I am setting up sonarqube scans for different repos in my distributed systems application. Some of these repos are in javascript and python, while others are in Java Maven. I started off using the Maven plugin scan for the Java repos, but had to generalize with the sonarscanner for the javascript and python repos. Is it possible for me to set up the Java Maven scans to use sonarscanner as well? I am having some trouble setting up this scan and most of the examples and documentation I can find points me back to just using the Maven sonarqube scan.
Hey there.
We really don’t recommend doing this, as the difficulty in configuration often leads to poorer analysis results.
Why aren’t you able to use the Scanner for Maven? Generally – we reccomend using the best scanner for the job, rather than go one-size fits all.
Thanks Colin. Was just trying to standardize the code in Gitlab that would scan every repositoty across languages. I do currently have a working Maven scan, so if it is recommended for Java Maven then I will keep it and just use sonar scanner for everything else such as JavaScript and Python.
By the way, would sonar scanner work for SQL as well? If I also have some repos that contain SQL which I would like scanned. Would appreciate your thoughts or any documentation on this.
Yes. No issues analyzing with the vanilla SonarScanner. The most configuration you have to do is making sure you’re analyzing the right flavor of SQL
Hi Colin, if I had some SQL ( PostgreSQL) code in my Maven repositories where I am running a SonarQube Maven scan, will the SQL be analyzed along with the Java code? Or do I need to configure anything additional in my Maven scan setup?
It depends where your SQL files rest in the repository. Can you share a file tree?