SonarScanner CLI
The SonarScanner CLI is the scanner to use when there is no specific scanner for your build system.
The SonarScanner does not yet officially support ARM architecture. Still, early adopters reported it is working fine. If you encounter problems, don't hesitate to share your experience with us on the SonarQube Server or SonarQube Cloud Community Forum but keep in mind that there is no support at this time.
Installation
- Expand the downloaded file into the directory of your choice. We'll refer to it as
$install_directory
in the next step. - Add the
$install_directory/bin
directory to your path. - Verify your installation by opening a new shell and executing the command
sonar-scanner -h
(sonar-scanner.bat -h
on Windows). You should get an output like this:
If you need more debug information you can add one of the following to your command line:
-X
, --verbose
, or -Dsonar.verbose=true
.
Use
- Create a configuration file in the root directory of the project:
sonar-project.properties
- Set the environment variable
SONAR_TOKEN
with the personal access token generated on My Account > Security > Generate Tokens. Note that the token can also be set through the command line argument-Dsonar.token
. - Run the command
sonar-scanner
, orsonar-scanner.bat
on Windows, from the project base directory to run the analysis.
sample-projects
To help you get started, simple project samples are available for most languages on GitHub. They can be browsed or downloaded.
Alternatives to the sonar-project.properties file
If the sonar-project.properties
file cannot be created in the root directory of the project, the alternatives are:
- The properties can be specified directly through the command line. Example:
- The property
project.settings
can be used to specify the path to the project configuration file (this option is incompatible with thesonar.projectBaseDir.
property). - The root folder of the project to analyze can be set through the
sonar.projectBaseDir
property. This folder must contain asonar-project.properties
file if thesonar.projectKey
is not specified on the command line. Additional analysis parameters can be defined in this project configuration file or through command line parameters.
Alternate analysis directory
If the files to be analyzed are not in the directory where the analysis starts from, use the sonar.projectBaseDir
property to move analysis to a different directory. For example, when an analysis begins from jenkins/jobs/myjob/workspace
but the files to be analyzed are in ftpdrop/cobol/project1
.
For more, see the listing of Analysis parameters.
Troubleshooting
Java heap space error or java.lang.OutOfMemoryError
Increase the memory via the SONAR_SCANNER_JAVA_OPTS
environment variable (from SonarScanner CLI version 6.0, or SONAR_SCANNER_OPTS
, otherwise):
In Windows environments, avoid using double-quotes, since they get misinterpreted, with the result that the two parameters are combined into a single one.
“java” cannot be opened because the developer cannot be verified
The SonarScanner CLI is not yet Apple verified therefore, when using the macOS AArch64 version, you may get an OS security window displaying this message. A solution us to run:
Note that the SonarScanner does not yet officially support ARM architecture. Still, early adopters reported it is working fine. If you encounter other problems when running the scanner on ARM architecture, don't hesitate to share your experience with us on the SonarQube Server or SonarQube Cloud Community Forum but keep in mind that there is no support at this time.
Unsupported major.minor version
Install the last version of SonarScanner CLI (from version 6.0, no JRE installation is required). Otherwise, upgrade the version of Java being used for analysis or use one of the native package (that embed its own Java runtime).
Property sonar.cs.analyzer.projectOutPaths is missing
No protobuf files will be loaded for this project. SonarScanner is not able to analyze .NET projects. Please use the Scanner for .NET.
Was this page helpful?