Skip to content
Latchkey

How to Analyze a Monorepo With Multiple Sonar Projects

For a monorepo, run a scan per package with its own projectKey and working directory so each gets an independent gate.

Give each package a sonar-project.properties with a distinct sonar.projectKey, then run the scan per directory (often via a matrix). Each project has its own gate and history.

Workflow

.github/workflows/ci.yml
jobs:
  scan:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        pkg: [packages/api, packages/web]
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: SonarSource/sonarqube-scan-action@v4
        with:
          projectBaseDir: ${{ matrix.pkg }}
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Per-package properties

sonar-project.properties
# packages/api/sonar-project.properties
sonar.projectKey=my-org_api
sonar.sources=src
sonar.javascript.lcov.reportPaths=coverage/lcov.info

Gotchas

  • One project key for the whole monorepo mixes packages and blurs per-team gates; prefer a key per package.
  • Use path filters so only changed packages scan, but keep placeholder checks so required gates still report.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →