Setup details:
SonarQube version: 9.9
SonarScanner version: 4.8.0.2856
SonarQube deployment: Helm
What am I trying to achieve ?
We are creating a CI pipeline using GitHub Actions. This pipeline has SonarQube integrated into it and performs scans using SonarScanner on various projects(Java, .NET etc). It is not possible to make changes to the project code every time to integrate SonarScanner into the build configuration such as pom.xml
or settings.xml
for a Maven project and similarly for a .NET project.
Instead of using the SonarScanner for Maven or SonarScanner for .NET we want to simply run SonarScanner in GitHub Action from the root directory of any project being built and use a configuration file to point to the SonarQube instance running.
It has been recommended in the Sonar docs that we use SonarScanner for maven and .NET by configuring the project build files.
- What is the reason for this ?
- Few threads on this forum indicate that the results of independent SonarScanner are not consistent with SonarScanner for Maven or SonarScanner for .NET
- How much difference can we expect ?
- Is this still valid for the recent versions of SonarScanner ?
- Can we configure the independent SonarScanner to perform similar to the one integrated into maven/.NET ?
What have I tried ?
- Setup independent SonarScanner locally and compared analysis with SonarScanner for maven.
- Found that we can overwrite build configuration for projects using a custom configuration file to enable using maven and .NET specific SonarScanners. Workaround but not the ideal way we would like to do this.