Search code examples
mavensonarqubefindbugscheckstylecobertura

Maven sonar plugin configurations for findbugs pmd checkstyle cobertura

I need some help in setting up code quality plugin for maven project.
I have a multi module project. While I have configured pmd, checkstyle, findbugs and cobertura in my build process, and I can generate xml reports for each plugin, I am facing some challenges configuring the sonar plugin in my project.

I am not sure how to approach this problem:

  1. Should I reuse the reports generated by these plugins while executing sonar? if so what should my sonar plugin configuration be?
  2. If I run sonar with embedded pmd, checkstyle, findbugs and cobertura plugins, how do I configure them to run only for specific packages or make findbugs analyze on com.mycompany.- structure.
  3. Lastly I cannot get coverage report in sonar, either running cobertura external to sonar or within sonar.

I have my pom below for review. Any help will be tremendously appreciated.

This is in the plugins section of the build section in my root pom:

<plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>cobertura-maven-plugin</artifactId>
            <version>2.5.1</version>
            <configuration>
                <instrumentation>
                    <includes>
                        <include>com/mycompany/**/*.class</include>
                    </includes>                 
                </instrumentation>
                <formats>
                    <format>xml</format>
                </formats>
            </configuration>                
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-pmd-plugin</artifactId>
            <version>2.7.1</version>
            <configuration>
                <sourceEncoding>utf-8</sourceEncoding>
                <minimumTokens>100</minimumTokens>
                <targetJdk>1.6</targetJdk>
                <includes>
                    <include>com/mycompany/**/*.java</include>                      
                </includes>
                <excludeRoots>
                    <excludeRoot>target/generated-sources/*</excludeRoot>
                </excludeRoots>
            </configuration>
        </plugin>   
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <onlyAnalyze>com.mycompany.-</onlyAnalyze>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-checkstyle-plugin</artifactId>
            <version>2.9.1</version>
            <configuration>
                <includes>com/mycompany/**/*.java</includes>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>sonar-maven-plugin</artifactId>
            <version>2.0</version>
        </plugin>
Solution

  • 1) should I reuse the reports generated by these plugins while executing sonar? if so what should my sonar plugin configuration be?

    Sonar does not provide a mechansim to reuse reports generated by these plugins. You could configure the rules through the quality profiles.

    2) if I run sonar with embedded pmd, checkstyle, findbugs and cobertura plugins, how do I configure them to run only for specific packages or make findbugs analyze on "com.mycompany.-" structure.

    Sonar web UI allows you to specify the exclusion for your findbugs filters. Likewise for cobertura. Not sure about pmd, checkstyle.

    3) lastly i cannot get coverage report in sonar, either running cobertura external to sonar or within sonar.

    It could be possible due to jacoco being the default code coverage engine. You could run mvn clean verify/install sonar:sonar as instructed and see if it works.