sonar.java.spotbugs.reportPaths: in pom.xml or on maven commandline?

I’m in a bit of an argument with a colleague.

He wants to put sonar.java.spotbugs.reportPaths on the mvn command in the Jenkins pipeline library (so it will be the same for all projects, single module and multi-module), like this:

sh "mvn -Dsonar.java.spotbugs.reportPaths=\"target/spotbugs.xml\" sonar:sonar"

I, on the other hand, want to have that value in the pom.xml, like this:

  <properties>
    <sonar.java.spotbugs.reportPaths>${project.build.directory}/spotbugs.xml</sonar.java.spotbugs.reportPaths>
  </properties>

and then the Maven command simply becomes

sh "mvn sonar:sonar"

Not just that, I also want this property to go in the parent POM, so it doesn’t have to be defined in each and every pom.xml.

An additional argument I have is, if we put sonar.java.spotbugs.reportPaths on the commandline, then we also have to do it for:

  • sonar.java.pmd.reportPaths
  • sonar.java.checkstyle.reportPaths
  • sonar.dependencyCheck.htmlReportPath
  • sonar.dependencyCheck.reportPath
  • sonar.clirr.reportPath
  • sonar.jacoco.reportPath
  • sonar.japicmp.xmlReportPath

(which we all use).

And it’s not just that, I think we don’t even have to define these values at all, as long as a plugin is active in SonarQube, it will look for the report files in the default locations, and you only have to tell it when they are not on the default locations.

Who is right here?

Who can settle our argument?

Bump.

I need a reply on this one.

How much does a support contract for SonarQube cost? Because I’m so frustrated with my colleague’s stubbornness that I’d even consider paying for a support contract out of my own money JUST TO PROVE HIM WRONG.

Hi,

Sorry to disappoint you, but IMO the options are really equal in terms of utility and it’s really just a question of your convenience and operational procedures.

I personally like the tidiness of mvn sonar:sonar. On the other hand, when you’re trying to debug an analysis log, that simple command leaves most things hidden. Also, command line arguments are at the top of the precedence hierarchy for ways to set/override analysis values. … Which actually might be an argument for keeping the command line clean. Because if your default is mvn sonar:sonar and you do need to override something, you still have room to do it on the command line.

 
:woman_shrugging:
Ann

When I look at an actual analysis log, I see the report path, regardless if it’s defined on the commandline or in the pom, or not even configured at all and assumed to be default.

So… you’re right. There’s absolutely no need to configure the default path - at any level.

 
Ann

1 Like

image