How to Analyze a Monorepo With Multiple Sonar Projects
For a monorepo, run a scan per package with its own projectKey and working directory so each gets an independent gate.
Give each package a sonar-project.properties with a distinct sonar.projectKey, then run the scan per directory (often via a matrix). Each project has its own gate and history.
Workflow
.github/workflows/ci.yml
jobs:
scan:
runs-on: ubuntu-latest
strategy:
matrix:
pkg: [packages/api, packages/web]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: SonarSource/sonarqube-scan-action@v4
with:
projectBaseDir: ${{ matrix.pkg }}
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}Per-package properties
sonar-project.properties
# packages/api/sonar-project.properties
sonar.projectKey=my-org_api
sonar.sources=src
sonar.javascript.lcov.reportPaths=coverage/lcov.infoGotchas
- One project key for the whole monorepo mixes packages and blurs per-team gates; prefer a key per package.
- Use path filters so only changed packages scan, but keep placeholder checks so required gates still report.
Related guides
How to Combine Multi-Language Analysis in One ScanAnalyze a repo with JavaScript, Python, and Go in a single SonarQube scan by setting sources and per-language…
How to Make a Quality Gate a Required Status CheckRegister a quality-gate job as a required status check under GitHub branch protection so pull requests cannot…