# SonarScanner for Maven

The SonarScanner for Maven is recommended as the default scanner for Maven projects.

The ability to execute the SonarQube analysis via a regular Maven goal makes it available anywhere Maven is available (developer build, CI server, etc.), without the need to manually download, set up, and maintain a SonarQube scanner installation. The Maven build already has much of the information needed for SonarQube to successfully analyze a project. By preconfiguring the analysis based on that information, the need for manual configuration is reduced significantly.

## Prerequisites <a href="#prerequisites" id="prerequisites"></a>

* Maven 3.2.5+
* At least the minimal version of Java supported by your SonarQube server is in use

Edit the [settings.xml](http://maven.apache.org/settings.html) file, located in `<MAVEN_HOME>/conf` or `~/.m2`, to set the plugin prefix and optionally the SonarQube server URL.

## Global settings <a href="#global-settings" id="global-settings"></a>

Example:

```css-79elbk
<settings>
    <pluginGroups>
        <pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
    </pluginGroups>
    <profiles>
        <profile>
            <id>sonar</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <!-- Optional URL to server. Default value is http://localhost:9000 -->
                <sonar.host.url>
                  http://myserver:9000
                </sonar.host.url>
            </properties>
        </profile>
     </profiles>
</settings>
```

## Analyzing <a href="#analyzing" id="analyzing"></a>

Analyzing a Maven project consists of running a Maven goal: `sonar:sonar` from the directory that holds the main project `pom.xml`. You need to pass an [generating-and-using-tokens](https://docs.sonarsource.com/sonarqube-server/10.3/user-guide/user-account/generating-and-using-tokens "mention") using one of the following options:

* Use the `sonar.token` property. For example, to set it through the command line, Execute `maven sonar:sonar -Dsonar.token=yourAuthenticationToken` and wait until the build has completed, then open the web page indicated at the bottom of the console output. You should now be able to browse the analysis results.
* Create the `SONAR_TOKEN` environment variable and set the token as its value.

```css-79elbk
mvn clean verify sonar:sonar -Dsonar.token=myAuthenticationToken
```

In some situations you may want to run the `sonar:sonar` goal as a dedicated step. Be sure to use `install` as first step for multi-module projects

```css-79elbk
mvn clean install
mvn sonar:sonar -Dsonar.token=myAuthenticationToken
```

To specify the version of sonar-maven-plugin instead of using the latest:

```css-79elbk
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar
```

To get coverage information, you’ll need to generate the coverage report before the analysis and specify the location of the resulting report in an analysis parameter. See [overview](https://docs.sonarsource.com/sonarqube-server/10.3/analyzing-source-code/test-coverage/overview "mention") for details.

## Configuring analysis <a href="#configuring-analysis" id="configuring-analysis"></a>

Most analysis properties will be read from your project. If you would like to override the default values of specific additional parameters, configure the parameter names found on the [analysis-parameters](https://docs.sonarsource.com/sonarqube-server/10.3/analyzing-source-code/analysis-parameters "mention") page in the `<properties>` section of your pom.xml like this:

```css-79elbk
<properties>
  <sonar.buildString> [...] </sonar.buildString>
</properties>
```

## Sample project <a href="#sample-project" id="sample-project"></a>

To help you get started, a simple project sample is available here: <https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonar-scanner-maven/maven-basic>

## Excluding a module from analysis <a href="#excluding-module" id="excluding-module"></a>

* define property `<sonar.skip>true</sonar.skip>` in the `pom.xml` of the module you want to exclude
* use build profiles to exclude some modules (like for integration tests)
* use Advanced Reactor Options (such as "-pl"). For example `mvn sonar:sonar -pl !module2`

## How to fix version of Maven plugin <a href="#fix-version" id="fix-version"></a>

It is recommended to lock down versions of Maven plugins:

```css-79elbk
<build>
  <pluginManagement>
    <plugins>
      <plugin>
        <groupId>org.sonarsource.scanner.maven</groupId>
        <artifactId>sonar-maven-plugin</artifactId>
        <version>3.7.0.1746</version>
      </plugin>
    </plugins>
  </pluginManagement>
</build>
```

## Troubleshooting <a href="#troubleshooting" id="troubleshooting"></a>

**If you get a java.lang.OutOfMemoryError**

Set the `MAVEN_OPTS` environment variable, like this in Unix environments:

```css-79elbk
export MAVEN_OPTS="-Xmx512m"
```

In Windows environments, avoid the double quotes, since they get misinterpreted.

```css-79elbk
set MAVEN_OPTS=-Xmx512m
```