SonarLint is one tool I gravitate towards – inline analysis of my code in Eclipse. I have finally broken down and investigated using Sonarcube with maven – the heavy weight tool for evaluating code. It’s exciting.
You need to pull your sonarqube docker. You can find more details at https://hub.docker.com/_/sonarqube/?tab=description
:~/my-repo$ docker pull sonarqube Using default tag: latest latest: Pulling from library/sonarqube b8f262c62ec6: Pull complete 377e264464dd: Pull complete bde67c1ff89f: Pull complete 6ba84ddbf1b2: Pull complete ee22adb378a6: Pull complete 41d339c20e4f: Pull complete 25c2c6b7a1f3: Pull complete 4b36ae3e85ab: Pull complete 1062305937e9: Pull complete Digest: sha256:032ae6e1021533a3731d5c6c0547615dea8d888dcec58802f8db3a9bd6f26237 Status: Downloaded newer image for sonarqube:latest docker.io/library/sonarqube:latest
Start the container with a localhost hostname using
--hostname localhost.
$ docker run --hostname localhost -d --name sonarqube -p 9000:9000 sonarqube
d2c698884d4d01a527afd8f2231fcb6bbd514c5ed7c56d2dc3f7f7a758b4977d
Now, that sonarcube ist started, you can execute maven to generate the report.
mvn clean verify jacoco:report-aggregate sonar:sonar -Dsonar.host.url=http://localhost:9000 -f my-parent/pom.xml -DskipTests -pl '!../my-big-model/'
Once you execute the maven goals, you don’t want to see any ‘SKIPPED’. If you do, you should add clean and verify to the goals you send to maven.
[INFO] Analysis total time: 59.857 s [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary for My-Project: [INFO] [INFO] my-maven-parent ...................... SUCCESS [01:01 min] [INFO] my-maven-project .......................................... SUCCESS [ 1.193 s] [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 01:34 min [INFO] Finished at: 2019-09-15T13:24:10-04:00 [INFO] ------------------------------------------------------------------------
For each project in the output, you see details about the execution, check to see that there are no WARNING or ERROR. If there are, you should check out some of the troubleshooting I did (at the end.)
[INFO] ------------- Run sensors on module my-maven-project [INFO] Sensor JavaSquidSensor [java] [INFO] Configured Java source version (sonar.java.source): 8 [INFO] JavaClasspath initialization [INFO] JavaClasspath initialization (done) | time=1ms [INFO] JavaTestClasspath initialization [INFO] JavaTestClasspath initialization (done) | time=0ms [INFO] Java Main Files AST scan [INFO] 1 source files to be analyzed [INFO] Java Main Files AST scan (done) | time=51ms [INFO] Java Test Files AST scan [INFO] 1/1 source files have been analyzed [INFO] 0 source files to be analyzed [INFO] 0/0 source files have been analyzed [INFO] Java Test Files AST scan (done) | time=1ms [INFO] Sensor JavaSquidSensor [java] (done) | time=65ms [INFO] Sensor JaCoCo XML Report Importer [jacoco] [INFO] Sensor JaCoCo XML Report Importer [jacoco] (done) | time=0ms [INFO] Sensor SurefireSensor [java] [INFO] parsing [/repo-folder/my-maven-project/target/surefire-reports] [INFO] Sensor SurefireSensor [java] (done) | time=1ms [INFO] Sensor JaCoCoSensor [java] [INFO] Sensor JaCoCoSensor [java] (done) | time=0ms [INFO] Sensor JavaXmlSensor [java] [INFO] 1 source files to be analyzed [INFO] Sensor JavaXmlSensor [java] (done) | time=5ms [INFO] 1/1 source files have been analyzed [INFO] Sensor HTML [web] [INFO] Sensor HTML [web] (done) | time=0ms [INFO] Sensor XML Sensor [xml] [INFO] 1 source files to be analyzed [INFO] Sensor XML Sensor [xml] (done) | time=4ms [INFO] 1/1 source files have been analyzed
Towards the end of the execution you see:
[INFO] ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard?id=my.group%3Amy-parent [INFO] Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report [INFO] More about the report processing at http://localhost:9000/api/ce/task?id=AW01-ot7J-mI0tW_q5b5
Checking the Report Processing I can see the successful result:

I can dig into the report tosee various recommendations and errors.

I can re-run and see the differences on demand. This tool is awesome.
Finally stop the container.
docker stop container d2c698884d4d01a527afd8f2231fcb6bbd514c5ed7c56d2dc3f7f7a758b4977d
Good luck, I hope this helps.
Troubleshooting
AST Out of Memory
If you see Exception in thread “Report about progress of Java AST analyzer” java.lang.OutOfMemoryError: Java heap space“, then set the memory boundaries
export SONAR_SCANNER_OPTS="-Xmx3062m -XX:MaxPermSize=512m -XX:ReservedCodeCacheSize=128m"
Exclude a Project
Out of Memory issue for specific projects, you can exclude them.
If you still see an issue use – -pl ‘!../my-big-model/’ to skip the offending project (specifically if you have a parent in a different folder.
Missing Class
If you see
[WARNING] Classes not found during the analysis : [com.mypackage.MyClass]
[INFO] Java Test Files AST scan (done) | time=25ms
make sure you have clean and verify in the the goal list (the byte code should exist) you can also use package and install
Alternatively, if you see…
[WARNING] The following dependencies could not be resolved at this point of
the build but seem to be part of the reactor:
[WARNING] o com.mygroup:my-jar:jar:4.0.0-SNAPSHOT (compile)
[WARNING] Try running the build up to the lifecycle phase “package”
Then make sure you could package – mvn clean package -f my-parent/pom.xml -DskipTests