Full documentation for SonarQube has moved to a new location: http://docs.sonarqube.org/display/SONAR

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 75 Next »

Table of Contents

This analyzer is recommended to launch analysis on Java Maven project.

Prerequisites

You must have previously installed and configured Maven for SonarQube and read Analyzing Code Source.

Analyzing a Maven Project

Analyzing a Maven project consists of running a Maven goal: sonar:sonar in the directory where the pom.xml file sits.

Using Eclipse

Icon

Make sure you're not using the Eclipse plugin Maven Embedder (m2eclipse). Define a new Maven runtime pointing to your local Maven install, use the latest Maven Eclipse plugin, m2e, and uncheck "resolve workspace artifacts" in the Maven project launch window.
Have a look at the first comment of this ticket: http://jira.codehaus.org/browse/SONAR-929

Advanced Reactor Options

Icon

Note that Advanced Reactor Options (such as "--projects" and "--resume-from") are not supported by SonarQube and should not be used.

Configuring the SonarQube Analysis

A pom.xml file sample is available here.

Additional analysis parameters are listed on the Analysis Parameters page.

Security

SonarQube 3.7+

Any user who's granted Execute Analysis permission can run an analysis.

If the Anyone group is not granted Execute Analysis permission or if the SonarQube instance is secured (the sonar.forceAuthentication property is set to true), the credentials of a user having been granted Execute Analysis permission have to be provided through the sonar.login and sonar.password properties. Example: sonar-runner -Dsonar.login=myLogin -Dsonar.password=myPassword

Note that for a preview/incremental analysis, the user also has to be granted the Browse permission on the project to be analyzed.

SonarQube 3.4 to 3.6.3

If a project cannot be accessed anonymously, the sonar.login and sonar.password properties are required to run an analysis on this project. These properties have to be set to the credentials of a user having the User role on this project. You can set them either:

  • directly on the command line by adding -Dsonar.login=myLogin -Dsonar.password=myPassword
  • or in the build.xml file

A project cannot be anonymously accessed when either:

Prior to SonarQube 3.4

There is no security restriction.

Sample Projects

To help you get started, a simple project sample is available on github that can be browsed or downloadedprojects/languages/java/maven/java-maven-simple

How to Fix Version of Maven Plugin

It is recommended to lock down versions of Maven plugins. Two versions of the Sonar maven plugin exist, one for Maven 2 and one for Maven 3. Fixing its version depends on the Maven versions used to analyse the project:

Project analyzed with Maven 2 only

Add the following code to the pom.xml file:

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>1.0</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>
Icon

The version 1.0-beta-1 is not supported anymore.

Project analyzed with Maven 3 only

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>2.1</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>

Project analyzed with both Maven 2 and Maven 3

<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>${sonarVersion}</version>
      </plugin>
    <plugins>
  </pluginManagement>
</build>
<profile>
  <id>maven-2</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <missing>${basedir}</missing>
    </file>
  </activation>
  <properties>
    <sonarVersion>1.0</sonarVersion>
  </properties>
</profile>
<profile>
  <id>maven-3</id>
  <activation>
    <file>
      <!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
      <exists>${basedir}</exists>
    </file>
  </activation>
  <properties>
    <sonarVersion>2.1</sonarVersion>
  </properties>
</profile>

Analyzing a Multi-language Project

Since SonarQube 4.2, it is possible to run an analysis on a multi-language project. To do so, the sonar.language property just has to be removed. Conversely, if for some reason you want to perform a single language-only analysis, make sure sonar.language is specified. By default the sonar.sources property is set to the value of the Maven sourceDirectory property (usually src/main/java). Therefore, for a multi-language project, the property usually has to be overridden to: sonar.sources=src. Note that this property can only be set in the pom file. It's not possible to set it via the command line.

To help you get started, a multi-language project sample can be browsed or downloaded from github: projects/languages/multi-language/multi-language-java-javascript-maven

Language plugins compatible with multi-language

Icon

Note that the following plugins are currently compatible with multi-language:

Converting a Mono-language Project to a Multi-language Project

Let's take as an example a project containing both Java and JavaScript source code. Your SonarQube instance currently contains two different projects: one for the Java source code and one for the JavaScript source code. Optionally, you may also have created a view to aggregate these two projects.

The first step is to choose which one of these two mono-language projects you will convert to a multi-language project. You will lose the history (timeline, false positives, action plans, etc.) on the one that won't get converted to a multi-language project. In this example, we'll choose to convert the Java project to a multi-language project as most of our code (and therefore history) is Java.

The second step is to run another analysis of this Java project the old way (make sure to explicitly set the sonar.language property to java). This step is mandatory to keep the history on the project.

The third and last step is to remove the sonar.language property and set the sonar.sources property to the parent directory containing all your source code (Java + JavaScript). You can now run another analysis. You will finally be able to browse your first multi-language project!

 

  • No labels