Keeping eyes on the codebase quality is vital for software projects to survive in the long run. Otherwise, sooner or later no developer wants to touch the code or at least part of it. The good news is there are plenty of awesome tools available to assist users. Often they are known as static code analyzers. They run analysis through the code and find code smells, bugs, and provide many other interesting insights. In this article, I cover how to configure Maven projects with one of the static code analyzer called SonarQube. SonarQube is one of the best available static code analyzers in the market. Above all, it has a free community edition. We learn how to integrate Maven with SonarQube analysis.
Learning outcome and assumptions
This article covers how to configure Maven projects to run and send SonarQube analysis. What I don’t cover here is how to configure a SonarQube instance itself. Based on that, I made a couple of assumptions:
- You have an instance of SonarQube up and running
- You have admin rights to generate a token or at least has a SonarQube token in hand
Maven integration with SonarQube
Let’s assume that we want maven to run all tests and then run the SonarQube analysis with a maven goal
. Something like:
$ mvn clean verify sonar:sonar
To do this we have to first add sonar-maven-plugin
and jacoco-maven-plugin
plugins to the project like this,
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
</plugin>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.6.0.1398</version>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.4</version>
</plugin>
</plugins>
</build>
Adding the above plugins add supports for sonar
maven goal.
The next step is to create a new profile called coverage
in which it sends the analytics to the SonarQube server,
<profiles>
<profile>
<id>coverage</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<executions>
<execution>
<id>prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
<execution>
<id>report</id>
<goals>
<goal>report</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
We also can fill the details of the SonarQube such as server URL or token under properties
of the profile but to avoid hardcoding anything to the codebase, we better pass them when running the maven goal.
Then we can run the project as below:
$ mvn clean verify sonar:sonar -Dsonar.host.url=${SONAR_HOST} -Dsonar.login=${SONAR_TOKEN} -Dsonar.projectKey=${SONAR_PROJECT_KEY}
We just need to set SonarQube host
, token
and project key
environment variables beforehand. They can be set in CI instance, Jenkins for instance. If you want to know more about Maven and Jenkins integration have a look at my Continuous Integration with Spring Boot, Maven, GitHub, and Jenkins article.
Additionally, we can run the project using coverage
profile.
$ mvn clean verify -Pcoverage
That’s all for this article. If you are interested to know about SonarCloud (SonarQube SaaS version) configuration on Travis CI, have a look at my Eris project configuration on GitHub,
https://github.com/kasramp/Eris
Inline/featured images credits
- SonarQube logo on SonarQube
- Maven logo Wikimedia
- Bug background image by testbytes on Pixabay