# Analysis parameters Project analysis settings can be configured in multiple places. Each plugin and language analyzer adds its own properties which can be defined in the SonarQube UI; these properties can also be defined as analysis parameters, however, the descriptions of those properties and the best place to set them is *in the UI* when possible. Only parameters set through the UI are reusable for subsequent analysis and there is a structure to the way parameters are read by the scanner. Here is the hierarchy in order of precedence: ![Diagram showing settings hierarchy.](https://3691828591-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Feu7dHWcqP9Cr3eUAzwWg%2Fuploads%2Fgit-blob-b0bffc5c8c2fb56f9b91e54bef8b833da9f71549%2Fc9667d9d76afdceb73b59b271fc872fb10999446.png?alt=media) Diagram showing settings hierarchy. 1. *Global properties*: Apply to all projects. Defined in the UI in **Administration** > **Configuration** > **General Settings** 2. *Project properties*: Apply to one project only. At project level, defined in the UI in **Project Settings** > **General Settings** 3. *Project analysis parameters*: Defined in a project analysis configuration file or scanner configuration file 4. *Analysis / Command line parameters*: Defined when launching an analysis with `-D` on the command line {% hint style="info" %} There is an exception to this settings hierarchy. You can use two parameters in the UI, **Global Source File Exclusions** and **Global Test File Exclusions**, to define the global analysis scope at the global level and you cannot override them at the project level: see [analysis-scope](https://docs.sonarsource.com/sonarqube-server/10.5/project-administration/analysis-scope "mention") for more details. {% endhint %} Note that only parameters set through the UI are stored in the database. For example, if you override the `sonar.exclusions` parameter via the command line for a specific project, it will not be stored in the database. Subsequent analyses, or analyses in SonarLint with connected mode, would still be executed with the exclusions defined in the UI and therefore stored in the DB. Most of the property keys shown in the interface at both global and project levels can also be set as analysis parameters, but the parameters listed below can *only* be set at analysis time. For language-specific parameters related to test coverage and execution, see [overview](https://docs.sonarsource.com/sonarqube-server/10.5/analyzing-source-code/test-coverage/overview "mention"). For language-specific parameters related to external issue reports, see [external-analyzer-reports](https://docs.sonarsource.com/sonarqube-server/10.5/analyzing-source-code/importing-external-issues/external-analyzer-reports "mention"). And to learn more about controlling the scope of your analysis, see the page on [analysis-scope](https://docs.sonarsource.com/sonarqube-server/10.5/project-administration/analysis-scope "mention"). {% hint style="info" %} Analysis parameters are case-sensitive. {% endhint %} ## Mandatory parameters This section lists analysis parameters (sonar properties) that, during a project analysis, cannot be set in the UI and are mandatory. It means that they must be set on the CI/CD host. The following default values are indicated for a parameter when applicable: * **Default from build**: It indicates from which build system(s) the scanner can read a default value for the sonar property. The build property used as the default value is not indicated: see the corresponding scanner section for more information. * **Default**: This value applies if the property was neither defined on the CI/CD host nor in the UI. In addition, if the analysis parameter can be set through an environment variable, the variable name is indicated. ### Authentication to the server * `sonar.token` * Token used by the scanner to authenticate to the SonarQube Server. A token can be specific to a project (allows you to run analyses on the specific project) or global (allows you to run analyses on any project). The corresponding SonarQube user must have the Execute Analysis permission on the project or the Global Execute Analysis permission, respectively. * **Notes**: * Replaces `sonar.login` and `sonar.password` properties that are deprecated. * This property can be defined through the SONAR\_TOKEN environment variable. * **Recommendation**: It is recommended not to write passwords or authentication tokens in files and not to pass them as parameters in the command line. ### Server connection * `sonar.host.url` * The URL to your SonarQube Server. You must define this URL because the SonarScanners also work with SonarCloud which uses a different URL. * **Default**: For SonarScanner CLI from v6.0, .NET from v7.0, and NPM from v4.0: . * For older versions of the SonarScanner CLI, .NET, and NPM: [http://localhost:9000](http://localhost:9000/) * **Notes**: The default value is for evaluation purposes only and should not be used in a production context. This property can be defined through the SONAR\_HOST\_URL environment variable. ### Project identification * `sonar.projectKey` * The project’s unique key. Can include up to 400 characters. All letters, digits, dash, underscore, periods, and colons are accepted. * **Default from build**: Maven, Gradle. ## Optional Parameters This section lists analysis parameters (sonar properties) that, during a project analysis, cannot be set in the UI (or, like the `sonar.projectName`, cannot be changed in the UI) and are optional. It means that they can only be set on the CI/CD host. The following default values are indicated for a parameter when applicable: * **Default from build**: It indicates from which build system(s) the scanner can read a default value for the sonar property. The build property used as the default value is not indicated: see the corresponding scanner section for more information. * **Default**: This value applies if the property was neither defined on the CI/CD host nor in the UI. In addition, if the analysis parameter can be set through an environment variable, the variable name is indicated. ### Project information * `sonar.projectName` * Name of the project that will be displayed on the SonarQube UI. * **Possible values:** white space allowed. * **Default from build**: Maven * **Notes**: * Is set in the UI if the project is manually created in SonarQube (cannot be changed in the UI). * If passed in the command line, will only be read by the scanner if the command applies to the main branch. * `sonar.projectVersion` * The project version. Is mandatory in case you use the new code definition based on the previous version. * **Default from build**: Maven, Gradle * **Note**: Do not use your build number as the project version because: * This would overload the SonarQube database (Houskeeping would not apply to the analysis snapshots because they would be marked by the project version change event). * This would prevent a correct application of the new code definition based on the previous project version since the build version usually changes much more often than the project release version. * `sonar.projectDescription` * The project description. * **Note**: This property is not supported by the SonarScanner for .NET. * **Default from build**: Gradle ### Analysis scope | Property key | Description | Default | | ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | | `sonar.sources` |

