• Post Reply Bookmark Topic Watch Topic
  • New Topic

SonarQube plugin to analyse Maven project dependencies?  RSS feed

 
Sheriff
Posts: 4390
280
Clojure IntelliJ IDE Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to have a feature in SonarQube that will report interesting things about the dependencies configured in a multi-module Maven project. The first interesting thing I'd like to know about is whether a module is using any transitive dependencies through its dependency on another module. For example, you have 3 modules A, B, and C where A depends on B, and B depends on C. I'd like to have Sonar report usages where something in module A is relying on something in module C via its transitive dependency through module B without explicitly defining a direct dependency on module C.

Does that make sense? Does such a thing exist?
 
author & internet detective
Marshal
Posts: 38152
617
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim,
I''m reasonably sure that doesn't exist for SonarQube. Starting in version 5, they moved away from looking at dependencies and focused on languages. So you'd need a third party tool that publishes to Sonar. Which doesn't exist either as far as i know.

Why not just use Maven's dependency analyzer for this check? As shown here, it tells you about "Used undeclared dependencies found". You cna even set your build to fail on these issues. You'd need to run individual builds for the modules, but that is easy to do in any continuous integration tool.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!