Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: better wording for default value

...

Analyzing a Maven project consists of running a Maven goal: sonar:sonar in the directory where the pom.xml file sits. If possible, an install goal should be performed prior to the sonar:sonar one.

Recommended Way

...

Code Block
languageperl
# The sonar:sonar goal must be executed in a dedicated mvn command
mvn clean install
mvn sonar:sonar

skipTests=true not to run unit tests twice: during the install goal and again during the sonar:sonar goal. You can also deactivate the integration tests execution. Please refer to the Maven documentation.

 

 
# The following command may lead to unexpected issues
mvn clean install sonar:sonar
Note
titleCode Coverage

Since Java ecosystem 2.2, to get coverage information you have to generate the coverage report. If you are not generating it during your build you can use the following command:

mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install -Dmaven.test.failure.ignore=true

mvn sonar:sonar

Please check the JaCoCo plugin page for more advanced information

Note
titleUsing Eclipse

Make sure you're not using the Eclipse plugin maven embedderMaven Embedder (m2eclipse). Define a new Maven runtime pointing to your local Maven install, use the latest maven eclipse plugin Maven Eclipse plugin, m2e, and uncheck "resolve workspace artifacts" in the maven Maven project launch window.
Have a look at the first comment of this ticket: http://jira.codehaus.org/browse/SONAR-929

Note
titleAdvanced Reactor Options

Note that Advanced Reactor Options (such as "--projects" and "--resume-from") are not supported by SonarQube and should not be used.

Alternative Way

When the above configuration is not possible, you can run an analysis in one command, but unit tests will run twice: once in the install goal and once in the sonar:sonar one. Do not use the DskipTests=true parameter, otherwise the unit tests will be executed at all.

Code Block
mvn clean install sonar:sonar -Dmaven.test.failure.ignore=true

The -Dmaven.test.failure.ignore=true is there to make sure that even if some unit tests fail, the SonarQube analysis will be performed.

Configuring the SonarQubeAnalysis

Configuring the SonarQube Analysis

A pom.xml file sample is available here.

Additional analysis parameters are listed on the Analysis Parameters page.

Security

Since SonarQube 3.4, if a project cannot be accessed anonymously, the sonar.login and sonar.password properties are required to run an analysis on this project. These properties have to be set to the credentials of a user having the User role on this project. You can set them either:

  • directly on the command line by adding -Dsonar.login=myUser -Dsonar.password=myPassword
  • or in the pom.xml file
  • or in the Maven profile (settings.xml file)

A project cannot be anonymously accessed when either:

Include Page
Include - Analysis - Security
Include - Analysis - Security

Sample Projects

To help you

...

get started, a simple project sample is available on github that can be browsed or downloadedprojects/languages/java/maven/java-maven-simple

How to Fix Version of Maven Plugin

...

No Format
<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>2.0<1</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>

...

No Format
<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>${sonarVersion}</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>
<profile>
  <id>maven-2</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <missing>${basedir}</missing>
    </file>
  </activation>
  <properties>
    <sonarVersion>1.0</sonarVersion>
  </properties>
</profile>
<profile>
  <id>maven-3</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <exists>${basedir}</exists>
    </file>
  </activation>
  <properties>
    <sonarVersion>2.0<1</sonarVersion>
  </properties>
</profile>

Analyzing a Multi-

...

language Project

Since SonarQube 34.32, it is possible to run an analysis on a multi-module project whose modules contains source code from different languages.language project. To do so, just add the sonar.language property to the pom of each module.the sonar.language property just has to be removed. Conversely, if for some reason you want to perform a single language-only analysis, make sure sonar.language is specified. By default the sonar.sources property is set to the value of the Maven sourceDirectory property (by default it is src/main/java). Therefore, for a multi-language project, the property usually has to be overridden to: sonar.sources=src. Note that this property can only be set in the pom file. It's not possible to set it via the command line.

To help you get started, a multi-language project sample is available on github that can be browsed or downloaded from githubprojects/languages/multi-language/multi-language-java-javascript-maven

Include Page
Include - Converting a Mono-language Project to a Multi-language Project
Include - Converting a Mono-language Project to a Multi-language Project