Target folder analyzed when running mvn clean verify sonar:sonar
878 views
Skip to first unread message
David Racodon
Nov 19, 2015, 5:52:39 AM11/19/15
to SonarQube
Hi,
Thank you
Regards,
Investigating why I was getting hundreds of new issues that were actually not new issues on my pull requests (via the SonarQube Stash plugin), I found out that the sonar-report.json file contains issues on files that should not be analyzed (target/generated/sources in my case) when I run:
mvn -B clean verify org.codehaus.mojo:sonar-maven-plugin:2.6:sonar -DskipTests -Dsonar.analysis.mode=incremental
But when I run:
mvn -B clean install -DskipTestsmvn -B org.codehaus.mojo:sonar-maven-plugin:2.6:sonar -Dsonar.analysis.mode=incremental
I get the expected sonar-report.json file (no issues raised on files that should not be analyzed).
Why is that? Because, according to http://docs.sonarqube.org/display/SONAR/Analyzing+with+SonarQube+Scanner+for+Maven#AnalyzingwithSonarQubeScannerforMaven-AnalyzingaMavenProject, both commands are supposed to output the same results, aren't they?
Thank you
Regards,
Julien HENRY
Nov 19, 2015, 6:33:44 AM11/19/15
to SonarQube
Hi David,
This is not written that both command are supposed to return same results :)
The single command line way is more correct from a Maven point of view since SonarQube plugin will be able to "see" all source folders (including the one added dynamically by other plugins during generate-source phase for example).
In the two command line way, mvn sonar:sonar will only see "default" source folders.
The Maven model do not make distinction for generated code, so you have to manually tell SQ to exclude your generated code. Another option would be to add a default exclusion on target/** or maybe hardcode to exclude **/*generated*/** but I'm a bit afraid of the possible consequences.
++
Julien
David Racodon
Nov 19, 2015, 6:57:22 AM11/19/15
to Julien HENRY, SonarQube
Hi Julien,
Thanks a lot for your quick reply! I now better understand the behavior.
Even if it is mostly related to Maven, don't you think that it would be worth updating the documentation with your explanations about what source code directories are taken into account by SonarQube in both cases?
Thank you
Regards,
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/820f2811-3d82-4d69-a0a6-2ce8fe03b29e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Julien HENRY
Nov 19, 2015, 7:07:39 AM11/19/15
to David Racodon, SonarQube
Documentation slightly updated :)
0 new messages