The initial analysis scope for main source code (non-test code) in the project.

This property is not supported by the SonarScanner for .NET.

Possible values: Comma-separated paths to directories are included. An individual file in the list means that the file is included. A directory in the list means that all analyzable files and directories recursively below it are included. The path can be relative (to the sonar.projectBaseDir property) or absolute. Wildcards (, \*\* and ?) are not allowed.

Default from build:

• Maven

• Gradle

• .NET

| The value of the `sonar.projectBaseDir` property. | | `sonar.tests` |

The initial analysis scope for test code in the project.

\*This property is not supported by the SonarScanner for .NET.

Possible values: See sonar.sources above.

Note: If this property is not defined, no code will be analyzed as test code as there is no default value.

Default from build:

• Maven

• Gradle

• .NET

|


| | `sonar.projectBaseDir` |

The project’s base directory. Use this property when you need the analysis to take place in a directory other than the one from which it was started. For example, the analysis starts from jenkins/jobs/myjob/workspace but the files to be analyzed are in ftpdrop/cobol/project1.

Possible values: The path may be relative (to the directory from which the analysis was started) or absolute. Specify not the source directory, but some ancestor of the source directory. The value specified here becomes the new "analysis directory", and other paths are then specified as though the analysis were starting from that specified value.

Note: The analysis process will need Write permissions in this directory; it is where the sonar.working.directory will be created by default.

Default from build:

• Maven

• Gradle

• .NET

| The directory from which the analysis was started. | | `sonar.scm.exclusions.disabled` |

For supported SCMs, defines whether files ignored by the SCM, e.g., files listed in .gitignore, will be excluded from the analysis or not.

Possible values:

• true: exclusion disable

• false: exclusion enabled

| `false` | | `sonar.filesize.limit` |

Sets the limit in MB for files to be discarded from the analysis scope if the size is greater than specified.

Note: The sonar.javascript.maxFileSize property (default: 1000 KB) discards JavaScript and TypeScript files from the analysis scope if the file size is greater than specified (This parameter can be set in the UI).

| 20 | ### Duplication check | Property key | Description | Default | | ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | | **`sonar.cpd..minimumTokens`** |

Is used for non-Java projects to define the duplication check rule: a piece of code is considered duplicated if sonar.cpd.\.minimumTokens identical tokens are found across at least sonar.cpd.\.minimumLines lines of code.

Note: For Java projects, a piece of code is considered duplicated when there is a series of at least 10 statements in a row, regardless of the number of tokens and lines. This threshold cannot be overridden.

| 100 | | **`sonar.cpd..minimumLines`** | Is used for non-Java projects to define the duplication check rule: see above. | 10 | ### Analysis logging | Property key | Description | Default | | -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | | `sonar.log.level` |

Controls the quantity/level of logs produced during an analysis.

Possible values: From least to most verbose:

• INFO

• DEBUG

• TRACE: like DEBUG with possible additional information output by plugins or libraries used by the scanner.

| `INFO` | | `sonar.verbose` |

Possible values:

• true: adds more details to the analysis logs by activating the DEBUG mode for the scanner.

