SonarScanner CLI

The SonarScanner CLI is the scanner to use when there is no specific scanner for your build system.

Installation

  • Expand the downloaded file into the directory of your choice. We'll refer to it as $install_directory in the next step.
  • Add the $install_directory/bin directory to your path.
  • Verify your installation by opening a new shell and executing the command sonar-scanner -h(sonar-scanner.bat -h on Windows). You should get output like this: 
usage: sonar-scanner [options]

Options:
  -D,--define <arg>     Define property
  -h,--help             Display help information
  -v,--version          Display version information
  -X,--debug            Produce execution debug output

If you need more debug information you can add one of the following to your command line: 

-X--verbose, or -Dsonar.verbose=true.

Use

  • Create a configuration file in the root directory of the project: sonar-project.properties
# Organization and project keys are displayed in the right sidebar of the project homepage
sonar.organization=my_organization
sonar.projectKey=my_project
sonar.host.url=https://sonarcloud.io

# --- optional properties ---

# defaults to project key
#sonar.projectName=My project
# defaults to 'not provided'
#sonar.projectVersion=1.0

# Path is relative to the sonar-project.properties file. Defaults to .
#sonar.sources=.

# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
  • Set the environment variable SONAR_TOKEN with the personal access token generated on My account > Security > Generate Tokens. Note that the token can also be set through the command line argument -Dsonar.login.
  • Run the command sonar-scanner, or sonar-scanner.bat on Windows, from the project base directory to run the analysis.

Sample projects

To help you get started, simple project samples are available for most languages on GitHub. They can be browsed or downloaded.

Alternatives to the sonar-project.properties file

If the sonar-project.properties file cannot be created in the root directory of the project, the alternatives are:

  • The properties can be specified directly through the command line. Ex:
sonar-scanner -Dsonar.organization=my_organization -Dsonar.projectKey=my_project -Dsonar.sources=src
  • The property project.settings can be used to specify the path to the project configuration file (this option is incompatible with the 
sonar.projectBaseDir

 property). Ex: sonar.projectBaseDir

  • The root folder of the project to analyze can be set through the sonar.projectBaseDir property. This folder must contain a sonar-project.properties file if sonar.projectKey is not specified on the command line. Additional analysis parameters can be defined in this project configuration file or through command line parameters.

Alternate analysis directory

If the files to be analyzed are not in the directory where the analysis starts from, use the sonar.projectBaseDir property to move analysis to a different directory. E.G. analysis begins from jenkins/jobs/myjob/workspace but the files to be analyzed are in ftpdrop/cobol/project1.

sonar.projectBaseDir=/home/ftpdrop/cobol/project1
sonar.sources=src
sonar.cobol.copy.directories=/copy
For more, see the listing of analysis parameters.

Troubleshooting

Java heap space error or java.lang.OutOfMemoryError Increase the memory via the SONAR_SCANNER_OPTS environment variable:

export SONAR_SCANNER_OPTS="-Xmx512m"

On Windows environments, avoid the double-quotes, since they get misinterpreted and combine the two parameters into a single one.

set SONAR_SCANNER_OPTS=-Xmx512m

Unsupported major.minor version Upgrade the version of Java being used for analysis or use one of the native package (that embed its own Java runtime).

Property missing: sonar.cs.analyzer.projectOutPaths. No protobuf files will be loaded for this project. SonarScanner is not able to analyze .NET projects. Please use the Scanner for MSBuild.

© 2008-2022, SonarCloud by SonarSource SA. All rights reserved.