Description / Features
The Java plugin is used to monitor the quality of Java within SonarQube.
With additional plugins, you can activate rules from Checkstyle, FindBugs, PMD, Clirr, and fb-contrib. However, we highly recommend that you limit your Quality Profiles to from the SonarQube engine because we believe they are faster, more accurate (fewer false positives and false negatives), and more usable (they have better descriptions, etc). Read this blog post for more details.
If your Quality Profile contains rules from the SonarQube engine or FindBugs rules, then byte code will be required by the analysis. This Java Ecosystem is able to analyse any kind of java source files whatever is the version of Java they comply to.
Run a SonarQube Analysis
To run an analysis of your Java project, you can use the following analyzers:
- SonarQube Runner: recommended for all non-Maven projects
- Maven: recommended for all projects built with Maven
- SonarQube Ant Task: to integrate with projects built with Ant
- Gradle: to integrate with projects built with Gradle
Note that you must provide both source code and compiled byte code if the Quality Profile in use contains either SonarQube-native rules, or FindBugs rules.
To provide compiled bytecode and dependencies to the analysis, prior to version 2.5 please refer to the Analysis Parameters Page and use
From version 2.5, if you are not using maven, use the two following properties :
|sonar.java.binaries||Comma-separated paths to directories containing the compiled bytecode files corresponding to your source files|
Comma-separated paths to files with third-party libraries (JAR or Zip files).
Unit Tests and Code Coverage Reports
To deal with unit tests and code coverage, see Code Coverage by Unit Tests for Java Project tutorial.
To deal with integration tests and code coverage, see Code Coverage by Integration Tests for Java Project tutorial.
To Go Further
- Version 2.4 moves Java from being an "ecosystem" of multiple plugins to a single, stand-along plugin that encompasses most of the functionality formerly contained in the ecosystem. Unfortunately, SonarQube's update center cannot handle the switch gracefully. You may use the update center to download the new version of the plugin. However, you must manually remove the Surefire, JaCoCo, and Squid for Java plugins from $SONARQUBE_HOME/extensions/plugins.
- FindBugs has been split off into an independent, optional plugin. To continue using it, upgrade to version 2.4.
It is no longer possible to let SonarQube drive the execution of the unit tests. You now have to generate the JUnit and code coverage (JaCoCo or Cobertura or Clover) reports prior to the SonarQube analysis and then feed SonarQube with those reports.
All the valuable rules from PMD and Checkstyle were rewritten based on our own SSLR technology. These rules are now available in the SonarQube repository. Deprecated rules from PMD and Checkstyle are flagged as so and their replacement is stated in the rule description:
sonar.surefire.reportsPathhas been removed and replaced by