# SonarScanner for Gradle
SonarScanner for Gradle — 7.2.3.7755 | Issue Tracker **7.2.3.7755** **2026-03-04**\ Fix an issue with improper filtering of user-defined path properties\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/7.2.3.7755)\ \ [Release notes](https://sonarsource.atlassian.net/issues?jql=project%20%3D%20SCANGRADLE%20AND%20fixversion%20%3D%207.2.3) *** **7.2.2.6593** **2025-12-18**\ Fix regression where wildcards were no longer supported in path properties\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/7.2.2.6593)\ \ [Release notes](https://sonarsource.atlassian.net/issues?jql=project%20%3D%20SCANGRADLE%20AND%20fixversion%20%3D%207.2.2) *** **7.2.1.6560** **2025-12-12**\ Fix an issue where Gradle would fail to write the configuration cache because of concurrent modifications\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/7.2.1.6560)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20AND%20fixversion%20%3D%207.2.1) *** **7.2.0.6526** **2025-12-04**\ Support for Gradle configuration-cache feature.\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/7.2.0.6526)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20AND%20fixversion%20%3D%207.2) *** **7.1.0.6387** **2025-11-20**\ Fix execution failure when executing Sonar with Gradle parallel execution activated.\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/7.1.0.6387)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20AND%20fixversion%20%3D%207.1) *** **7.0.1.6134** **2025-10-24**\ Support of Gradle 9\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/7.0.1.6134)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20AND%20fixversion%20%3D%207.0.1) *** **7.0.0.6105** **2025-10-14**\ Support of Gradle 9\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/7.0.0.6105)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20and%20fixversion%20%3D%207.0) *** **6.3.1.5724** **2025-08-27**\ Fix a bug where the scanner would crash when users would define `sonar.sources`.\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/6.3.1.5724)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20and%20fixversion%20%3D%206.3.1) *** **6.3.0.5676** **2025-08-25**\ Index .github folder for analysis.\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/6.3.0.5676)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20and%20fixversion%20%3D%206.3) *** **6.2.0.5505** **2025-05-15**\ Better logging of the execution context and migration from deprecated Gradle APIs.\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/6.2.0.5505)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20and%20fixversion%20%3D%206.2) *** **6.1.0.5360** **2025-03-25**\ Add support for SonarQube Cloud regions\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/6.1.0.5360)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20and%20fixversion%20%3D%206.1) *** **6.0.1.5171** **2024-11-27**\ Support of JRE auto-provisioning\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/6.0.1.5171)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20and%20fixversion%20%3D%206.0.1) *** **6.0.0.5145** **2024-11-19**\ Support of JRE auto-provisioning\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/6.0.0.5145)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20and%20fixversion%20%3D%206.0) *** **5.1.0.4882** **2024-07-04**\ Scan additional files outside of conventional Gradle folders\ [Download](https://plugins.gradle.org/plugin/org.sonarqube/5.1.0.4882)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20and%20fixversion%20%3D%205.1) *** **5.0.0.4638** **2024-03-26**\ Decouple sonar task from Gradle compile tasks\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20and%20fixversion%20%3D%205.0) *** **4.4.1.3373** **2023-10-03**\ Allow the skipping/forcing of compile tasks through the property "sonar.gradle.skipCompile"\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20AND%20fixVersion%20in%20\(4.4%2C%204.4.1\)) *** **4.3.1.3277** **2023-09-01**\ Support for analysis of Gradle Kotlin DSL files\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20AND%20fixVersion%20%3D%2014283) *** **4.2.1.3168** **2023-06-12**\ Support for Kotlin Multiplatform and 'sonar.java.enablePreview' property, Java 11+ required\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010137%20AND%20fixVersion%20%3D%2014114) *** **4.0.0.2929** **2023-02-17**\ Support for Gradle 8\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10137+AND+fixVersion+%3D+14039) *** **3.5.0.2730** **2022-10-27**\ New 'sonar' task name and better support for Android projects\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10137+AND+fixVersion+%3D+12396) *** **3.4.0.2513** **2022-06-08**\ Support Gradle 8 and Java 17, increase socket connect timeout to 30s\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10137+AND+fixVersion+%3D+12395) *** **3.3** **2021-06-10**\ Support Android dynamic features modules\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10137+AND+fixVersion+%3D+12394) *** **3.2** **2021-04-30**\ Support configuration caching\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10137+AND+fixVersion+%3D+12392) *** **3.1.1** **2021-01-25**\ Bug fix on the JDK path\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10137+AND+fixVersion+%3D+12393) *** **3.1** **2021-01-13**\ Support for Bitbucket Pipelines with SonarQube 8.7+, use JDK from the build\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10137+AND+fixVersion+%3D+12391) *** **3.0** **2020-06-02**\ Change task dependencies on tests, upgrade to Gradle 5\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10137+AND+fixVersion+%3D+12390) *** **2.8** **2019-10-01**\ Support SONAR\_HOST\_URL environment variable to configure the server URL\ [Download](https://plugins.gradle.org/plugin/org.sonarqube)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10137+AND+fixVersion+%3D+12388)
The SonarScanner for Gradle provides an easy way to start SonarQube Cloud analysis of a Gradle project. The ability to execute the SonarQube Cloud analysis via a regular Gradle task makes it available anywhere Gradle is available (CI service, etc.), without the need to manually download, setup, and maintain a SonarScanner installation. The Gradle build already has much of the information needed for SonarQube Cloud to successfully analyze a project. By configuring the analysis based on that information, the need for manual configuration is reduced significantly. ## Prerequisites Gradle 7.6.4 or 8.4 and later Java 21 or later, Java 17 has been deprecated. See [#java-runtime-environment-jre](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanner-environment/general-requirements#java-runtime-environment-jre "mention") for more details. With JRE auto-provisioning: * Gradle 5 or later * Java 11 or later Bytecode created by `javac` compilation is required for Java analysis, including Android projects. See [general-requirements](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/scanner-environment/general-requirements "mention") for more information. ## Configure the scanner The SonarScanner for Gradle can read from your Maven build a default value for most standard analysis parameters, but certain parameters should still be configured, such as: * The token used to authenticate to the SonarQube Cloud's instance. For more details, see [#authentication-to-server](https://docs.sonarsource.com/sonarqube-cloud/analysis-parameters/parameters-not-settable-in-ui#authentication-to-server "mention") * The parameters used to connect to the SonarQube Cloud's instance. These parameters depend on your context. For more details, see [#server-connection](https://docs.sonarsource.com/sonarqube-cloud/analysis-parameters/parameters-not-settable-in-ui#server-connection "mention"). A good place to configure global properties is `~/.gradle/gradle.properties`. Be aware that the scanner uses system properties so all properties should be prefixed by `systemProp`. ```properties # Token generated from an account with 'Execute analysis' permission. # It can also be set with the environment variable SONAR_TOKEN. systemProp.sonar.token= # Only necessary if you're using SonarQube Cloud's US instance. Defaults to empty which corresponds to EU instance # systemProp.sonar.region=us # Only necessary if you're using a SonarScanner version < 6.0 # systemProp.sonar.host.url=https://sonarcloud.io ``` If you set these parameters at the project level (see [#analyzing](#analyzing "mention") below), they will have precedence over the global-level setting. For more information about the scanner configuration, see [configuration-overview](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/analysis-parameters/configuration-overview "mention"). ## Activate the scanner in your build The first step in the process is to activate the scanner in your build. Kotlin DSL is now the default choice for new Gradle