• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

SonarQube plugin to analyse Maven project dependencies?  RSS feed

 
Sheriff
Posts: 4562
286
Clojure IntelliJ IDE Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would like to have a feature in SonarQube that will report interesting things about the dependencies configured in a multi-module Maven project. The first interesting thing I'd like to know about is whether a module is using any transitive dependencies through its dependency on another module. For example, you have 3 modules A, B, and C where A depends on B, and B depends on C. I'd like to have Sonar report usages where something in module A is relying on something in module C via its transitive dependency through module B without explicitly defining a direct dependency on module C.

Does that make sense? Does such a thing exist?
 
author & internet detective
Posts: 38906
684
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim,
I''m reasonably sure that doesn't exist for SonarQube. Starting in version 5, they moved away from looking at dependencies and focused on languages. So you'd need a third party tool that publishes to Sonar. Which doesn't exist either as far as i know.

Why not just use Maven's dependency analyzer for this check? As shown here, it tells you about "Used undeclared dependencies found". You cna even set your build to fail on these issues. You'd need to run individual builds for the modules, but that is easy to do in any continuous integration tool.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!