Mvn sonar:sonar always reports success

spierepf · May 5, 2020, 7:24pm

My company uses SonarQube as part of our CI build. I don’t know what the version is, I’m not sure where to find it on our installation.

I am using the sonar-maven-plugin:3.7.0.1746:sonar plugin.

I followed the instructions at:

https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-maven/

My goal is to have the results of SonarQube’s analysis appear in my console and for my local build to fail if SQ finds issues.

However, mvn sonar:sonar always succeeds, and doesn’t report anything useful.

What am I missing?

ganncamp · May 6, 2020, 5:44pm

Hi,

Welcome to the community!

You’re not missing anything; this is the way analysis works. The process of analysis is succeeding.

… Okay, maybe you are missing something here. What happens when you run mvn sonar:sonar is that an analysis report is generated and submitted to the server for asynchronous processing. Once the report is successfully submitted to the server, the local process ends. At this point, the QG status has not yet been calculated. It is only once the report is popped off the queue and processed server-side that the QG status is (maybe) updated. When you’re running analysis in a CI/CD context, there are ways to make it pause until the SonarQube sends a webhook notification that processing is complete, and the status of the CI/CD job can be updated based on the QG. But you’re not going to get that functionality in a local, Maven build.

HTH,
Ann

spierepf · May 6, 2020, 7:07pm

As a developer, I want to be able to replicate the CI build on my local box, so that I can know that my code changes will not break the build before I commit them.

What is the maven command line equivalent?

ganncamp · May 6, 2020, 7:32pm

Hi,

For that you should be looking at SonarLint and/or PR analysis($).

Ann

spierepf · May 6, 2020, 8:35pm

I’ve tried SonarLint, but it brings my IDE to its knees.

Does PR analysis($) work with maven?

ganncamp · May 7, 2020, 11:13am

Hi,

Yes, PR analysis is scanner-agnostic.

Ann

Julien_HENRY · May 7, 2020, 12:23pm

This is an interesting feedback for us. We are eager to improve that. Could you please share a bit more context in a new thread:

your IDE
JVM version
version of SonarLint
source of slowness if you can find (CPU or memory pressure)
is it slow for all files, or only some particular files/project (big, legacy code, …)

That would be very useful!

Topic		Replies	Views
Mvn sonar results in CI process SonarQube Server / Community Build	2	359	November 1, 2020
Understanding SonarScanner for Maven SonarQube Server / Community Build	7	1689	October 21, 2021
The last analysis has failed SonarQube Server / Community Build maven , jenkins	11	20830	August 20, 2020
How my code shows up in Sonar UI after analysis SonarQube Server / Community Build	2	922	July 27, 2020
What's the best way to get my Sonarqube after invoking a scan via maven? SonarQube Server / Community Build	1	1287	February 11, 2020

Mvn sonar:sonar always reports success

Related topics