Our organization has a sonar qube license, and we have access to https://sonarcloud.io/ but no admin rights.
We want to use maven to check our spring boot project, but the documentation seems contradictory, confusing and incorrect, and despite days of trying, we cannot find a way to get it to work. We have not been able to find any tutorials or guides.
This document: SonarScanner for Maven | SonarQube Server Documentation
Says to run this:
mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.token=myAuthenticationToken
Which is obvious wrong as the first step, as you have to add sonar to the pom.xml.
You have to look under “other settings” right at the end to find the actual instructions for setting up maven, but they are missing the version. We cant find anywhere where the current version number is published.
org.sonarsource.scanner.maven sonar-maven-plugin yourPluginVersionWe had to get this from the example project here: sonar-scanning-examples/sonar-scanner-maven/maven-basic at master · SonarSource/sonar-scanning-examples · GitHub
<version>3.10.0.2594</version>
Presumably this is old, but there is no other option.
We added this to our pom.
The example tells us to run it like this:
mvn clean verify sonar:sonar
But we assume this wont work as there is specification of the auth token, so the instructions must be wrong.
Running the above command just gives errors ( package org.springframework.data.jpa.repository.config does not exist) Which we don’t get when we build, install or run our application.
The documentation page, however says to use a different command:
mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.token=myAuthenticationToken
When we run this with our auth token, we get the same build errors as before:
package org.springframework.data.jpa.repository.config does not exist
Does anyone have any step by step instructions how to get the maven plugin working with a maven project?
some instructions mention jacoco-maven-plugin and the eample has com.google.guava, but we don’t know what these do or if either or both are required. We tried with and without it with no luck. The example makes no separation between what’s specific to the app and whats specific to sonarqube.
We see that some example have in the pom. There is no info if these are required, and, if so, how we would generate these for our project. The ones in the example project would not work with our project (as we use java 21, they specify 1.8 etc).
If we try to run mvn clean verify sonar:sonar at the root of our spring boot multi-module project, it obviously fails because you cant run tests at this level (the config is specif to a module, not root).
If we run mvn clean sonar:sonar at the root, we get:
Fail to get bootstrap index from server: Failed to connect to localhost/[0:0:0:0:0:0:0:1]:9000: Connection refused: getsockopt
There is no mention of how this is configured in the example or documentation that we can see. Presumably there is some hidden parameter which specifies the URL of the sonar cloud serice.
