Dir xyz should be relative to project baseDir

Which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

SonarQube: 7.5.0
Sonar Maven Plugin:

What are you trying to achieve

I am working with a team that wants to run their project (Angular wrapped with Spring Boot) through a Sonar scan. The Angular sub-module has the majority of source, whereas the Spring Boot sub-module is simply intended to be a vehicle for hosting the Angular files and a means to easily utilize Cloud capabilities. It also includes a Cordova layer to fully realize the hybrid-hosted web app model, but those are mostly configuration files (no developer-created source). So that layer will not be scanned, but I figured I’d mention that it’s another aspect of the project.

This project is structured as a “pseudo” multi-module project. I say “pseudo” in a sense that the project is split up based on frameworks used (see simplified directory structure below), but there’s no over-arching parent that establishes an association with these sub-modules.

├── angular
|   ├── src
|   |   └── app
|   ├── package.json
|   └── package-lock.json
└── spring
    ├── src
    |   ├── main
    |   |   └── java
    |   └── test
    |       └── java
    └── pom.xml

I understand that this may very well not be the optimal structure for this project. My question is mostly geared towards understanding if it’s possible for the Sonar scan to handle this project in its current state. If it’s absolutely not possible, then we can investigate alternative project structuring, or any other suggestions.

Ideally we’d like to run scans against both sub-modules. mvn sonar:sonar is invoked in our CI pipeline in the application/spring directory. The reason for scanning the project via the Maven Sonar plugin is that this project uses a templated CI pipeline, and that templated CI pipeline invokes one build system (based on developer specification in a pipeline configuration file) to download dependencies, compile, test, package and publish. So we use Maven but also register custom npm tasks into the build lifecycle using the exec-maven-plugin. I realize this might also be an area of opportunity, but it’s the best solution we’ve devised thus far to fit into our templated CI pipeline solution.

What have you tried so far to achieve this

I’ve referenced numerous community posts related to this same topic, but their concerns seem a bit different than our concerns…

Presently our pom.xml contains these sonar properties. Please note that I omitted a number of properties and only included those that I believe are pertinent to the issue.

As an aside, ${env.WORKSPACE} resolves to the absolute path of the workspace on Jenkins.

<!-- Angular sub-module -->
<!-- Spring sub-module -->

The build fails with the following message.

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin: (default-cli) on project application: Dir /var/jenkins/test123/workspace/job/application/angular/src/app should be relative to project baseDir -> [Help 1]

I was under the impression that the angular.sonar.projectBaseDir would be honored during the scan of files under application/angular. However, it seems sonar.projectBaseDir is taking priority. I also tried removing the sonar.projectBaseDir property from the pom file, but the results are the same.


Welcome to the community!

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

7.5 → 7.9.6 → 8.9.7 → 9.3 (last step optional)

You may find the Upgrade Guide and the LTS-to-LTS Upgrade Notes helpful. If you have questions about upgrading, feel free to open a new thread for that here.

Regarding your question, analysis assumes that it’s invoked from the project root directory. Since you don’t have a pom file in your project root, using the SonarScanner for Maven maybe more trouble than it’s worth. You could try restructuring the project, but a Maven-based analysis is going to be Java-centric and you’ll need to override the default sonar.sources value to include both your angular and your Java code. It may be simpler to use the SonarScanner CLI and construct your analysis parameters manually.


1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.