Must-share information (formatted with Markdown):
- which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) SonarQube 10.6 Community, Maven 3.9.6 (via Chocolatey), Java Extension Pack for VSCode, JDK17 (was already on the environment)
- how is SonarQube deployed: zip
- what are you trying to achieve: Scanning some project files that contain .java files for the most part
- what have you tried so far to achieve this: Installed SQ, VSCode, Maven, pulled down a .zip file of the code I’m told to scan, tried to run a bunch of commands against the extracted code files in its folder and got told there was no pom.xml file. I kind of expected this because the tutorial I’m following showed it being configured with the SQ host info, token, etc. but what I don’t know is where I’m supposed to get this POM.XML file anyway.
Note I am not a developer, just the guy who has to run this against the code. It looks like I need to run a few commands against the project and its pom.xml file to generate some more files which in turn let me run the scanner and get some code scanned.
Is the pom.xml generated when a project is built as a Maven project in an IDE? From what the developers have told me, it is currently written in Eclipse and is actually an ANT project when they build it. Is there a way for me to take their code and make it a Maven project on my own? I have VSCode and Maven installed but this is my first time doing such a thing. Am I supposed to hack one together myself (which I guess I could do reading off the screen, so long as I know where it’s supposed to sit I guess). Was I just supposed to yank it out of the sample project I saw floating around? Should I just start bugging the developers about this because it’s supposed to be in their wheelhouse?
Any orientation so I know which way to work would be much appreciated!
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!