By SonarSource – GNU LGPL 3 – Issue Tracker – Sources – Supported by SonarSource
Enables the powerful SonarJava analyzer.
First Analysis of a Java Project
- Install SonarQube Server (see Setup and Upgrade for more details)
- Install SonarJava (see Installing a Plugin for more details). By default SonarJava is provided out of the box with SonarQube.
- Execute analysis:
For Maven projects, use the SonarQube Scanner for Maven by executing the following command from the root directory of the project:
For Gradle projects, declare the
org.sonarqubeplugin in your build.gradle file:
Then use the SonarQube Scanner for Gradle by executing the following command from the root directory of the project:
Follow the link provided at the end of the analysis to browse your project's quality in SonarQube UI.
Java bytecode is required
Analyzing a Java project without providing the Java bytecode produced by
javac (Android users: Jack doesn't provide the required
.class files) and all project dependencies (jar files) is possible, but will result in an increased number of false negatives, i.e. legitimate issues will be missed by the analyzer.
From SonarJava version 4.12 binary files are required for java projects with more than one java file. If not provided properly, analysis will fail with the message
Please provide compiled classes of your project with sonar.java.binaries property
See Java Plugin and Bytecode for how to provide the Java bytecode if you are not using Maven to run your analysis.
With SonarJava, you can :
- deal with Unit Tests and Code Coverage : Code Coverage by Unit Tests for Java Project tutorial
- provide the Java Bytecode for more accurate analysis
- handle correctly the java version used by source code within projects: Handling Java Source Version
- analyse other java-related files: Analyse maven pom.xml files
- import SpotBugs, FindSecBugs, PMD, Checkstyle issues reports
- create your own Custom Rules