sonar and maven multi-module project - can sonar analyze every module separately? - maven

I have a multi-module project, and O want sonar to analyze each project by himself. For example, to check duplicated lines only in the same module and not compere to all the project code?

If you want them to be separate from SonarQube's point of view, then you have to scan them separately. SonarQube will not be "creating a different project in the same repo". It doesn't care what the source location is for each project.
So, in your build process that runs the scans, you'll simply have to "cd" into each submodule directory and run "sonar:sonar" (or use the sonar-scanner), specifying the module name for each. You'll need to ensure that the module name is a unique SonarQube project.

Related

SonarQube: Validation of project failed, Module is already part of project

I am trying to analyze one Maven project (with the SonarQube Scanner for Maven) and I am getting the following validation error: Module "com.company:module1" is already part of project "com.company".
I would like to ask you if there is a way to turn this validation off or what should I do in order to analyze the project the second project without deleting the first one.
There's no way to turn this validation off; component keys must be unique across the instance. To be able to analyze both projects, you must remove (or exclude) the module from one of the projects. If the already-analyzed project is the one that loses the module, make your configuration changes, re-analyze, and then you should be able to analyze the second project.

How to update only one module in multi module project

I have a multi module project in which each module is written in different languages. I have added this project as a multi module project in local sonar instance according to the sonar documentation in which each sub module having separate sonar-project.properties file.
Anyway I wanted to analyse only one module because other modules doesn't have any changes. For that I have to add the project key to the sonar.project-properties file in the module which I wanted to analyse. But when I analyse the project using sonar scanner, analysis failed and below error can be seen in server logs. So is there anyway to analyse only one module in multi module project?
org.sonar.api.utils.MessageException: Validation of project failed:
o Component (uuid=AV7hl7plAY-wqGulFkbZ, key=child-key) is not a project
o The project "child-key" is already defined in SonarQube but as a module of project "parent-project-key". If you really want to stop directly analysing project "parent-project-key", please first delete it from SonarQube and then relaunch the analysis of project "child-key".
Having analyzed the modules together as one project, you cannot then go back and analyze only one of them. All modules must be analyzed together or you must delete your aggregate project to allow module analysis on an individual basis.
Note that the Governance($) plugin would allow you to re-aggregate your split modules

SonarQube and migration to multi-module project with preserving history

We're in process of migration of a single Maven project that has been analyzed in SonarQube 4.5.4 into a multi-module Maven project.
The SonarQube analyzing is going to be migrated to the Parent project so that the old and new modules would be analyzed all-in-one.
During the analyzing we receive an error:
'The project '...' is already defined in SonarQube but not as a module of project '...:Parent''
The obvious solution is to remove the old project from SonarQube, however it means removal of all historical information.
How can we achieve both goals:
migrate to multi-module project
keep history of analyzing of the existing project (that should be a child of the new multi-module project)
?
Thanks.
SonarQube does not allow to group several existing projects into a single one. So you won't be able to achieve your 2 goals.
The only thing you can do is to update the key of each existing project on SonarQube (for instance, you can add "_OLD" suffix on their key). This will allow you to:
Keep the history for those projects - but they won't evolve any longer
Make it possible to analyze successfully the new multi-module project
To know how to update project key, please read the documentation.

Sonar separate quality profile per component

I have a multi-module maven project and have it's modules as Sonar components.
Is it possible to set alerts separate per module/component, or Sonar considers the whole project? If not, what's the best way of having my maven modules as separate projects in Sonar, so that mvn sonar:sonar is only executed once. I use cobertura for report generation.
At the moment of writing this answer, that feature is not supported by Sonar.
If separate metrics needed you need to create a separate project and trigger a separate build from Jenkins and providing specific pom.xml file for desired module.

Dependency on non-maven module

The entire java project has an ant build; however couple of module(s) have maven build too.
My new module (maven built, say A) has dependency over an existing module(or simply a folder?, say B) which is being built using ant which just packages the src into jar and drops it inside the project.
Maven build for module A fails (unable to locate moduleB files); Options -
1. Package module B using maven, push to m2_repo
I do not want to go with this option.
Please let me know what are the other options available for the same.
If you have control over the source of all your modules, and if you decided that Maven is your way to go forward, then I recommend to to go all-in as soon as possible. If you do not then you will have continuous problems for the two build strategies to play along. And not only during build time but also at deploy time when it is time to collect all your runtime dependencies. Unless you build one uber-JAR as your only deployable artifact.
If your modules will (almost) always release in sync, then consider using a multi-module project setup.
When I say "all-in" then I do not mean that you have to give up Ant completely. You can use the maven-antrun-plugin to kick of your existing ant builds.
You should also consider running your own repository server, e.g. Nexus, to take full advantage of your maven builds.

Resources