Sonar-maven-plugin fails to connect to db using username/password from servers

Hi!

I use sonar-maven-plugin for analyzing my PL/SQL project (it is Oracle Database procedural language). I have coverage and execution reports and want to send them to Sonar using sonar-maven-plugin. I have to provide db username/password to help scanner retrieve data dictionary information. I decided to keep it in servers block in my settings.xml file. For getting information from servers block I use servers-maven-extension. But unfortunately sonar-maven-plugin fails to connect to DB when I provide username and password in ${servers...} format. See my sonar properties from pom.xml:

        <sonar.login>${spdb-beholder.sonar.login}</sonar.login>
        <sonar.host.url>${spdb-beholder.sonar.host}</sonar.host.url>
        <sonar.plsql.jdbc.url>${liquibase.url}</sonar.plsql.jdbc.url>
        <sonar.plsql.jdbc.user>${settings.servers.db-dev.username}</sonar.plsql.jdbc.user>
        <sonar.plsql.jdbc.password>${settings.servers.db-dev.password}</sonar.plsql.jdbc.password>
        <sonar.plsql.jdbc.defaultSchema>${liquibase.user.owner}</sonar.plsql.jdbc.defaultSchema>
        <sonar.projectName>spdb-beholder</sonar.projectName>
        <sonar.projectKey>spdb-beholder</sonar.projectKey>
        <sonar.plsql.file.suffixes>sql,vw,pkb</sonar.plsql.file.suffixes>
        <sonar.sources>src/main/resources/migration/compiled</sonar.sources>
        <sonar.tests>src/main/resources/migration/tests</sonar.tests>
        <sonar.plsql.jdbc.driver>${liquibase.driver}</sonar.plsql.jdbc.driver>
        <sonar.plsql.jdbc.driver.path>${project.build.directory}/lib/ojdbc8-12.2.0.1.jar</sonar.plsql.jdbc.driver.path>
        <sonar.plsql.jdbc.driver.class>oracle.jdbc.OracleDriver</sonar.plsql.jdbc.driver.class>

        <sonar.sourceEncoding>UTF-8</sonar.sourceEncoding>
        <sonar.language>plsql</sonar.language>
        <sonar.coverageReportPaths>${project.build.directory}/coverage-sonar-reporter.xml</sonar.coverageReportPaths>
        <sonar.testExecutionReportPaths>${project.build.directory}/sonar-test-reporter.xml</sonar.testExecutionReportPaths>

I noticed that another plugins that have ${servers...} references in configuration block under plugin section work well. But I didn’t manage to make sonar-maven-plugin to work with ${servers...} references.

I found this article about encrypting passwords for Sonar but I’d rather like to keep it like password tag of server.

Are there any other approaches to keep a db password for Sonar Scanner?

Hi,

Welcome to the community!

Analysis hasn’t talked directly to the database for years! Also, I don’t understand why you’re writing a pom file to analyze PL/SQL.

Take a look at the docs for Sonar Scanner. They should get you started.

 
Ann

Thanks for reply!

See, I build my project with maven. I build a package with sources, install them using liquibase, run tests and then I want to send my results to Sonar. All those steps are made using maven.

Is my plugin version old? I thought you have to provide sonar.jdbc.url and connection requisites to plugin in order to make it work.

I will check your link, thanks!

Here’s parameters for my language: https://docs.sonarqube.org/latest/analysis/languages/plsql/