I didn’t mention adding SonarQube rules from SonarQube plugins but yes, effectively that is the case.
To further clarify, because I want to be sure that I understand this 100%. Sorry if I am too verbose.
This is our current setup:
We execute
mvn verify
In the pom.xml, the following Maven plugins are configured to run during the verify phase:
- Checkstyle
- PMD
- Spotbugs
- Dependency-Check
Then, later in the build, this is executed:
mvn sonar:sonar
So if I understand you correctly, what we need to do, is to delete from pom.xml the configuration of all the aforementioned analyzers, and we will still get exactly the same result as before? Is this true for all analyzers? I’m not sure abou that, because at least for Dependency-Check, it says on the GitHub repo:
This SonarQube plugin does not perform analysis , rather, it reads existing Dependency-Check reports. Use one of the other available methods to scan project dependencies and generate the necessary JSON or XML report which can then be consumed by this plugin. Refer to the Dependency-Check project for relevant documentation.
SonarSourcer Colin wrote on this forum in September 2019:
SonarQube, natively, cannot run PMD and Checkstyle, only consume the reports those tools generate. You’ll need to run those tools to generate the reports prior to your SonarQube analysis. Adding the analysis parameters won’t do that for you.
Source: How to integrate pmd and checkstyle using sonar-project.properties
In the Official SonarQube Documentation about Third-Party Issues, it says:
SonarQube doesn’t run your external analyzers or generate reports. It only imports pre-generated reports. Below you’ll find language- and tool-specific analysis parameters for importing reports generated by external analyzers.
Source: Importing third-party issues
So I’m really confused now. I understand that you are saying “don’t run external analyzers, SonarQube will run them during analysis”, and all the documentation I can find, says the exact opposite.
I don’t want to imply that you are wrong, what I’m trying to say is, I have trouble in understanding what you mean. English is not my first language so something might get lost in translation.