# Usage

## Generate a Meterian JSON report with

Through the Meterian scanner of choice generate a JSON report for your sonar project by launching a scan in the source code folder.

[*Thin client scanner*](/the-client/client.md) *example*

```
$ java -Dcli.param.report.tree.included=true -jar /tmp/meterian-cli.jar --report-json=report.json
```

[*Dockerized client scanner*](/the-client/the-meterian-client-dockerized.md) *example*

```
$ meterian-docker --report-json=report.json --flags:cli.param.report.tree.included=true
```

{% hint style="info" %}
Note: in both examples we are requesting the scanner to generate a JSON report including the dependency tree of the project via the flag `cli.param.report.tree.included=true`. This is done so that the plugin is capable of showing issues for transitive dependencies.\
\
If you are generating the JSON report on a pipeline it is recommended to enable the inclusion of the tree in the report via the `--flags` operator as shown in the example above. For documentation specific to the `--flags`  operator, please refer to [this page](/the-client/command-line-parameters/specific-controls.md).
{% endhint %}

## Import the Meterian findings in SonarQube

To import the Meterian findings in SonarQube, analyze your project via a [SonarScanner](https://docs.sonarsource.com/sonarqube/latest/analyzing-source-code/overview/) that is suitable to your it (SonarQube provides a set of scanners dedicated to specific programming languages). The example below uses the generic scanner (suitable for scanning JS, TS, Go, Python, PHP and more).

```
$ sonar-scanner -Dsonar.login=YOUR_TOKEN \
                -Dsonar.projectKey=PROJECT_UNIQUE_KEY \
                -Dsonar.meterian.reportJsonPath=PATH_TO_REPORT \
                -Dsonar.sources=.
```

{% hint style="info" %}
Note: our plugin property is passed as command line flag in this example. Should you prefer you can configure properties in sonar project configuration file (`sonar-project.properties`) and remove the flags accordingly from the invocation.

<pre class="language-xml"><code class="lang-xml"><strong>sonar.projectKey=PROJECT_UNIQUE_KEY
</strong>sonar.login=YOUR_TOKEN
sonar.meterian.reportJsonPath=PATH_TO_REPORT
sonar.sources=.
</code></pre>

{% endhint %}

{% hint style="info" %}
Different SonarScanners default to analyse different source folders. To ensure that all the main source files are part of the analysis we set `sonar.source` to the current working directory (the path `.`). **It is important that you ensure that your manifest files are within the sources**. You can read more on how to adjust the analysis scope by clicking [**here**](https://docs.sonarsource.com/sonarqube/latest/project-administration/analysis-scope/).
{% endhint %}

You source code will be analysed and findings from SonarQube and Meterian will then be uploaded to your SonarQube instance.

<figure><img src="/files/dSENAde6KJHd6ulaeNBE" alt=""><figcaption><p>Logs showing the Meterian plugin sensor in action</p></figcaption></figure>

These findings will be visible on the web interface as issues:

<figure><img src="/files/432Jxn733kMz2XiKIIWv" alt=""><figcaption><p>Issues raised by Meterian</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.meterian.io/devops-integrations/sonarqube/usage.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.