An sbt plugin which provides an easy way to integrate Scala projects with SonarQube - a tool for continuous code inspection and quality management
This plugin is particularly useful when used together with sbt-release for an automated release process in your project, but it can be also used without sbt-release.
- sbt 0.13.5+ or 1.0+
- Scala 2.11/2.12
- SonarQube server - see my sonar-scala-docker repository, which provides a docker-compose recipes and a docker images for out-of-the-box SonarQube instance with support for Scala, Scoverage (code coverage metrics), Scalastyle and Scapegoat (static code analysis). Alternatively, see the instructions for manual installation.
To install this plugin in your project, add the following to your
addSbtPlugin("com.github.mwz" % "sbt-sonar" % "2.0.0")
You can define your project properties either in the external config file
sonar-project.properties, which should be located in the root directory of your project as explained in SonarQube Scanner guide or directly in sbt. By default, the plugin expects the properties to be defined in the
sonarProperties setting key in sbt, which comes with the following set of predefined properties:
- sonar.projectName - your project name defined in the
namesbt setting key
- sonar.projectKey - your project name transformed into a lowercase and dash-separated value
- sonar.sourceEncoding - UTF-8
- sonar.sources - default Scala source directory relative to the root of your project (usually
src/main/scala, uses the value of
scalaSource in Compiledefined by sbt)
- sonar.tests - default Scala tests directory relative to the root of your project (usually
src/test/scala, uses the value of
scalaSource in Testdefined by sbt)
- sonar.scala.version - defines the version of Scala used in your project (i.e.
- sonar.scala.scoverage.reportPath - relative path to the scoverage report (e.g.
- sonar.scala.scapegoat.reportPath - relative path to the scapegoat report (e.g.
If you wish to add more properties to the existing config e.g. to configure your Sonar plugins or set up a multi-module project, use the
++= operator, e.g.:
import sbtsonar.SonarPlugin.autoImport.sonarProperties sonarProperties ++= Map( "sonar.host.url" -> "https://your-sonarqube-server.com", "sonar.sources" -> "src/main/scala", "sonar.tests" -> "src/test/scala", "sonar.modules" -> "module1,module2", "module1.sonar.projectName" -> "Module 1", "module2.sonar.projectName" -> "Module 2" ... )
To overwrite the entire config provided by default, use the
:= operator, e.g.:
import sbtsonar.SonarPlugin.autoImport.sonarProperties sonarProperties := Map( "sonar.host.url" -> "https://your-sonarqube-server.com", "sonar.projectName" -> "Project Name", "sonar.projectKey" -> "project-name", "sonar.sources" -> "src/main/scala", "sonar.tests" -> "src/test/scala", "sonar.junit.reportPaths" -> "target/test-reports", "sonar.sourceEncoding" -> "UTF-8", "sonar.scala.scoverage.reportPath" -> "target/scala-2.12/scoverage-report/scoverage.xml", "sonar.scala.scapegoat.reportPath" -> "target/scala-2.12/scapegoat-report/scapegoat.xml" ... )
To use the external
sonar-project.properties file instead, you can set the
import sbtsonar.SonarPlugin.autoImport.sonarUseExternalConfig sonarUseExternalConfig := true
Execute SonarQube scan
To run SonarQube analysis, execute the
sonarScan sbt task in your project. Depending on the configuration option you have chosen, the plugin will update the
sonar.projectVersion property to your current project version either in
sonar-project.properties file or in the
sonarProperties in sbt config and it will run the SonarQube scan printing the progress to sbt console.
Also, you can overwrite/set sonarProperties via system properties (java options) when you execute
sonarScan command, e.g.:
sbt -Dsonar.projectName=MyProjectName sonarScan
Please remember to set the
sonar.host.url property before you execute the analysis. You can do that either by adding it to the
sonarProperties settings in sbt (as shown in the examples above), or you can set it via a system property, e.g.:
sbt -Dsonar.host.url=https://your-sonarqube-server.com sonarScan
This plugin can be also easily used with sbt-release by wrapping the
sonarScan task in a
releaseStepTask in the following way:
import sbtsonar.SonarPlugin.autoImport.sonarScan releaseProcess := Seq[ReleaseStep]( ... releaseStepCommand("coverageOn"), releaseStepTask(test), releaseStepCommand("coverageOff"), releaseStepTask(coverageReport), releaseStepTask(scapegoat), releaseStepTask(sonarScan), ... )
It is possible to make the plugin call through to a standalone sonar-scanner executable, if that's what you prefer, for any reasons. This was the default behaviour before version 2.0 and in case you experience any issues with 2.x, you can fall back to using the standalone mode.
In order to do that, you need to have the sonar-scanner installed on your CI server or locally, if you intend to run the analysis on your machine. You also need to make sure you have defined the
SONAR_SCANNER_HOME environmental variable, or
sonarScanner.home system property, and updated the global settings in
$SONAR_SCANNER_HOME/conf/sonar-scanner.properties to point to your SonarQube instance (you can also do that by setting the
sonar.host.url via system properties, as shown above).
To enable the fallback mode set the
sonarUseSonarScannerCli seting to
import sbtsonar.SonarPlugin.autoImport.sonarUseSonarScannerCli sonarUseSonarScannerCli := true
Please see src/sbt-test directory for some example projects.
- 2.0.0 - Use an embedded sonar-scanner (#34)
🎊. This version removes the dependency on having the standalone sonar-scanner-cli installed. To upgrade from 1.x please define the
sonar.host.urlproperty explicitly before running the
sonarScantask (see the Execute SonarQube section for more details). If you want to fallback to the default behaviour from 1.x, which makes the plugin call through to the standalone sonar-scanner, you can set the
true(see the Fallback mode section for more details).
- 1.7.0 - Renamed deprecated
- 1.6.0 - Set automatically the
- 1.5.0 - Allow sbt-sonar to run on Windows (#16).
- 1.4.0 - Set automatically the
- 1.3.0 - Allow to set sonar properties via system properties (#7).
- 1.2.0 - Use
SONAR_SCANNER_HOME/binfor lookup of the sonar-scanner executable (#4).
- 1.1.0 - Search for
sonar-scannerhome directory in system properties (
SONAR_SCANNER_HOMEenvironmental variable is not defined (#1).
- 1.0.0 - Support for sbt 1.0
💪default scoverage and scapegoat report paths added automatically to the
sonarPropertiesconfig; added unit and sbt tests.
- 0.3.1 - Updated the scope of
scalaSourcesetting key to resolve scoping ambiguity with some other plugins.
- 0.3.0 - Defined a set of default project settings in the
- 0.2.0 - Added the ability to define sonar project properties directly in sbt.
- 0.1.0 - First release of the plugin!
The project is licensed under the Apache License v2. See the LICENSE file for more details.