Recently, our company is doing sonar scanning of Maven project. In order to view the sonar scanning results at a glance, we need to display the scanning results of multiple Maven projects to a sonar project at the same time. I tried to scan several Maven projects in a Jenkins project, and then display them in a sonar project, but failed. I come here for help,hoping to get your help.
My requirements are described in detail as follows:
1.Sonar scanning of single Maven project:
The sonar check results of each Maven project are displayed separately. I want to display all Maven projects in one sonar project.
4.Target effect to be achieved:
First of all, please install the SonarQube plugin for Jenkins. This allow you to specify your SonarQube URL and login in the central (admin protected) Jenkins configuration and to not expose URL and login in each build. This is a matter of securing your set up.
Now about your question. This is not possible. Each independent maven build corresponds to a project in SonarQube. If you want to aggregate everything in a single project, you would have to aggregate all your Jenkins builds into a single one.
The core question is Why do you want to do that ?: If those project can be built and analyzed separately, why would you want them all in the same project ? Do they have anything in common ? Are they parts of something that’s released as a whole ?
Olivier
PS: In assume that you run a SonarQube Community Edition, and a fairly old one from your screenshot.
Be aware that with the SonarQube Developer Edition 8.6 you have a feature to regroup several projects in one (the Application feature)
Well, our department has a quality inspection team. Before the project goes online, the quality team will check: they require the project to go through sonar inspection, and no bugs are allowed. All problems found out by sonar inspection have to be solved. They only focus on whether the final result meets the requirements, and do not need to see the specific problem type. In order to improve efficiency, the quality group hopes to see whether the final results meet the requirements at a glance, instead of checking one project by one.
Is there any good way to achieve it?
Well the approach that you use does not correspond to the product approach.
The checks/requirements on the code to allow the code to be “released” should be made through the automatic quality gate feature, and your pipelines should enforce that the code can’t be released or deployed if the criteria defined in the quality gate are not met.
There’s a default quality gate, but nothing prevents you to customize your own (and for instance it would be super easy to set the criteria No bugs). Your quality department would not have to inspect anything to be confident that the code is released only if there are no bugs (and obviously they can add additional criteria if they have more).
See: https://docs.sonarqube.org/latest/user-guide/quality-gates/ for detais on quality gates
You mentioned above:
Be aware that with the SonarQube Developer Edition 8.6 you have a feature to regroup several projects in one (the Application feature)
Today, I downloaded an 8.6 developer version. Where is the function and how to operate it?
Note: Just to be clear, in case you missed that, the Developer Edition is a commercial one, so you would have to purchase a license to use it (to be able to run a scan with this edition).