I am using Sonar integration with Jenkins. I want to run Sonar only on a sub-module of a project and not the entire project. But, when I specify -pl sub-module in the options for Sonar, it says that it is not supported.
Is there a way to achieve this?
Thanks
cd into the submodule and run mvn sonar:sonar there.
The drawback of this approach is that it will create a new top-level entry on the Sonar server; Sonar can't merge the results of a submodule run with an existing full analysis.
Related
I have a multimodules project with many dependencies. Until now after successful build I was performing sonar analysis of whole project. To save time and build project I detect which modules have been changed and run maven command:
mvn install -pl module1,module5,module2 -amd
Is there any way to do static analysis only for built modules? Something like mvn sonar:sonar -pl module1,module5,module2 -amd? of course it doesn't work, do you have any idea?
I know that there is option:
mvn sonar:sonar -pl !module2
but my project has more than 50 modules so if commit change only 5 modules I will have to list 45 others modules.
SonarQube always requires full scan. If you exclude some modules and execute the scanner, then excluded modules will disappear from SonarQube. It means there is no such flag.
Read more: How to analyse only new added lines of code?
I am using SonarQube version 6.7 for running analysis of Maven projects using the command mvn clean verify sonar:sonar from the project directory using command prompt and get the results. The sonar configurations in settings.xml for maven (v3.5.3) are added respectively.
In Jenkins (version 2.161), I have installed SonarQube Scanner for Jenkins (v2.8.1) plugin. The SonarQube Server configuration is configured as below.
In the Jenkins maven project, I have configured the post steps as below.
I have checked the Prepare SonarQube Scanner environment in the Build Environment section and the Build goal is -e clean verify sonar:sonar.
My issue is, when the SonarQube analysis for a maven project is triggered through command prompt using the command mvn clean verify sonar:sonar, I am getting the results as expected. But when the Jenkins job is triggered with the configurations above for the same maven project, the results are different and incorrect. What am I missing?
P.S- In the Post-build Actions, I can see the SonarQube analysis with maven is deprecated.
Thanks in advance.
You use different scanners. First you used SonarScanner for Maven (mvn sonar:sonar). Next you used Basi SonarScanner, which requires manual configuration of all options.
The best option to sole it is always use the same scanner. You have Maven project, so you can enable Prepare SonarQube Scanner environment in Build Environment, and next execute Sonar goal $SONAR_MAVEN_GOAL in Build.
I have a multi-module maven project which seems to have correctly generated OWASP dependency reports at both the parent and child module /target dirs using the org.owasp:dependency-check-maven plugin as so:
However, referencing the plugin docs, and executing the sonar-maven-plugin as below, I just can't work out what the correct command should be, any combination seems to lead to a build failure:
mvn sonar:sonar -Dsonar.sources=? -Dsonar.dependencyCheck.reportPath=?
Can anyone explain how to configure a multi-module maven project and have Sonar recognise the OWASP dependency reports?
Below is a screenshot of the starting point - we've had a CI pipeline up and running producing separate unit and integration test coverage stats for each of the submodules for some time.
Ok, so have contacted the author and the dependency-check-sonar-plugin doesn't work with a multi-module maven project.
So we are just going to produce a static artefact in a one-off fashion and not attempt to integrate with our CI pipeline.
I have a mvn project. I want to run it against sonar.
e.g. the following command - mvn org.codehaus.mojo:sonar-maven-plugin:2.0:sonar
Without going in and modifying the application pom file to add sonar plugin, is there another way that I can call the mvn command and reference sonar plugin ?
I don't know how it works, but if you execute it from Jenkins with the Sonar plugin it will work without modifying your pom.xml.
I've set up a Bamboo server and made a test project and plan with a Maven build task.
But this task doesn't produce any artifacts (except, maybe, test results, which I've unchecked). And I'd like to have all maven artifacts to be attached to the build results, like it is done in Hudson.
How to do that?
You can find some info on the Bamboo documentation.
This is for the latest Bamboo release (v3.4).
Also, are you running Maven with the goal package (or install) ?