builds. However, Groovy is still used by some developers. Apply the SonarQube Server plugin dependency to your `build.gradle.kts` file below. {% tabs %} {% tab title="KOTLIN DSL - SONARQUBE CLOUD" %} Apply the SonarQube Cloud plugin dependency to your `build.gradle.kts` file: ```kotlin plugins { id("org.sonarqube") version "versionNumber" // Replace with latest scanner version number } sonar { properties { property("sonar.projectKey", "myProjectKey") property("sonar.organization", "myOrganization") } } ``` {% endtab %} {% tab title="GROOVY DSL - SONARQUBE CLOUD" %} If you use Groovy DSL, it is still supported for Gradle 2.1+. In that case, apply the SonarQube plugin dependency to your `build.gradle` file: ```groovy plugins { id "org.sonarqube" version "versionNumber" // Replace with latest scanner version number } sonar { properties { property "sonar.projectKey", "myProjectKey" property "sonar.organization", "myOrganization" } } ``` {% endtab %} {% endtabs %} Ensure that you declare the plugins in the correct sequence required by Gradle, that is, after the `buildscript` block in your `build.gradle` file. More details on . Execute `gradle build sonar` and wait until the build has been completed, then open the web page indicated at the bottom of the console output. You should now be able to browse the analysis results. {% hint style="info" %} For more information about the `sonar.projectKey` and `sonar.organization` properties, see [#project-identification](https://docs.sonarsource.com/sonarqube-cloud/analysis-parameters/parameters-not-settable-in-ui#project-identification "mention"). {% endhint %} ## Analyzing multi-project builds To analyze a project hierarchy, apply the SonarQube Server plugin to the root project of the hierarchy. Typically (but not necessarily) this will be the root project of the Gradle build. Information pertaining to the analysis as a whole has to be configured in the sonar block of this project. Any properties set on the command line also apply to this project. ```groovy // build.gradle sonar { properties { property "sonar.sourceEncoding", "UTF-8" } } ``` Configuration settings shared between subprojects can be specified in a subprojects block. ```groovy // build.gradle subprojects { sonar { properties { property "sonar.sources", "src" } } } ``` Project-specific information is configured in the `sonar` block of the corresponding project. ```groovy // build.gradle project(":project1") { sonar { properties { property "sonar.branch", "Foo" } }} ``` To skip analysis for a particular subproject, set `sonar.skipProject` to true. ```groovy // build.gradle project(":project2") { sonar { skipProject = true } } ``` ## Task dependencies All tasks that produce output that should be included in the analysis need to be executed before the `sonar` task runs. Typically, these are compile tasks, test tasks, and [overview](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/test-coverage/overview "mention") tasks. To meet these needs, the plugin adds a task dependency from `sonar` on `test` if the Java plugin is applied. Further task dependencies can be added as needed. For example: ```groovy // build.gradle project.tasks["sonar"].dependsOn "anotherTask" ``` ## Sample project Check out this [simple working example](https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonar-scanner-gradle) to see if everything is correctly configured in your environment. ## Adjusting the analysis scope The analysis scope of a project determines the source and test files to be analyzed. An initial analysis scope is set by default. With the SonarScanner for Gradle, the initial analysis scope is: * For source files: all the files stored under `src/main/java` (in the root or module directories). * For test files: all the files stored under `src/test/java` (in the root or module directories). Since SonarScanner for Gradle also supports Groovy and Kotlin, the initial scope will also include `src/main/kotlin` or `src/main/groovy` for source and test files, depending on the type of project. To adjust the analysis scope, you can: * Adjust the initial scope: see below. * And/or exclude specific files from the initial scope: see the pages about setting your [setting-analysis-scope](https://docs.sonarsource.com/sonarqube-cloud/managing-your-projects/project-analysis/setting-analysis-scope "mention"). ### Adjusting the initial scope The initial scope is set through the `sonar.sources` property (for source files) and the `sonar.tests` property (for test files). See the [analysis-parameters](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/analysis-parameters "mention") page for more information. To adjust the initial scope, you can do one of the following: * Override these properties by setting them explicitly in your build like any other relevant gradle property. The[setting-initial-scope](https://docs.sonarsource.com/sonarqube-cloud/managing-your-projects/project-analysis/setting-analysis-scope/setting-initial-scope "mention") page has more information. * Use the scanAll option to extend the initial scope to non-JVM-related files. See below. ### Using the scanAll option to include non-JVM-related files You may want to analyze not only the JVM main files but also files related to configuration, infrastructure, etc. An easy way to do that is to enable the scanAll option (By default, this option is disabled.) If the scanAll option is enabled, then the initial analysis scope of source files will be: * The files stored in `src/main/java` (and `src/main/kotlin` or `src/main/groovy`, depending on the type of project). * The non-JVM-related files stored in the root directory of your project. **Warning**: The scanAll option is disabled if the `sonar.sources` property is overridden. To enable the scanAll option: * Set the `sonar.gradle.scanAll` property to `True`. ## Analysis property defaults The SonarScanner for Gradle uses information contained in Gradle’s object model to provide smart defaults for most of the standard analysis parameters, as listed below. Note that additional defaults are provided depending on the projects. For more information about the listed properties, see [parameters-not-settable-in-ui](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/analysis-parameters/parameters-not-settable-in-ui "mention"). ### Gradle defaults for standard SonarQube Cloud properties
PropertyGradle default
sonar.projectKey[${project.group}:]${project.name} for root module;
<root module key>:<module path> for submodules
sonar.projectName${project.name}
sonar.projectDescription${project.description}
sonar.projectVersion${project.version}
Do not use your build number as sonar.projectVersion
sonar.projectBaseDir${project.projectDir}
sonar.working.directory${project.buildDir}/sonar
### Additional defaults for projects with the base or Java plugins applied
PropertyGradle default
sonar.sourceEncoding${project.compileJava.options.encoding}
sonar.java.source${project.sourceCompatibility}
sonar.java.target${project.targetCompatibility}
sonar.sources${sourceSets.main.allSource.srcDirs}
(filtered to only include existing directories)
sonar.tests${sourceSets.test.allSource.srcDirs}
(filtered to only include existing directories)
sonar.java.binaries${sourceSets.main.output.classesDir}
sonar.java.libraries${sourceSets.main.compileClasspath} (
filtering to only include files; rt.jar and jfxrt.jar added if necessary)
sonar.java.test.binaries${sourceSets.test.output.classeDir}
sonar.java.test.libraries${sourceSets.test.compileClasspath}
(filtering to only include files; rt.jar and jfxrt.jar added if necessary)
sonar.junit.reportPaths${test.testResultsDir}
(if the directory exists)
### Additional default for Groovy projects
PropertyGradle default
sonar.groovy.binaries${sourceSets.main.output.classesDir}
### Additional defaults for Android projects More default properties apply to Android projects (`com.android.application`, `com.android.library`, or `com.android.test`). By default, the first variant of type `debug` will be used to configure the analysis. You can override the name of the variant to be used using the parameter `androidVariant`: ```groovy // build.gradle sonar { androidVariant 'fullDebug' } ```
PropertyGradle default
sonar.sources (for non-test variants)${variant.sourcesets.map} (ManifestFile/CDirectories/AidlDirectories/AssetsDirectories/CppDirectories/JavaDirectories/RenderscriptDirectories/ResDirectories/ResourcesDirectories)
sonar.tests (for test variants)${variant.sourcesets.map} (ManifestFile/CDirectories/AidlDirectories/AssetsDirectories/CppDirectories/JavaDirectories/RenderscriptDirectories/ResDirectories/ResourcesDirectories)
sonar.java[.test].binaries${variant.destinationDir}
sonar.java[.test].libraries${variant.javaCompile.classpath} + ${bootclasspath}
sonar.java.source${variant.javaCompile.sourceCompatibility}
sonar.java.target${variant.javaCompile.targetCompatibility}
