Code analysis with SonarQube Scanner for Maven

In the previous tutorial, I showed you how to use SonarQube Scanner to analyze code. The downside of this way is that we have to download and install SonarQube Scanner. You can use SonarQube Scanner for Maven to reduce the need to download and install this SonarQube Scanner. This is also what SonarQube recommends to us if we are working with a Maven project. Specifically, how to configure and analyze code with SonarQube Scanner for Maven? We will find out together in this tutorial!

Create a new project in SonarQube Server

We do not need to declare the information about the project we need to analyze in the file anymore. You can log in to the SonarQube server, then click Create Project, then select Manually:

You can also choose More if you want to create a new project from VCS providers!


Please fill in the information about the Project display name and Project key according to your needs. In this tutorial, as an example, I will use the example project in the tutorial Binding variables in URI request to method’s parameters using @PathVariable annotation in Spring MVC. I will declare the Project display name as “Spring MVC PathVariable” and the Project key as “spring_mvc_pathvariable”, actually, the Project key can automatically generate according to the Project display name. Then click the Set Up button, you will see the configuration page for the project displayed as follows:

There are many options for SonarQube Server to get the source code to scan as above. In this example, I will choose Locally to use the source code on my computer!

Similar to the tutorial Analyze code with SonarQube Scanner, we need to use user token information to authenticate with SonarQube Server every time we run a code scan. Please enter the token name you want, then click the Generate button, you will see the following results:

Click Continue to continue!

I will choose Maven for the example of this tutorial, you will see the following results:

Copy the command on this page to prepare to scan the code!

Analyze code

To scan the code, open Terminal on Linux or macOS or Console on Windows, go to the project folder, execute the command that we just copied above, you will see the following results:

Reopen the SonarQube server, you will see the following results:

So we have successfully scanned! Click on the project to see the details!

Add Comment