This analyzer is recommended to launch analysis on Java Maven project.
From maven-sonar-plugin 188.8.131.525, SonarQube < 5.6 is no longer supported.
If using SonarQube instance prior to 5.6, you should use maven-sonar-plugin 184.108.40.2063.
From maven-sonar-plugin 3.1, Maven < 3.0 is no longer supported.
If using Maven prior to 3.0, you should use maven-sonar-plugin 3.0.2.
- Maven 3.x
- SonarQube is already installed
- At least the minimal version of Java supported by your SonarQube server is in use (Java 8 for latest LTS)
- The language plugins for each of the languages you wish to analyze are installed
- You have read Analyzing Code Source.
Edit the settings.xml file, located in $MAVEN_HOME/conf or ~/.m2, to set the plugin prefix and optionally the SonarQube server URL.
Analyzing a Maven Project
Analyzing a Maven project consists of running a Maven goal:
sonar:sonar in the directory where the pom.xml file sits.
To get coverage information, you'll need to generate the coverage report before the analysis. See Java Unit Tests and Coverage Results Import for more information.
Configuring the SonarQube Analysis
Analysis parameters are listed on the Analysis Parameters page. You have to configure them in the <properties> section of your pom.xml like this:
Any user who's granted Execute Analysis permission can run an analysis. If the Anyone group is not granted Execute Analysis permission or if the SonarQube instance is secured (the
sonar.forceAuthentication property is set to
true), the analysis token of a user with Execute Analysis permission must be provided through the
sonar.login property. Example:
sonar-scanner -Dsonar.login=[my analysis token]
Any user who's granted Execute Analysis permission can run an analysis.
If the Anyone group is not granted Execute Analysis permission or if the SonarQube instance is secured (the
Excluding a module from SonarQube analysis
You can either:
define property <sonar.skip>true</sonar.skip> in the pom.xml of the module you want to exclude
- use build profiles to exclude some module (like for integration tests)
- use Advanced Reactor Options (such as "-pl"). For example mvn sonar:sonar -pl !module2
To help you get started, a simple project sample is available here: https://github.com/SonarSource/sonar-scanning-examples/tree/master/sonarqube-scanner-maven
How to Fix Version of Maven Plugin
It is recommended to lock down versions of Maven plugins:
Project analyzed with Maven 3
If you get an java.lang.OutOfMemoryError, you can set the MAVEN_OPTS environment variable, like this in *nix environments:
On Windows environments, avoid the double-quotes, since they get misinterpreted.