Enrique
Reputation: 882
Does SonarQube analyse Maven dependencies by default?
I know SonarQube analyses both source code and bytecode (jars and .class files).
Does it only analyse the jar of the "main" project, or does it also analyse the jars of its Maven dependencies?
Upvotes: 1
Views: 156
Answers (1)
G. Ann - SonarSource Team
Reputation: 22804
The jars aren't analyzed. The source code and compiled classes of your project are analyzed, and during that analysis, the project's dependencies are used to get a little more information about the calls your project is making. But the jars aren't analyzed.
Upvotes: 3
Related Questions
- SonarQube and maven
- SonarQube dependency check sonar plugin
- SonarQube: Bytecode of dependencies missing despite Maven usage
- Can we run SonarQube on a Maven1 project?
- What maven goal is required to run maven sonar analysis?
- SonarQube doesn't show any issues with Maven project
- maven plugin sonarqube doesn't resolve it's dependencies
- Does mvn sonar instrument analysed classes
- Do a dependency analysis of tests using Sonar (or other)
- exclude dependencies when running sonar analysis