How to integrate Maven with SonarQube

Keeping eyes on the codebase quality is vital for software projects to survive in the long run. Otherwise, sooner or later no developer wants to touch the code or at least part of it. The good news is there are plenty of awesome tools available to assist users. Often they are known as static code analyzers. They run analysis through the code and find code smells, bugs, and provide many other interesting insights. In this article, I cover how to configure Maven projects with one of the static code analyzer called SonarQube. SonarQube is one of the best available static code analyzers in the market. Above all, it has a free community edition. We learn how to integrate Maven with SonarQube analysis.

Learning outcome and assumptions

This article covers how to configure Maven projects to run and send SonarQube analysis. What I don’t cover here is how to configure a SonarQube instance itself. Based on that, I made a couple of assumptions:

  • You have an instance of SonarQube up and running
  • You have admin rights to generate a token or at least has a SonarQube token in hand

Maven integration with SonarQube

Let’s assume that we want maven to run all tests and then run the SonarQube analysis with a maven goal. Something like:

$ mvn clean verify sonar:sonar

To do this we have to first add sonar-maven-plugin and jacoco-maven-plugin plugins to the project like this,

<build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-compiler-plugin</artifactId>
            <version>3.8.1</version>
        </plugin>
        <plugin>
            <groupId>org.sonarsource.scanner.maven</groupId>
            <artifactId>sonar-maven-plugin</artifactId>
            <version>3.6.0.1398</version>
        </plugin>
        <plugin>
            <groupId>org.jacoco</groupId>
            <artifactId>jacoco-maven-plugin</artifactId>
            <version>0.8.4</version>
        </plugin>
    </plugins>
</build>

Adding the above plugins add supports for sonar maven goal.

The next step is to create a new profile called coverage in which it sends the analytics to the SonarQube server,

<profiles>
    <profile>
        <id>coverage</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <build>
            <plugins>
                <plugin>
                    <groupId>org.jacoco</groupId>
                    <artifactId>jacoco-maven-plugin</artifactId>
                    <executions>
                        <execution>
                            <id>prepare-agent</id>
                            <goals>
                                <goal>prepare-agent</goal>
                            </goals>
                        </execution>
                        <execution>
                            <id>report</id>
                            <goals>
                                <goal>report</goal>
                            </goals>
                        </execution>
                    </executions>
                </plugin>
            </plugins>
        </build>
    </profile>
</profiles>

We also can fill the details of the SonarQube such as server URL or token under properties of the profile but to avoid hardcoding anything to the codebase, we better pass them when running the maven goal.

Then we can run the project as below:

$ mvn clean verify sonar:sonar -Dsonar.host.url=${SONAR_HOST} -Dsonar.login=${SONAR_TOKEN} -Dsonar.projectKey=${SONAR_PROJECT_KEY}

We just need to set SonarQube host, token and project key environment variables beforehand. They can be set in CI instance, Jenkins for instance. If you want to know more about Maven and Jenkins integration have a look at my Continuous Integration with Spring Boot, Maven, GitHub, and Jenkins article.

Additionally, we can run the project using coverage profile.

$ mvn clean verify -Pcoverage

That’s all for this article. If you are interested to know about SonarCloud (SonarQube SaaS version) configuration on Travis CI, have a look at my Eris project configuration on GitHub,
https://github.com/kasramp/Eris

Inline/featured images credits