Running a local Sonarqube with Docker


In order to get the Maven configuration of Sonar right, I wanted to have a local Sonarqube to test with. Using Docker, this is totally trivial. Run the Docker container You should already have Docker running on your local machine. Download the Sonarqube container from Docker Hub like this docker pull sonarqube After downloading, start the container via docker run -d --name sonarqube -p 9000:9000… [read more →]

Dependency convergence and the Maven enforcer plugin


Another great plugin for security and application stability is the Maven Enforcer plugin. You don't want to end up in JAR hell :) You can use the Enforcer plugin for the following tasks. Dependency convergence Requires that dependency version numbers converge. If a project has two dependencies, A and B, both depending on the same artifact, C, this rule will fail the build if A depends on a… [read more →]

Maven security plugins

There are two great plugins that help you make your applications built in Maven more secure. I have recently added them to some projects at work and it seems to work quite well. FindbugsSec You may have heard about Findbugs, it looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. FindbugsSec is a security plugin for… [read more →]