- Checkmarx Documentation
- SAST/SCA Integrations
- CI/CD Plugins
- SonarQube Plugin
- Configuring the SonarQube Plugin
- Configuring SonarQube for Multi Module Projects
Configuring SonarQube for Multi Module Projects
This section explains how to configure Sonar Maven and Sonar CLI to manage multi module projects using a SonarQube scanner.
Configuring Sonar Maven to Manage Multi Module Projects
This section explains how to set up the Sonar Maven to manage multi module projects using the SonarQube Maven scanner.
Navigate to the SonarQube Plugin folder at sonarqube-versionxx\extensions\plugins\.
Open pom.xml for the scanned project and add the section illustrated below.
<properties> <sonar.host.url>http://localhost:9000</sonar.host.url> <sonar.login>admin</sonar.login> <sonar.password>admin</sonar.password> </properties>
Parameter | Description |
---|---|
sonar.host.url | The Sonar Host URL |
sonar.login | The user name for SonarQube (admin by default) |
sonar.password | The password for SonarQube (admin by default) |
Notice
Make sure that the relevant multi-module project has already been scanned and that the results are logged on the CxSAST server.
Open a command line interface and enter mvn sonar:sonar.
Executing this command links the scanned multi-module project to a new SonarQube project and a new project page is created.
The name of the newly created project in SonarQube is the same name as for the multi modules project.
On the SonarQube project page, from Project Settings and select Checkmarx from the menu.
Define the relevant CxSAST server, user credentials and the relevant project on the CxSAST server that are linked to the same source.
For the Maven scanner, enter mvn sonar:sonar. This command retrieves CxSAST scan results to be displayed in CxSAST. The scan results can be reviewed on the SonarQube project page when opening the Issues tab.
Configuring Sonar CLI to Manage Module Projects
This section explains how to set up the Sonar CLI to manage multi module projects using the SonarQube Maven scanner.
Verify that SonarQube is up and running and that the Checkmarx plugin is located at sonarqube-versionxx\extensions\plugins\.
Add the following attribute to the basic command:
-Dsonar.java.binaries="path to the zip project we scanned.zip"
Review the SonarQube CLI scanner results by opening the Issues tab on the SonarQube project page. A SonarQube CLI scanner example illustrates a possible result:
cd C:\Users\rihank\Downloads\Multi" && "C:\Users\rihank\OneDrive - Checkmarx\Desktop\sonar\sonar-scanner-cli-4.3.0.2102-windows\sonar-scanner-4.3.0.2102-windows\bin\sonar-scanner.bat" -Dsonar.projectKey=Pmulti -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.java.binaries="C:\Users\rihank\Downloads\Multi.zip
Parameter | Description |
---|---|
Dsonar.java.binaries | The location path of the zip source of multi-modules project. |
Dsonar.projectKey | The SonarQube project name linked to the CxSAST server with specific project results. |