When to use sonar-scanner CLI versus SonarScanner plugin available with build tool’s like Maven,Gradle. etctera..?

Must-share information (formatted with Markdown):

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

Version: 8.3.1.34397 ( Community Edition)

• what are you trying to achieve
  Static code analysis Via Jenkins Pipeline

• what have you tried so far to achieve this

Hi,

I am new to sonarqube tool. Can someone please help me understand.

When to use sonar-scanner CLI versus SonarScanner plugin available with build tool’s like Maven,Gradle. etctera…?

Also, Will the final analysis report from both approaches will it be same?

Please help me understand.

Thanks in Advance

Hi Yeshwanth,

Welcome to the SonarSource Community!

You should always use the Maven/Gradle/Ant scanner for Java analysis (assuming you are using one of those build technologies) as it makes configuration much easier and access to corresponding binaries and dependent libraries is required. Using the CLI scanner, you’ll need to configure a lot of parameters that are already known as part of the Maven/Gradle/Ant build.

Note that you must use the Scanner for MSBuild if you are analyzing .NET projects.

Brian

Hi Brian,

The only reason I am leaning more towards CLI scanner is due to in our repositories we have multi-language code. If I use the SonarScanner for maven, that wouldn’t scan the other programming language files. Is that Correct?

Instead If I use the CLI Scanner that would scan the whole source code files once the repo is checked out during Jenkins Build job.

Do you have any other recommendation for our use case?

Thanks
Yeshwanth

Hi Yeshwanth,

As long as those files are in the source path, they will be picked up and scanned by the Maven scanner.

Brian