- Sonarqube Version: 7.9 LTS
I’ve taken over the responsibiltiy of our SQ installation and currently I try to get familiar with it. One thing I recognized is, that someone (don’t know who) has given the right “Create project” to “Anyone”. Bad idea, because I have lots of projects being created right out of Maven. Most of them have the same source, the same name and description, but different key. I tried to get behind the mechanism, but since I’m not really familiar with Java, I’d ask for your appreciated help.
All of those projects have the same groupId, artifactId, name and description. The only difference is the revision. What I’m not able to understand is the generation of the project key. I haven’t found any hint in the pom.xml, however, all of those similar looking projects have a different project key.
Could someone explain me how this works?
A sample pom.xml looks like (relevant lines):
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns=...>
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>some.master</groupId>
<artifactId>somemaster</artifactId>
<version>1.0</version>
</parent>
<groupId>this.groupid.is.always.used</groupId>
<artifactId>project-parent</artifactId>
<version>${revision}</version>
<packaging>pom</packaging>
<name>VIProject</name>
<description>Most important project ever written</description>
...
<properties>
<revision>version</revision>
....
Many thanks in advance to anyone reading my lines. Regards, Thomas