How To Use The Sonar Maven Plug-in

Question

Easy question here. I want to add sonar to be executed on every Maven build. I tried:

<plugin>
    <groupId>org.sonarsource.scanner.maven</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.1.1</version>
</plugin>

and

<plugin>
    <groupId>org.codehaus.sonar</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>5.1</version>
</plugin>

and

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>2.7.1</version>
</plugin>

because a) I couldn't figure out what the plug-ins do and/or b) which one is the current one.

If I only add the above to <build> -> <plugins> it's not executed ever (so the plug-in doesn't have a default execution). So of course I added a <execution> instruction, and after that Sonar gets executed, but with the following error message:

<executions>
    <execution>
        <phase>prepare-package</phase>
        <goals>
            <goal>sonar</goal>
        </goals>
    </execution>
</executions>

Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.1.1:sonar (default) on project org.acme.project.build: Can not execute Findbugs: This project contains Java source files that are not compiled.

It does not seem to matter which phase I use (I tried validate and compile and test and prepare-package and package even though not all of them make sense). I am sure there is no source code generation anywhere in the project. And the static classes get compiled just fine.

I think the problem might be that the plug-in gets executed for every module, including the parent pom project. Which is weird, because sonar:sonar skips that project.

But the project structure is simple and I can't find anything unusual about it:

<groupId>group</groupId>
<artifactId>org.acme.project.build</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>pom</packaging>

<modules>
    <module>org.acme.project</module>
</modules>

<profiles>
    <profile>
        <id>sonar</id>
        <properties>
            <sonar.host.url>http://sonar.acme.org/</sonar.host.url>
        </properties>
        <build>
            <plugins>
                <plugin>
                    <groupId>org.sonarsource.scanner.maven</groupId>
                    <artifactId>sonar-maven-plugin</artifactId>
                    <version>3.1.1</version>
                    <executions>
                        <execution>
                            <phase>compile</phase>
                            <goals>
                                <goal>sonar</goal>
                            </goals>
                        </execution>
                    </executions>
                </plugin>
            </plugins>
        </build>
    </profile>
</profiles>

The project org.acme.project has nothing besides its own artifact ID and the parent. The command line is: mvn clean deploy -Dsonar.login=Wile.Coyote -Dsonar.password=*********** -Psonar

The log shows that sonar is always executed before the install phase, which of course is way to early.

So how do I use Sonar's Maven plug-in to analyze my code?

Answer 1

a) I couldn't figure out what the plug-ins do

The plugin is used to gather the details from code coverage reports and the repository code scanning for getting to analyze possible bugs, duplications etc. You can search for a sample sonar report to find what all and how to get these details with maven using two methods like settings.xml and maven plugin is detailed at SonarQube Scanner for Maven and SonarQube - analyzing with Maven

b) which one is the current one.

The maven central suggests that the current plugin from org.codehaus.mojo used as

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.2</version>
</plugin>

has been moved to

<plugin>
    <groupId>org.sonarsource.scanner.maven</groupId>
    <artifactId>sonar-maven-plugin</artifactId>
    <version>3.2</version>
</plugin>

So you should ideally be using the one from groupId - org.sonarsource.scanner.maven as also suggested by the SonarQube Docs

Also the artifact from org.codehaus.sonar version 5.1 seems to be outdated and not maintained.