# SonarScanner for Maven

SonarScanner for Maven — 5.6.0.6792 | Issue Tracker

**5.6.0.6792** ^{_{**2026-04-20**}}\ ^{Support sonar.scanner.httpExtraHeaders}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixversion%20%3D%205.6) *** **5.5.0.6356** ^{_{**2025-12-05**}}\ ^{Release after change of signing key}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixversion%20%3D%205.5\&selectedIssue=SCANMAVEN-339) *** **5.4.0.6343** ^{_{**2025-12-02**}}\ ^{Release after change of signing key}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixversion%20%3D%205.4\&selectedIssue=SCANMAVEN-338) *** **5.3.0.6276** ^{_{**2025-11-10**}}\ ^{Support of Maven 4}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixversion%20%3D%205.3) *** **5.2.0.4988** ^{_{**2025-08-29**}}\ ^{Index .github folder for analysis}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixversion%20%3D%205.2) *** **5.1.0.4751** ^{_{**2025-03-25**}}\ ^{Support sonar.region}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixversion%20%3D%205.1) *** **5.0.0.4389** ^{_{**2024-11-06**}}\ ^{Automatic JRE provisioning}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixversion%20%3D%205.0) *** **4.0.1.6619** ^{_{**2026-03-09**}}\ ^{Nudge users into versioning the scanner in their configuration}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues?jql=project%20%3D%20SCANMAVEN%20AND%20fixversion%20%3D%204.0.1) *** **4.0.0.4121** ^{_{**2024-05-31**}}\ ^{Drop support of Java 8 runtime}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixversion%20%3D%204.0) *** **3.11.0.3922** ^{_{**2024-03-13**}}\ ^{Collects files outside of conventional sonar.sources (aka scan more files)}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixVersion%20%3D%2014294) *** **3.10.0.2594** ^{_{**2023-09-15**}}\ ^{Support Maven 4}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project%20%3D%2010140%20AND%20fixVersion%20%3D%2012662) *** **3.9.1.2184** ^{_{**2022-01-12**}}\ ^{Increase socket connect timeout to 30s}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10140+AND+fixVersion+%3D+12661) *** **3.9.0.2155** ^{_{**2021-04-30**}}\ ^{Update dependencies}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10140+AND+fixVersion+%3D+12660) *** **3.8.0.2131** ^{_{**2021-01-13**}}\ ^{Support for Bitbucket Pipelines with SonarQube 8.7+, use JDK from the build}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10140+AND+fixVersion+%3D+12659) *** **3.7.0.1746** ^{_{**2019-10-01**}}\ ^{Support SONAR\_HOST\_URL environment variable to configure the server URL}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10140+AND+fixVersion+%3D+12657) *** **3.6.1.1688** ^{_{**2019-09-02**}}\ ^{Fix a vulnerable dependency}\ [Download](https://central.sonatype.com/artifact/org.sonarsource.scanner.maven/sonar-maven-plugin/versions)\ \ [Release notes](https://sonarsource.atlassian.net/issues/?jql=project+%3D+10140+AND+fixVersion+%3D+12658)

The SonarScanner for Maven is recommended as the default scanner for Maven projects. The ability to execute the SonarQube analysis via a regular Maven goal makes it available anywhere Maven is available (developer build, CI server, etc.), without the need to manually download, set up, and maintain a SonarQube scanner installation. The Maven build already has much of the information needed for SonarQube to successfully analyze a project. By preconfiguring the analysis based on that information, the need for manual configuration is reduced significantly. ## Prerequisites * Maven 3.2.5+ * At least the minimal version of Java supported by your SonarQube server is in use Edit the [settings.xml](http://maven.apache.org/settings.html) file, located in `/conf` or `~/.m2`, to set the plugin prefix and optionally the SonarQube server URL. ## Global settings Example: ```css-79elbk org.sonarsource.scanner.maven sonar true http://myserver:9000 ``` ## Analyzing Analyzing a Maven project consists of running a Maven goal: `sonar:sonar` from the directory that holds the main project `pom.xml`. You need to pass an [Generating and using tokens](/sonarqube-server/10.2/user-guide/user-account/generating-and-using-tokens.md) using one of the following options: * Use the `sonar.token` property. For example, to set it through the command line, Execute `maven sonar:sonar -Dsonar.token=yourAuthenticationToken` and wait until the build has completed, then open the web page indicated at the bottom of the console output. You should now be able to browse the analysis results. * Create the `SONAR_TOKEN` environment variable and set the token as its value. ```css-79elbk mvn clean verify sonar:sonar -Dsonar.token=myAuthenticationToken ``` In some situations you may want to run the `sonar:sonar` goal as a dedicated step. Be sure to use `install` as first step for multi-module projects ```css-79elbk mvn clean install mvn sonar:sonar -Dsonar.token=myAuthenticationToken ``` To specify the version of sonar-maven-plugin instead of using the latest: ```css-79elbk mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar ``` To get coverage information, you’ll need to generate the coverage report before the analysis and specify the location of the resulting report in an analysis parameter. See [Overview](/sonarqube-server/10.2/analyzing-source-code/test-coverage/overview.md) for details. ## Configuring analysis Most analysis properties will be read from your project. If you would like to override the default values of specific additional parameters, configure the parameter names found on the [Analysis parameters](/sonarqube-server/10.2/analyzing-source-code/analysis-parameters.md) page in the `` section of your pom.xml like this: ```css-79elbk [...] ``` ## Sample project To help you get started, a simple project sample is available here: ## Excluding a module from analysis * define property `true` in the `pom.xml` of the module you want to exclude * use build profiles to exclude some modules (like for integration tests) * use Advanced Reactor Options (such as "-pl"). For example `mvn sonar:sonar -pl !module2` ## How to fix version of Maven plugin It is recommended to lock down versions of Maven plugins: ```css-79elbk org.sonarsource.scanner.maven sonar-maven-plugin 3.7.0.1746 ``` ## Troubleshooting **If you get a java.lang.OutOfMemoryError** Set the `MAVEN_OPTS` environment variable, like this in Unix environments: ```css-79elbk export MAVEN_OPTS="-Xmx512m" ``` In Windows environments, avoid the double quotes, since they get misinterpreted. ```css-79elbk set MAVEN_OPTS=-Xmx512m ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sonarsource.com/sonarqube-server/10.2/analyzing-source-code/scanners/sonarscanner-for-maven.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.