

Note that Advanced Reactor Options (such as "--projects" and "--resume-from") are not supported by Sonar SonarQube and should not be used.

Alternative Way

When the above configuration is not possible, you can run an analysis in one command, but unit tests will run twice: once in the install goal and once in the sonar one. Do not use the DskipTests=true parameter, otherwise Sonar will not execute unit tests and therefore not report on them.

Code Block
mvn clean install sonar:sonar -Dmaven.test.failure.ignore=true

The -Dmaven.test.failure.ignore=true is there to make sure that even if unit tests fail, the Sonar analysis will be performed.

...

Configuring the SonarQube Analysis

A pom.xml file sample is available here.

Additional analysis parameters are listed on the Analysis Parameters page.

Security

Since Sonar 3.4, if the project cannot be accessed anonymously, the 'sonar.login' and 'sonar.password' properties are required to run an analysis. These properties have to be set to the credentials of a user having the 'User' role on this project. You can set them either:

  • directly on the command line by adding -Dsonar.login=myUser -Dsonar.password=myPassword
  • or in the pom.xml file
  • or in the Maven profile (settings.xml file)

A project cannot be anonymously accessed when either:

Include Page
Include - Analysis - Security
Include - Analysis - Security

Sample Projects

To help you

...

get started, a simple project sample is available on github that can be browsed or downloaded:

...

 projects/languages/java/maven/java-maven-simple

How to Fix Version of Maven Plugin

...

No Format
<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>2.0<1</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>

...

No Format
<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>${sonarVersion}</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>
<profile>
  <id>maven-2</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <missing>${basedir}</missing>
    </file>
  </activation>
  <properties>
    <sonarVersion>1.0</sonarVersion>
  </properties>
</profile>
<profile>
  <id>maven-3</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <exists>${basedir}</exists>
    </file>
  </activation>
  <properties>
    <sonarVersion>2.0<1</sonarVersion>
  </properties>
</profile>

Analyzing a Multi-

...

language Project

Since Sonar 3SonarQube 4.32, it is possible to run an analysis on a multi-module project whose modules contains source code from different languages.language project. To do so, just add the 'sonar.language' property to the pom of each module.To help you getting the sonar.language property just has to be removed. Conversely, if for some reason you want to perform a single language-only analysis, make sure sonar.language is specified. By default the sonar.sources property is set to the value of the Maven sourceDirectory property (usually src/main/java). Therefore, for a multi-language project, the property usually has to be overridden to: sonar.sources=src. Note that this property can only be set in the pom file. It's not possible to set it via the command line.

To help you get started, a multi-language project sample is available on github that can be browsed or downloaded from github: projects projects/languages/multi-language/multi-language-java-javascript-maven

Include Page
Include - Language Plugins Compatible with Multi-language
Include - Language Plugins Compatible with Multi-language

Include Page
Include - Converting a Mono-language Project to a Multi-language Project
Include - Converting a Mono-language Project to a Multi-language Project