Maven project key

  • which versions are you using

SonarQube 8.5

  • what are you trying to achieve

I’m new to sonarqube and I’m not a java developer. We are developing some automation around onboarding to sonarqube and I had some general questions around maven projects which will be used by many different teams within the organization.

The tool tip says:

Your project key is a unique identifier for your project. If you are using Maven, make sure the key matches the “groupId:artifactId” format.

I assume this means it has to match what you have in the maven POM file and not just anything that conforms to that “format” - is this correct?

If it has to match the groupId:artifactId from a maven project, what options are available if there is conflict between two different projects that share the same groupId:artifactId? Can you include additional metadata in the project key? Is there a recommended way to handle this situation?

Hi,

You’re correct that the groupId:artifactId values are expected to be pulled from your project’s top-level pom. If you have two projects with the same group and key (why???) then you can override the project’s default key either by adding a <sonar.projectKey>overrideValue</sonar.projectKey> in a <properties> section, or by passing -Dsonar.projectKey=overrideValue on the analysis command line.

 
HTH,
Ann

Thanks for the clarification. As to “why” that is a long answer :slight_smile:

Correct me if i’m wrong but it also seems like these settings will enable creating a project key that does not conform to groupId:artifactId e.g: “foo” whilst allowing the user to leverage the settings above such as <sonar.projectKey>foo</sonar.projectKey> to scan the project, is this correct?

Yes! That’s correct. You’ve mastered the topic.

 
:smile:
Ann

1 Like