this code review tool has cost me much time, due to the poor documentation of sonar, and actually wrong documentaion.
1. the command should be “mvn sonar3:sonar” instead of “mvn sonar:sonar”. the latter would download sonar-maven-plugin-2.0-beta, which would always display the class missing/ class not accessible through classloader exception. the former command would instead download and install sonar-maven-plugin-2.4.1, which is the latest version, using which, the can be utilized locating the needed library jars.
2.there are some checkstyle, pmd null pointer exceptions, this is due to the configuration of each. something like single regexp setting, even though its default value is “^$”, however, specify this explicitly or not, makes a null pointer exception difference. which again proves, sth wrong with the sonar, or the plugin.
3. there are plugins to generate pdf report, sonar-pdfreport-plugin-1.2.jar
4. there are plugins to analyze the jsp, html files, sonar-web-plugin-1.0.2.jar. (however, Please note you can run sonar analysis for an artefact in only one language (SONAR-926). So you cannot run a web analysis and a java analysis on the same maven project. The fix is to make a separate maven pom for the web project with a different name. )