Im looking to see any maven configuration which will enable me to run Sonar Scan on my code for every maven build. I dont want to use a separate goal but somehow enforce it as part of users regular build commands.
Asked
Active
Viewed 839 times
0
-
What is the problem with using it as a goal? The analysis is done by your CI? – khmarbaise Nov 11 '19 at 08:59
-
The goal is to enforce sonar scan for developers in an organization in their local development , sort of while they are still doing regular maven builds locally. We would like them to see the Sonar warnings. The idea is to integrate SOnar at multiple levels , at IDE level or command line, commit time and then build time. – sunnyX Nov 11 '19 at 16:08
1 Answers
1
You can attach Sonar to a phase (e.g. verify) like this:
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.5.0.1254</version>
<executions>
<execution>
<id>verify-sonar</id>
<phase>verify</phase>
<goals>
<goal>sonar</goal>
</goals>
</execution>
</executions>
</plugin>
This also works with other phases like compile or package.
Sebastian Heikamp
- 906
- 7
- 13
-
Where should i put the properties like specifiying sonarqube server url and username/password and token? – sunnyX Nov 11 '19 at 16:30
-
org.sonarsource.scanner.maven sonar-maven-plugin 3.6.0.1746 http://sonarurl.com:9000 MyProj myuser myuserpass ..... – sunnyX Nov 11 '19 at 17:12 -
Hi @sunnyX, just put them as global properties as described here: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/ – Sebastian Heikamp Nov 12 '19 at 10:40
-
I have updated the properties in the settings, even updated the project Key. – sunnyX Nov 12 '19 at 18:30
-
And you're still unable to run the sonar analysis? Is your initital problem (attaching the scan to a maven goal) fixed? I'm sorry, I'm getting a bit confused ;-) – Sebastian Heikamp Nov 13 '19 at 08:35