Skip to end of metadata
Go to start of metadata

By SonarSource – GNU LGPL 3 – Issue TrackerSources – Supported by SonarSource
More versions
SonarJava 5.1 – Jan 30, 2018 – SonarQube 6.7+ (Compatible with LTS)
2 new rules, support for Eclipse & JetBrains nullable annotations
DownloadRelease notes

Description

Enables the powerful SonarJava analyzer.

First Analysis of a Java Project

  1. Install SonarQube Server (see Setup and Upgrade for more details)
  2. Install SonarJava (see Installing a Plugin for more details). By default SonarJava is provided out of the box with SonarQube.
  3. Execute analysis:
    1. For Maven projects, use the SonarQube Scanner for Maven by executing the following command from the root directory of the project:

      mvn sonar:sonar -Dsonar.host.url=[your SonarQube URL]
    2. For Gradle projects, declare the org.sonarqube plugin in your build.gradle file:

      plugins {
      	id "org.sonarqube" version "2.5"
      }

      Then use the SonarQube Scanner for Gradle by executing the following command from the root directory of the project:

      ./gradlew sonarqube -Dsonar.host.url=[your SonarQube URL]
  4. Follow the link provided at the end of the analysis to browse your project's quality in SonarQube UI.

 

Java bytecode is required

Analyzing a Java project without providing the Java bytecode produced by javac (Android users: Jack doesn't provide the required .class files) and all project dependencies (jar files) is possible, but will result in an increased number of false negatives, i.e. legitimate issues will be missed by the analyzer.

From SonarJava version 4.12 binary files are required for java projects with more than one java file. If not provided properly, analysis will fail with the message

Please provide compiled classes of your project with sonar.java.binaries property

See Java Plugin and Bytecode for how to provide the Java bytecode if you are not using Maven to run your analysis.

 

Advanced Usage

With SonarJava, you can :

 

 

  • No labels