## Passing manual properties / overriding defaults The SonarScanner for Gradle adds a SonarQubeExtension extension to a project and its subprojects, which allows you to configure or override the analysis properties. ```groovy // build.gradle sonar { properties { property "sonar.exclusions", "**/*Generated.java" } } ``` SonarQube Cloud properties can also be set from the command line, or by setting a system property named exactly like the SonarQube Cloud property in question. This can be useful when dealing with sensitive information (e.g. credentials), environment information, or for ad-hoc configuration. `gradle sonar -Dsonar.verbose=true` While certainly useful at times, we recommend keeping the bulk of the configuration in a (versioned) build script, readily available to everyone. A SonarQube Cloud property value set via a system property overrides any value set in a build script (for the same property). When analyzing a project hierarchy, values set via system properties apply to the root project of the analyzed hierarchy. Every system property starting with `sonar` will be taken into account. ### Analyzing custom source sets By default, the SonarScanner for Gradle passes on the project’s main source set as production sources, and the project’s test source set as test sources. This works regardless of the project’s source directory layout. Additional source sets can be added as needed. ```groovy // build.gradle sonar { properties { properties["sonar.sources"] += sourceSets.custom.allSource.srcDirs properties["sonar.tests"] += sourceSets.integTest.allSource.srcDirs } } ``` ## More on configuring properties Let’s take a closer look at the `sonar.properties` `{}` block. As we have already seen in the examples, the `property()` method allows you to set new properties or override existing ones. Furthermore, all properties that have been configured up to this point, including all properties preconfigured by Gradle, are available via the properties accessor. Entries in the properties map can be read and written with the usual Groovy syntax. To facilitate their manipulation, values still have their "idiomatic" type (File, List, etc.). After the `sonar properties` block has been evaluated, values are converted to Strings as follows: Collection values are (recursively) converted to comma-separated Strings, and all other values are converted by calling their `toString()` methods. Because the `sonar properties` block is evaluated lazily, properties of Gradle’s object model can be safely referenced from within the block, without fear that they have not yet been set. ## Troubleshooting **If you get a java.lang.OutOfMemoryError**
With SonarScanner for Gradle version 6.0 or later Configure the sonar task in the `build.gradle` file: ```groovy sonar {   properties {     property("sonar.scanner.javaOpts", "-Xmx512m")   } } ``` Or set the SONAR\_SCANNER\_JAVA\_OPTS environment variable, like this in Unix environments: ```bash export SONAR_SCANNER_JAVA_OPTS="-Xmx512m" ``` In Windows environments, avoid the double quotes, since they get misinterpreted. ```bash set SONAR_SCANNER_JAVA_OPTS=-Xmx512m ```
With SonarScanner for Gradle version 5.1 or earlier Increase the java heap size in your `gradle.properties` file: ```properties org.gradle.jvmargs=-Xmx512m ```
**If you get a java.lang.OutOfMemoryError: Metaspace**
With SonarScanner for Gradle version 6.0 or later Configure the sonar task in the `build.gradle` file: ```groovy sonar { properties { property("sonar.scanner.javaOpts", "--XX:MetaspaceSize=512M -XX:MaxMetaspaceSize=512M") } } ``` Or set the SONAR\_SCANNER\_JAVA\_OPTS environment variable, like this in Unix environments. ```bash export SONAR_SCANNER_JAVA_OPTS="-XX:MetaspaceSize=512M -XX:MaxMetaspaceSize=512M" ``` In Windows environments, avoid the double quotes, since they get misinterpreted. ```bash set SONAR_SCANNER_JAVA_OPTS=-XX:MetaspaceSize=512M -XX:MaxMetaspaceSize=512M ```
With SonarScanner for Gradle version 5.1 or earlier [NextSonarScanner for .NET](https://docs.sonarsource.com/sonarqube-cloud/analyzing-source-code/scanners/sonarscanner-for-dotnet)Increase the java heap size in your `gradle.properties` file: ```properties org.gradle.jvmargs=-XX:MetaspaceSize=512M -XX:MaxMetaspaceSize=512M ```
## Related pages * [getting-started-in-us-region](https://docs.sonarsource.com/sonarqube-cloud/getting-started/getting-started-in-us-region "mention")