SonarScanner for Maven
The SonarScanner for Maven is recommended as the default scanner for Maven projects.
The ability to execute the SonarQube analysis via a regular Maven goal makes it available anywhere Maven is available (developer build, CI server, etc.), without the need to manually download, setup, and maintain a SonarQube scanner installation. The Maven build already has much of the information needed for SonarQube to successfully analyze a project. By preconfiguring the analysis based on that information, the need for manual configuration is reduced significantly.
- Maven 3.x
- At least the minimal version of Java supported by your SonarQube server is in use
Edit the settings.xml file, located in
~/.m2, to set the plugin prefix and optionally the SonarQube server URL.
Analyzing a Maven project consists of running a Maven goal:
sonar:sonar from the directory that holds the main project
pom.xml. You need to pass an authentication token using the
sonar.login property in your command line.
In some situations you may want to run the
sonar:sonar goal as a dedicated step. Be sure to use
install as first step for multi-module projects
To specify the version of sonar-maven-plugin instead of using the latest:
To get coverage information, you'll need to generate the coverage report before the analysis and specify the location of the resulting report in an analysis parameter. See test coverage for details.
Most analysis properties will be read from your project. If you would like to override the default values of specific additional parameters, configure the parameter names found on the analysis parameters page in the
<properties> section of your pom.xml like this:
To help you get started, a simple project sample is available here: https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonar-scanner-maven/maven-basic
- define property
pom.xmlof the module you want to exclude
- use build profiles to exclude some modules (like for integration tests)
- use Advanced Reactor Options (such as "-pl"). For example
mvn sonar:sonar -pl !module2
It is recommended to lock down versions of Maven plugins:
If you get a java.lang.OutOfMemoryError
MAVEN_OPTS environment variable, like this in Unix environments:
In Windows environments, avoid the double quotes, since they get misinterpreted.
© 2008-2023, SonarSource S.A, Switzerland. Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution-NonCommercial 3.0 United States License. SONARQUBE is a trademark of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.