Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 57 Next »

Table of Contents

This analyzer is recommended to launch analysis on Java Maven project.

Prerequisites

You must have previously installed and configured Maven for SonarQube and read Analyzing Code Source.

Analyzing a Maven Project

Analyzing a Maven project consists of running a Maven goal in the directory where the pom.xml file sits. If possible, an install goal should be performed prior to the sonar:sonar one.

Recommended Way

Use skipTests=true to not run unit tests twice: once during the install goal and again during the sonar:sonar goal. You can also deactivate the integration test execution. Please refer to the Maven documentation.

 

Using Eclipse

Icon

Make sure you're not using the Eclipse plugin Maven Embedder (m2eclipse). Define a new Maven runtime pointing to your local Maven install, use the latest Maven Eclipse plugin, m2e, and uncheck "resolve workspace artifacts" in the Maven project launch window.
Have a look at the first comment of this ticket: http://jira.codehaus.org/browse/SONAR-929

Advanced Reactor Options

Icon

Note that Advanced Reactor Options (such as "--projects" and "--resume-from") are not supported by SonarQube and should not be used.

Alternative method

When the above configuration is not possible, you can run an analysis in one command, but unit tests will run twice: once in the install goal and once in the sonar:sonar goal. Do not use the -DskipTests=true parameter, otherwise the unit tests will not be executed at all.

The -Dmaven.test.failure.ignore=true is there to make sure that even if some unit tests fail, the SonarQube analysis will be performed.

Configuring the SonarQube Analysis

A pom.xml file sample is available here.

Additional analysis parameters are listed on the Analysis Parameters page.

Security

Since SonarQube 3.4, if a project cannot be accessed anonymously, the sonar.login and sonar.password properties are required to run an analysis on this project. These properties have to be set to the credentials of a user having the User role on this project. You can set them either:

  • directly on the command line by adding -Dsonar.login=myUser -Dsonar.password=myPassword
  • or in the pom.xml file
  • or in the Maven profile (settings.xml file)

A project cannot be anonymously accessed when either:

Sample Projects

To help you get started, a simple project sample is available on github that can be browsed or downloadedprojects/languages/java/maven/java-maven-simple

How to Fix Version of Maven Plugin

It is recommended to lock down versions of Maven plugins. Two versions of the Sonar maven plugin exist, one for Maven 2 and one for Maven 3. Fixing its version depends on the Maven versions used to analyse the project:

Project analyzed with Maven 2 only

Add the following code to the pom.xml file:

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>1.0</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>
Icon

The version 1.0-beta-1 is not supported anymore.

Project analyzed with Maven 3 only

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>2.0</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>

Project analyzed with both Maven 2 and Maven 3

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>${sonarVersion}</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>
<profile>
  <id>maven-2</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <missing>${basedir}</missing>
    </file>
  </activation>
  <properties>
    <sonarVersion>1.0</sonarVersion>
  </properties>
</profile>
<profile>
  <id>maven-3</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <exists>${basedir}</exists>
    </file>
  </activation>
  <properties>
    <sonarVersion>2.0</sonarVersion>
  </properties>
</profile>

Analyzing a Multi-module and Multi-language Project

Since SonarQube 3.3, it is possible to run an analysis on a multi-module project whose modules contains source code from different languages.

To do so, just add the sonar.language property to the pom of each module.

To help you get started, a multi-language project sample is available on github that can be browsed or downloadedprojects/languages/multi-language/multi-language-java-javascript-maven

  • No labels