We are running SonarQube version 6.7.4 and using Sonar Scanner plugin (org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar)
We are trying to scan a project which only has a bunch of xml files and a pom.xml file.
Every time we run the scan using the following properties, it only scans the pom.xml file and ignores all the xml files.
Your problem is that youâre the SonarQube Scanner for Maven to perform an essentially non-Maven analysis. One of the things the SQS4M does for you is automatically feed sonar.sources with the location youâll find the .java files in in a Maven project: src/main/java/. Iâm guessing thatâs not where your .xml files are.
So either switch to the âvanillaâ scanner, SonarQube Scanner, or in addition to all your other parameters, explicitly pass sonar.sources.
And speaking of your parameter list, you should remove sonar.language. This property has been deprecated literally for years and is finally removed in 7.7. Additionally, since you are currently running a Maven analysis, you shouldnât need to specify project name and key on the command line; they should be picked up automatically from your pom. If you do switch scanners tho, youâll want to retain those parameters.
Hi Ann !
The xml files are flat in the repo not in any of the folders. Thereâs no src/ dir in that project.
I tried using vanilla SonarQube scanner but I was unable to use Quality gate with that.
So sticking to use SonarQube Scanner for maven.
I did remove sonar.language. That was just for my testing.
I had to add a condition to see if it only has xmls, then use sonar.sources= . or if it has src dir, then use sonar.sources=src/main,pom.xml
I was just looking to cover everything using one sonar.sources in our script but didnât work.
This part of your response doesnât make sense to me:
If you had said you werenât able to run an analysis, that would be something we could work on, but the QG is a built-in feature that just works and is entirely independent of which scanner youâre using.
Yes, if your projects have source files in different locations, then sonar.sourceswill need to vary by project.
What would be the command to run pure vanilla sonar source command ?
I tried giving the path to where the sonar scanner was installed in jenkins. It did finish the scan fine but it did not find the sonar results for the quality gate to analyze. I believe it could not see the ID that Quality Gate looks for. (This is all in jenkins)
And yea, it works with specifying sonar.sources for various projects we have.
I think I understand now. When you used the vanilla scanner, you had trouble reporting the QG results in Jenkins. Can you share your pipeline code? I suspect it lacks withSonarQubeEnv as demonstrated in the docs
I went through the docs again and figured out how to use vanilla scanner and also report QG results.
But I guess I still have to vary sonar.sources according to the projects (xml only, java/scala)
I tried the vanilla scanner code (inside my jenkins pipeline script) on a java based project and it failed.
The error is:
[Sonar] INFO: JavaClasspath initialization
[Sonar] INFO: ------------------------------------------------------------------------
[Sonar] INFO: EXECUTION FAILURE
[Sonar] INFO: ------------------------------------------------------------------------
[Sonar] INFO: Total time: 5.630s
[Sonar] INFO: Final Memory: 18M/374M
[Sonar] INFO: ------------------------------------------------------------------------
[Sonar] ERROR: Error during SonarQube Scanner execution
[Sonar] ERROR: Please provide compiled classes of your project with sonar.java.binaries property
[Sonar] ERROR:
[Sonar] ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
If youâre dealing with a Java project you build with Maven, then by all means use the SonarQube Scanner for Maven. If youâre not, then use the vanilla scanner.
The error you got, âPlease provide compiled classes of your project with sonar.java.binaries propertyâ means just what it says: you need to provide the path to your class files. The SQS4Maven will do that for you.
