This analyzer is recommended to launch analysis on Java Maven project.
You must have previously installed and configured Maven for Sonar and read Analyzing Code Source.
Analyzing a Maven project consists of running a Maven goal in the directory where the pom.xml file sits. If possible, an install goal should be performed prior to the sonar one.
mvn clean install -DskipTests=true mvn sonar:sonar |
skipTests=true not to run unit tests twice: during the install goal and again during the sonar goal. You can also deactivate the integration tests execution. Please refer to the Maven documentation.
Make sure you're not using the eclipse plugin maven embedder. Define a new maven runtime pointing to your local maven install, use the latest maven eclipse plugin and uncheck "resolve workspace artifacts" in the maven project launch window. |
Note that Advanced Reactor Options (such as "--projects" and "--resume-from") are not supported by Sonar and should not be used. |
When the above configuration is not possible, you can run an analysis in one command, but unit tests will run twice: once in the install goal and once in the sonar one. Do not use the DskipTests=true parameter, otherwise Sonar will not execute unit tests and therefore not report on them.
mvn clean install sonar:sonar -Dmaven.test.failure.ignore=true |
The -Dmaven.test.failure.ignore=true is there to make sure that even if unit tests fail, the Sonar analysis will be performed.
A pom.xml file sample is available here.
Additional analysis parameters are listed on the Analysis Parameters page.
Since Sonar 3.4, if a project cannot be accessed anonymously, the 'sonar.login' and 'sonar.password' properties are required to run an analysis on this project. These properties have to be set to the credentials of a user having the 'User' role on this project. You can set them either:
A project cannot be anonymously accessed when either:
To help you getting started, a simple project sample is available on github that can be browsed or downloaded: projects/languages/java/maven/java-maven-simple
It is recommended to lock down versions of Maven plugins. Two versions of the Sonar maven plugin exist, one for Maven 2 and one for Maven 3. Fixing its version depends on the Maven versions used to analyse the project:
Add the following code to the pom.xml file:
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>1.0</version>
</plugin>
<plugins>
</pluginManagement>
</build>
|
The version 1.0-beta-1 is not supported anymore. |
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>2.0</version>
</plugin>
<plugins>
</pluginManagement>
</build>
|
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>${sonarVersion}</version>
</plugin>
<plugins>
</pluginManagement>
</build>
<profile>
<id>maven-2</id>
<activation>
<file>
<!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
<missing>${basedir}</missing>
</file>
</activation>
<properties>
<sonarVersion>1.0</sonarVersion>
</properties>
</profile>
<profile>
<id>maven-3</id>
<activation>
<file>
<!-- basedir expression is only recognized by Maven 3.x (see MNG-2363) -->
<exists>${basedir}</exists>
</file>
</activation>
<properties>
<sonarVersion>2.0</sonarVersion>
</properties>
</profile>
|
Since Sonar 3.3, it is possible to run an analysis on a multi-module project whose modules contains source code from different languages.
To do so, just add the 'sonar.language' property to the pom of each module.
To help you getting started, a multi-language project sample is available on github that can be browsed or downloaded: projects/languages/multi-language/multi-language-java-javascript-maven