Maven multi-module project SonarCloud scan on parent POM does not recognize submodules

I am performing “mvn verify sonar:sonar” on the parent pom.xml of a multi-module project and it does not recognize the submodules. The mvn command output only recognizes the parent project key for analysis. The sonar properties are setup similar to below in the parent pom.xml. There are no sonar properties setttings in the pom.xml files of the submodules. In, I have created the parent and submodule projects and keys (ex. Assuming the submodule pom.xml artifactIds are sub1, sub2, sub3, the submodule project keys are project_sub1, project_sub2 and project_sub3 in to match the below <sonar.moduleKey> format). From my understanding of the posts, this should allow for scanning the the submodules when running “mvn verify sonar:sonar” on just the parent pom.xml file. NOTE: We have other multi-module maven projects where Sonar scanning are being explicitly run on each submodules pom.xml and that works fine but we want to move to this approach where we only have to scan the parent pom.xml to have the sub-module scans performed.

Can you advise on what is wrong or missing in this setup?


Hey there.

There’s really no reason to specify sonar.moduleKey, so I would recommend removing that.

A good place to look is the sonar-scanning-examples repository which has examples of a multi-module maven project.

Otherwise, it would probably be necessary for you to upload a sample/dummy project where you face the issue, to really understand what’s not right.

I notice that the multi-module maven example does not have the basic sonar POM properties (sonar.projectKey, sonar.organization, etc) required by SonarCloud, which is a bit confusing. In SonarCloud, I have setup a few monorepo projects (also Maven multimodule repos). For the monorepo projects where I perform scan (mvn verify sonar:sonar) separately on parent and each sub-module pom.xml, I have no issues with seeing the scan results in In those cases, I do not use moduleKey in the parent pom.xml but instead parent and submodule pom.xml files have their projectKey specified in each. In order to avoid requiring the scan on each submodule pom.xml, the documentation indicates that parameterized moduleKey can be specified instead in the parent pom.xml and the sonar properties can be removed from the submodule pom.xml files so the scan can just be performed on the parent pom.xml.

Is this correct? NOTE: The scan jobs are run in CircleCI and we scan the projects in every branch build so that regressions are known/resolved before merging.

Hey there.

It’s a bit hard to parse out what you’re describing. As mentioned before: