Maven Plugin for Sputnik with Multi-Module Support
Clone or download

Maven Sonar Sputnik Integration

Maven Plugin for Sputnik with Multi-Module Support.

Together with Sputnik, Jenkins and Gerrit you can easily setup a pretested commit infrastructure for semi-automatic Code Reviews.

Build Status Maven Central

System Requirements

Plugin-Version Java Maven SonarQube
1.7 min. 7 min. 3.2.5 min. 4.5
1.8 min. 8 min. 3.2.5 min. 4.5


The following command can be used in conjunction with the Gerrit Trigger on Jenkins:

mvn de.mirkosertic.mavensonarsputnik:sputnik:1.8:sputnik 

The file contains authentication information to connect to Gerrit:<Gerrit host>
connector.path=<Gerrit context>
connector.port=<Gerrit port>
connector.username=<Gerrit username>
connector.password=<Gerrit password>
customsonar.configurationFile=<path to>

The file contains authentication information to connect to SonarQube:

# Only Required if you are not declaring SonarQube configuration in pom.xml
sonar.jdbc.url=<JDBC url to SonarQube database>
sonar.jdbc.driverClassName=<JDBC Driver>
sonar.jdbc.username=<Sonar username>
sonar.jdbc.password=<Sonar password><URL to Sonar Web UI>

JDBC Configuration is only required for Sonarqube 4.

Advanced Reporting

Mutation Testing

This plugin can integrate Mutation Testing results based on PITest in the review. To enable this, you also need to enable the PITest Reviewer in the file by adding the following line:


The PITest Plugin is automatically invoked.

OWASP Dependency Checks

This plugin also runs a OWASP Dependency Check in case of any changes at the Maven project configuration, hence if a pom.xml is part of the current patchset.

To enable the OWASP Dependency Reviewer in the file by adding the following line:


Automated Quality Feedback

The Maven plugin can add reports to the review comments. For instance, a SonarQube Plugin can generate a simple text file containing statistics about the submitted change and how it affects SonarQube metrics. This file is stored by the Plugin and can be read and added as a review comment.

Report embedding can be enabled by the following line in the file:

customsonar.additionalReviewCommentFiles=<comma separated list name of text file to embedd as review comment>

The reports must be stored in the SonarRunner working directory, project-root/.sonar.

An example Report can be generated using Sonar Delta Report Plugin.

Additional SonarQube Reports

SonarQube can generate HTML reports for a given PatchSet. To enable this feature, you have to

  • Install the Issues Reports Plugin
  • Add the following lines to your file:
# This are already the default values

SonarQube will place to files inside the .sonar/issues-report Directory of the workspace:

  • issues-report-light.html contains only the new introduced and removed issues of the PatchSet
  • issues-report.html contains all issues of the PatchSet

These Reports can be easily integrated using the Publish HTML Post Build Action of Jenkins