• false

Note: There is the potential for this setting to expose sensitive information such as passwords if they are stored as server-side environment variables.

| `false` | | `sonar.scanner.metadataFilePath` | Sets the location where the scanner writes the `report-task.txt` file containing among other things the `ceTaskId`. | The value of `sonar.working.directory`. | ### Quality gate * `sonar.qualitygate.wait` * Forces the analysis step to poll the SonarQube instance and wait for the Quality Gate status. If there are no other options, you can use this to fail a pipeline build when the Quality Gate is failing. * **Possible values:** `true`or `false` * **Default:** `false` * `sonar.qualitygate.timeout` * Number of seconds that the scanner should wait for a report to be processed. * **Default**: 300 ### Import of external issues This section lists only the properties used to import generic and SARIF issues. For the properties used to import reports generated by third-party tools supported by SonarQube, see [external-analyzer-reports](https://docs.sonarsource.com/sonarqube-server/10.5/analyzing-source-code/importing-external-issues/external-analyzer-reports "mention"). * `sonar.externalIssuesReportPaths` * Comma-delimited list of paths to [generic-issue-import-format](https://docs.sonarsource.com/sonarqube-server/10.5/analyzing-source-code/importing-external-issues/generic-issue-import-format "mention"). * `sonar.sarifReportPaths` * Comma-delimited list of paths to [importing-issues-from-sarif-reports](https://docs.sonarsource.com/sonarqube-server/10.5/analyzing-source-code/importing-external-issues/importing-issues-from-sarif-reports "mention"). ### Links displayed in the UI | Property key | Description | | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `sonar.links.ci` |

The URL of the continuous integration system used. The property is effective only for the main branch analysis.

Default from build: Maven

| | `sonar.links.homepage` |

The URL of the build project home page. The property is effective only for the main branch analysis.

Default from build: Maven

| | `sonar.links.issue` |

The URL to the issue tracker being used. The property is effective only for the main branch analysis.

Default from build: Maven

| | `sonar.links.scm` |

The URL of the build project source code repository. The property is effective only for the main branch analysis.

Default from build: Maven

| ### Multi-branch The following properties are available from the [Developer Edition](https://www.sonarsource.com/plans-and-pricing/developer/): * `sonar.branch.name` * Name of the branch to which the analysis applies. * See also [branch-analysis](https://docs.sonarsource.com/sonarqube-server/10.5/analyzing-source-code/branches/branch-analysis "mention"). * `sonar.pullrequest.key`, `sonar.pullrequest.branch`, and `sonar.pullrequest.base`: see [pull-request-analysis](https://docs.sonarsource.com/sonarqube-server/10.5/analyzing-source-code/pull-request-analysis "mention"). * `sonar.newCode.referenceBranch` * Sets the [defining-new-code](https://docs.sonarsource.com/sonarqube-server/10.5/project-administration/clean-as-you-code-settings/defining-new-code "mention") definition to `Reference Branch` for this analysis, overriding the configuration on the server. ### Other parameters * `sonar.scm.revision` * Overrides the revision, for instance, the Git `sha1`, displayed in analysis results. * **Note**: May be provided by the CI environment or guessed from the checked-out sources. * `sonar.buildString` * The string passed with this property will be stored with the analysis and available in the results of `api/project_analyses/search`, thus allowing you to later identify a specific analysis and obtain its key for use with `api/new_code_periods/set` on the SPECIFIC\_ANALYSIS type.. * `sonar.ws.timeout` * Maximum time to wait for the response of a web service call, in seconds. Modifying this value from the default is useful only when you’re experiencing timeouts during analysis while waiting for the server to respond to web service calls. * **Default**: 60 * `sonar.sourceEncoding` * Encoding of the source files. For example, `UTF-8`, `MacRoman`, `Shift_JIS`. The list of available encodings depends on your JVM. * **Default from build**: Maven, Gradle * **Default**: System encoding. * `sonar.working.directory` * Path to the working directory used by the Sonar scanner during a project analysis to store temporary data. This property is not compatible with the SonarScanner for .NET. * The path can be relative (to the`sonar.projectBaseDir` property) or absolute. It must be unique for each project. * **Default from build:** Gradle, Maven * **Default:** `.scannerwork` * **Warning**: The specified directory is deleted before each analysis. * `sonar.scm.forceReloadAll` * By default, blame information is only retrieved for changed files. Set this property to `true`to load blame information for all files, which may significantly increase analysis duration. This can be useful if you feel that some SCM data is outdated but SonarQube does not get the latest information from the SCM engine and this analysis parameter should not be a permanent part of your analysis configuration. * **Default**: `false` * `sonar.analysis.=` * This property stub allows you to insert custom key/value pairs into the analysis context, which will also be passed forward to [https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/advanced-setup/webhooks](https://app.gitbook.com/s/B4UT2GNiZKjtxFtcFAL7/advanced-setup/webhooks "mention"). * **Example**: `sonar.analysis.buildNumber=12345` * **Note**: Depending on the environment, using this property in the command line may not work. ### Deprecated parameters {% hint style="warning" %} These parameters are listed for completeness, but are deprecated and should not be used in new analyses. They will be removed in the future. A user warning appears on the project interface if you activate this parameter. {% endhint %} * `sonar.login` * `sonar.projectDate` * `http.proxyHost` or `https.proxyHost` * `http.proxyPort` * `http.proxyUser` * `http.proxyPassword` * `sonar.ws.timeout`