SonarQube doesn't find any xml issue without sonar.sources parameter


I created custom XPath 1.0 rule via Track breaches of an XPath rule for analyze XML files. All required for analyze XML files contains in src/main/resource folder, whereas java code in src/main/java. When I run code analyze without sonar.sources parameter, SonarQube doesn’t go into src/main/resource folder (I figured it out because I redirected terminal output into file). If I add -Dsonar.sources=src/main/. to analyze command, then all files are parsed and analyzed correctly, but now not all java files are analyzed(figured it out again with terminal output redirection to file).


  • SonarQube version
  • OS = Debian
  • SonarQube runes in Docker
  • Java version 1.8
  • Docker version 20.10.7

May be it’s my fault, thanks for help.


Welcome to the community!

I guess you’re using SonarScanner for Maven, right? And so by default (i.e. without the extra sonar.sources parameter) you get the Mavenish, Java-centric behavior: the assumption that all “code” lives under src/main/java and files in src/main/resources are just… well, “resources”.

So you’re getting the expected behavior and you’ve found exactly the right workaround/override. If you wanted, you could switch to the vanilla SonarScanner CLI, but then you’ve have to specify everything manually, so I don’t think it would be worth it.