SonarQube Official Doc Link: https://docs.sonarqube.org/display/SONAR/Analysis+Parameters
Parameters to configure project analysis can be set in multiple places. Here is the hierarchy of parameters:
- Global analysis parameters, defined in the UI, apply to all the projects (From the top bar, go to Settings > General Settings)
- Project analysis parameters, defined in the UI, override global parameters (At a project level, go to Configuration > Settings)
- Project analysis parameters, defined in a project analysis configuration file or an analyzer configuration file, override the ones defined in the UI
- Analysis / Command line parameters, defined when launching an analysis, override project analysis parameters
Note that only parameters set through the UI are stored in the database.
For example, if you override the sonar.exclusions parameter via command line for a specific project, it will not be stored in the database. Local analyses in Eclipse, for example, would still be executed with the exclusions defined in the UI and therefore stored in the DB.
Note that the list of parameters below is not exhaustive. The property keys shown in the interface, at both global and project levels, can also be set as analysis parameters.
Mandatory Parameters
Server
Key | Description | Default value |
|---|---|---|
sonar.host.url | Server URL | http://localhost:9000 |
Project Configuration
Key | Description | Default value |
|---|---|---|
sonar.projectKey | The project key that is unique for each project. When using Maven, it is automatically set to | |
sonar.sources | Comma-separated paths to directories containing source files. |
Optional Parameters
Project identity
Key | Description | Default value |
|---|---|---|
sonar.projectName | Name of the project that will be displayed on the web interface. |
|
sonar.projectVersion | The project version. | "not provided" |
Authentication
If Anyone does not have permission to perform analyses, you'll need to supply the credentials of a user with Execute Analysis permission for the analysis to run under.
Key | Description | Default value |
|---|---|---|
sonar.login | The login or authentication token of a SonarQube user with Execute Analysis permission. | |
sonar.password | The password that goes with the sonar.login username. This should be left blank if an authentication token is being used. |
Web Services
Key | Description | Default value |
|---|---|---|
sonar.ws.timeout | Maximum time to wait for the response of a Web Service call (in seconds) | 60 |
Project Configuration
Key | Description | Default value |
|---|---|---|
sonar.projectDescription | The project description. | |
sonar.links.homepage | Project home page Not compatible with Maven, which uses the <url> attribute. | |
| Continuous integration Not compatible with Maven, which uses the <ciManagement><url> attribute. | ||
sonar.links.issue | Issue tracker Not compatible with Maven, which uses the <issueManagement><url> attribute. | |
sonar.links.scm | Project sources Not compatible with Maven, which uses the <scm><url> attribute. | |
sonar.links.scm_dev | Developer connection Not compatible with Maven, which uses the <scm><developerConnection> attribute. | |
sonar.tests | Comma-separated paths to directories containing tests. | |
| Set the language of the source code to analyze. Browse the Plugin Library page to get the list of all available languages. If not set, a multi-language analysis will be triggered. |
|
| Set the source file encoding. Encoding of source files. Example of values: UTF-8, MacRoman, Shift_JIS. This property can be replaced by the standard property The list of available encodings depends on your JVM. See http://docs.oracle.com/javase/1.5.0/docs/guide/intl/encoding.doc.html (column : Canonical Name for java.nio API) | System encoding |
| Assign a date to the analysis. Note: This parameter is applicable to a few, special use cases, rather than being an "every day" parameter:
To answer those use cases, you can use the sonar.projectDate property. The format is The process is the following:
Since you cannot perform an analysis dated prior to the most recent one in the database, you must analyze your versions in chronological order, oldest first.  Note: You may need to adjust your housekeeping settings if you wish to create a long-running history. | Current date |
| Manage SCM branches. If you are a user of Developer Cockpit, please see "Limitation" section in the Developer Cockpit Installation and Usage |
|
| This property is deprecated since SQ 4.5 LTS (see | Default profile for the given language |
| Use this property when you need analysis to take place in a directory other than the one from which it starts. E.G. analysis begins from jenkins/jobs/myjob/workspace but the files to be analyzed are in ftpdrop/cobol/project1. The path may be relative or absolute. Specify not the the source directory, but some parent of the source directory. The value specified here becomes the new "analysis directory", and other paths are then specified as though the analysis were starting from the new Note that the analysis process will need write permissions in this directory; it is where the | |
sonar.working.directory | Set the working directory for an analysis triggered with the SonarQube Scanner or the SonarQube Ant Task (versions greater than 2.0). Path must be relative and unique for each project. Beware: the specified folder is deleted before each analysis. | .sonar |
sonar.scm.provider | This property can be used to explicitly tell SonarQube which SCM plugin should be used to grab SCM data on the project (in case auto-detection does not work). The value of this property is always lowercase and depends on the plugin (ex. "tfvc" for the TFVC plugin). Check the documentation page of each plugin to know more. | |
sonar.scm.forceReloadAll | By default, blame information is only retrieved for changed files. Set this property to true to load blame information for all files. This can be useful is you feel that some SCM data is outdated but SonarQube does not get the latest information from the SCM engine. | false |
Exclusions / Inclusions
See Narrowing the Focus to:
- Exclude files from analysis
- Prevent some files from being checked for duplications
- Prevent some files from being taken into account for code coverage by unit tests and integration tests
- Ignore issues on certain components and against certain coding rules
Key | Description | Default value |
|---|---|---|
sonar.inclusions | Comma-delimited list of file path patterns to be included in analysis. When set, only files matching the paths set here will be included in analysis. | |
sonar.exclusions | Comma-delimited list of file path patterns to be excluded from analysis. | |
sonar.coverage.exclusions | Comma-delimited list of file path patterns to be excluded from coverage calculations | |
sonar.test.exclusions | Comma-delimited list of test file path patterns to be excluded from analysis. | |
sonar.test.inclusions | Comma-delimited list of test file path patterns to be included in analysis. When set, only test files matching the paths set here will be included in analysis. | |
sonar.issue.ignore.allfile | Files containing text matching this regular expression will be ignored by analysis. | |
sonar.import_unknown_files | If set to true, all files are imported - with respect to inclusions and exclusions, even if there is no matching language plugin installed. | false |
sonar.cpd.exclusions | Comma-delimited list of file path patterns to be excluded from duplication detection |
Duplications
| Key | Description | Default value |
|---|---|---|
sonar.cpd.exclusions | (see the Exclusions/Inclusions section) | |
sonar.cpd.${language}.minimumtokens | A piece of code is considered duplicated as soon as there are at least 100 duplicated tokens in a row (overide with sonar.cpd.${language}.minimumTokens) spread on at least 10 lines of code (override with sonar.cpd.${language}.minimumLines). For Java projects, a piece of code is considered as duplicated when there is a series of at least 10 statements in a row, regardless of the number of tokens and lines. This threshold cannot be overridden. | 100 |
sonar.cpd.${language}.minimumLines | 10 |
Analysis Logging
Key | Description | Default value |
|---|---|---|
sonar.log.level | Control the quantity / level of logs produced during an analysis. DEBUG: TRACE: | INFO |
sonar.verbose | Add more detail to both client and server-side analysis logs.
| false |
sonar.showProfiling | Display logs to see where the analyzer spends time. This parameter is generating a file containing these timing infos in
| false |
sonar.scanner.dumpToFile | Outputs to the specified file the full list of properties passed to the scanner API as a means to debug analysis. |
Parameters specific to Integration
Those parameters are listed here for completeness of this documentation page - but regular users should not have to worry about them because they mainly target integration use cases.
Key | Description |
|---|---|
sonar.analysis.mode | This parameter is set to |
