Project analysis settings can be configured in multiple places. Each plugin and language analyzer adds its own properties which can be defined in the SonarQube UI; these properties can also be defined as analysis parameters, however, the descriptions of those properties and the best place to set them is in the UI when possible. Only parameters set through the UI are reusable for subsequent analysis and there is a structure to the way parameters are read by the scanner.
Here is the hierarchy in order of precedence:
- Global properties: Apply to all projects. Defined in the UI in Administration > Configuration > General Settings
- Project properties: Apply to one project only. At project level, defined in the UI in Project Settings > General Settings
- Project analysis parameters: Defined in a project analysis configuration file or scanner configuration file
- Analysis / Command line parameters: Defined when launching an analysis with
-Don the command line
Note that only parameters set through the UI are stored in the database. For example, if you override the
sonar.exclusions parameter via the command line for a specific project, it will not be stored in the database. Subsequent analyses, or analyses in SonarLint with connected mode, would still be executed with the exclusions defined in the UI and therefore stored in the DB.
Most of the property keys shown in the interface at both global and project levels can also be set as analysis parameters, but the parameters listed below can only be set at analysis time.
For language-specific parameters related to test coverage and execution, see Test coverage. For language-specific parameters related to external issue reports, see External issues. And to learn more about controlling the scope of your analysis, see the page on Analysis scope.
Analysis parameters are case-sensitive.
|the server URL|
|The project's unique key. Allowed characters are: letters, numbers, ||For Maven projects, this defaults to |
|Name of the project that will be displayed on the web interface.|
|The project version.|
By default, user authentication is required to prevent anonymous users from browsing and analyzing projects on your instance, and you need to authenticate when running analyses. Authentication is enforced in the global Security settings.
When authentication is required or the "Anyone" pseudo-group does not have permission to perform analyses, you'll need to supply the credentials of a user with Execute Analysis permissions for the analysis to run under.
|The authentication token of a SonarQube user with either Execute Analysis permission on the project or Global Execute Analysis permission.|
As an alternative to this property, you can create the
|Maximum time to wait for the response of a Web Service call (in seconds). Modifying this value from the default is useful only when you're experiencing timeouts during analysis while waiting for the server to respond to Web Service calls.||60|
|The project description.|
|Project home page.|
|Project source repository.|
|Comma-separated paths to directories containing main source files.||Read from build system for Maven, Gradle, MSBuild projects. Defaults to project base directory when neither |
|Comma-separated paths to directories containing test source files.||Read from build system for Maven, Gradle, MSBuild projects. Else default to empty.|
|Encoding of the source files. Ex: ||System encoding|
|Comma-delimited list of paths to Generic Issue reports.|
|Comma-delimited list of paths to SARIF reports.|
Assign a date to the analysis. This parameter is only useful when you need to retroactively create the history of a not-analyzed-before project. The format is
Note: You may need to adjust your housekeeping settings if you wish to create a long-running history.
Use this property when you need analysis to take place in a directory other than the one from which it was launched. E.G. analysis begins from
Note that the analysis process will need write permissions in this directory; it is where the
|Set the working directory for an analysis triggered with the SonarScanner or the SonarScanner for Ant (versions greater than 2.0). This property is not compatible with the SonarScanner for MSBuild. The path must be relative, and unique for each project. Beware: the specified folder is deleted before each analysis.|
|This property can be used to explicitly tell SonarQube which SCM you're using on the project (in case auto-detection doesn't work). The value of this property is always lowercase and depends on the SCM (ex. "git" if you're using Git). Check the SCM integration documentation for more.|
|By default, blame information is only retrieved for changed files. Set this property to |
|For supported engines, files ignored by the SCM, i.e. files listed in |
|Overrides the revision, for instance, the Git SHA-1, displayed in analysis results. By default value is provided by the CI environment or guessed by the checked-out sources.|
The string passed with this property will be stored with the analysis and available in the results of
|This property stub allows you to insert custom key/value pairs into the analysis context, which will also be passed forward to webhooks.|
|Sets the new code definition to |
|Sets the limit in MB for files to be discarded from the analysis scope if the size is greater than specified.||20|
|A piece of code is considered duplicated as soon as there are at least 100 duplicated tokens in a row (override with ||100|
|Control the quantity/level of logs produced during an analysis. ||INFO|
Add more detail to both client and server-side analysis logs. Activates DEBUG mode for the scanner, and adds client-side environment variables and system properties to the server-side log of analysis report processing.
NOTE: There is the potential for this setting to expose sensitive information such as passwords if they are stored as server-side environment variables.
|Outputs to the specified file the full list of properties passed to the scanner API as a means to debug analysis.|
|Set the location where the scanner writes the report-task.txt file containing among other things the ceTaskId.|
|Forces the analysis step to poll the SonarQube instance and wait for the Quality Gate status. If there are no other options, you can use this to fail a pipeline build when the Quality Gate is failing. See the CI integration page for more information.|
|Sets the number of seconds that the scanner should wait for a report to be processed.||300|
|Sets the number of seconds to wait before timing out when downloading a plugin from SonarQube.||300|
These parameters are listed for completeness, but are deprecated and should not be used in new analyses.
Deprecated since SQ 7.1
© 2008-2023, SonarSource S.A, Switzerland. Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution-NonCommercial 3.0 United States License. SONARQUBE is a trademark of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.