Dear Community and users of the SonarScanner for Maven,
We are about to make some changes in the SonarScanner for Maven and wanted to inform you about them so you can anticipate changes in your CI/CD configuration.
Analyze more code, more file types
With version 3.11 of the SonarScanner for Maven, we will introduce a new way to determine the scope of what will be analyzed in your repository. This can be activated by adding the property sonar.maven.scanAll=true.
With versions prior to this change, the SonarScanner for Maven was mainly considering the src/main/java and src/test/java directories only as the scope of the files that should be scanned.
This is coming from the old time when Sonar was mainly supporting Java but things changed and Sonar supports 30+ languages and we never updated this behavior.
In order to scan more than just these directories, you were forced to do a complex configuration of the sonar.sources property which is definitely not the best.
In order to smoothly introduce this change, we decided to disable it by default for the moment and gather feedback before making it the default behaviour. Please give it a try once it is released and let us know what you think about it.
Java 8 runtime is no longer supported
Surprisingly, it was still possible to execute the SonarScanner for Maven just using a Java 8 runtime. Java 8 is no longer supported, so we will drop its support with version 4.0.
For people building Java 8 code and who want to keep the scan command running with the same Java runtime, you will have to update your command like this:
mvn clean verify sonar:sonar
to
mvn clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594:sonar
Please note that Java 11 can still be used as the runtime to scan projects against SonarQube 9.9 LTS. However, the next SonarQube LTS (10.x), will require users to migrate to a Java 17 runtime for their analyses.
Alex