SonarQube

The SonarQube bundled plugin runs static analysis against source code in a repository and reports findings and metrics. You can optionally record the defects and metrics on your SonarQube server.

In this topic:

Prerequisites

Before you can use the SonarQube plugin, ensure that you fulfill the following prerequisites:

• On your PulseUno server, install and configure the SonarScanner command-line application.

• Install a SonarQube server on your network (not necessarily on the PulseUno server).

• PulseUno version 23.2: Create and set up the server configuration file:

  <pulse_data>/conf/experts/com.serena.starlight/sonarqube/sonarqube-pulse-expert.properties

  For details, see Create server configuration file.

• The SonarQube plugin uses the Web Service Java Client to make REST requests to a SonarQube server. For supported SonarQube versions, see the Support Matrix.

• To configure additional supported parameters, use the sonar-scanner.properties and sonar-project.properties files.

  Default location of the sonar-scanner.properties file:

  <SonarScanner_install_directory>/conf/sonar-scanner.properties

  The sonar-project.properties settings override the settings in the sonar-scanner.properties file.

Back to top

Create server configuration file

PulseUno version 23.2: The SonarQube plugin properties file is required and is located in:

<pulse_data>/conf/experts/com.serena.starlight/sonarqube/sonarqube-pulse-expert.properties

Property	Description
sonar.host.url	Enter the SonarQube server URL, for example: http://localhost:9000
pulse.sonar.agent.path	Enter the full path to the SonarScanner application, for example: C:\\sonar-scanner\\bin\\sonar-scanner.bat
sonar.jdbc.url	SonarQube version 5.1.x or earlier: Specify the JDBC connection URL for the SonarQube database, for example: jdbc:h2:tcp://localhost:9092/sonar
sonar.jdbc.username	SonarQube version 5.1.x or earlier: Specify the database username for the JDBC connection.
sonar.jdbc.password	SonarQube version 5.1.x or earlier: Specify the database password for the JDBC connection.
pulse.results.delay	When SonarQube analysis generates a large number of findings (over 2000), a short delay is needed before the results can be fetched. Normally, this delay is required only on the first run. On subsequent runs, only the delta needs to be updated. Default timeout: 300 seconds.

Back to top

Configure SonarQube plugin

Because the SonarScanner operates on source code files, use the SonarQube plugin in a chain that populates a workspace.

For details on how to set up scheduled chain runs, see Schedule chain runs.

To configure the SonarQube step:

1. Add the SonarQube step to a chain, as described in Create chains.

2. (Optional) Rename the plugin step. The default name is SonarQube.

3. Enter the Project Configuration details:

   Field	Description
   Source folder	Enter the stream or branch directory against which to run the analysis.
   Relative stream folder in the workspace	(Optional) Enter the relative path to the stream or branch directory in the workspace.
   Path to SonarQube Scanner workspace	Enter the path to the SonarScanner workspace. Leave empty to use the default path: .sonar
   Relative path to Java binaries	(Optional) Enter the relative path to Java binaries to analyze Java sources.
   Project key	Specify the unique SonarQube project key. Typically, this is the value defined for <groupId>:<artifactId> in Maven, for example: example-key com.example:project1 Note: The properties Project key, Project name, and Project version are optional if you have set them in the Project Properties box or the Project Properties File. If you are using the Publish mode of analysis, the project key is required.
   Project name	Specify the name of the SonarQube project to be displayed in the web browser. Typically, this is the value defined for <name> in Maven.
   Project version	Specify the SonarQube project version. Typically, this is the value defined for <version> in Maven, for example, 1.0.
   Project Properties	(Optional) Enter project properties that override the settings in the sonar-scanner.properties or sonar-project.properties files.
   Project Properties File	(Optional) Specify a full path to the sonar-project.properties file.

4. Enter the Analysis Configuration details:

   Field	Description
   Analysis mode	Select an analysis mode: publish preview issues
   Legacy server	Select this option if you are using SonarQube version 5.1.x or earlier.
   Use Quality Gate Status as result	Publish mode only: Select this option if you want the status of the chain step to be determined based on the Quality Gate status in SonarQube. For example, if the Quality Gate fails, the chain step also fails.

5. Enter the Client Configuration details:

   Field	Description
   Full path to the SonarQube Scanner application	(Optional) Enter the full path to the SonarScanner application, for example: C:\sonar-scanner\bin\sonar-scanner.bat We recommend adding the path as an agent variable and using the variable instead of the actual path. For example: {{SONARQUBE_SCANNER_PATH}} For details, see Add variables to agents.
   Full path to sonar-scanner.properties	(Optional) Enter the full path to the sonar-scanner.properties file. If this field is empty, PulseUno uses the SonarQube Scanner application path to locate sonar-scanner.properties.

6. Enter the Server Configuration details:

   Field	Description
   SonarQube Server URL	Enter the URL of the SonarQube server. If you work with a single SonarQube server, we recommend adding the URL as a global variable and using the variable instead of the URL, for example: {{SONARQUBE_SERVER_URL}} For details, see Define chain and global variables. Leave the field empty to use the default path: http://localhost:9000
   Username	(Optional) Enter the username to connect to the SonarQube server.
   Password	(Optional) Specify the password to connect to the SonarQube server. Note: The properties Username and Password are required only in specific security situations. For details, see the SonarQube documentation.

7. PulseUno version 23.4: Enter additional Server Configuration details:

   Field	Description
   SonarQube server results timeout (in seconds)	(Optional) Specify the time to wait before fetching scan results. When SonarQube analysis generates over 2000 findings, a short delay is needed before the results can be fetched. Normally, this delay is required only on the first run. On subsequent runs, only the delta needs to be updated. Default timeout: 300 seconds.
   The relative path to SQ Scanner report file	(Optional) Enter the relative path to the SonarQube Scanner report. Leave empty to use the default path: sonar-report.json
   JDBC connection URL for the SQ database	SonarQube version 5.1.x or earlier: Enter the JDBC connection URL for the SonarQube database, for example: jdbc:h2:tcp://localhost:9092/sonar
   JDBC connection database user	SonarQube version 5.1.x or earlier: Enter the database username for the JDBC connection.
   JDBC connection database password	SonarQube version 5.1.x or earlier: Enter the database password for the JDBC connection.

8. (Optional) Define the control options for the plugin step:

   • Enable step. By default, the step is enabled to run. Clear this option if you need to deactivate the step.

     Disabled steps are skipped when the chain runs.

   • Fail the step. Specify the conditions for failing the step, such as unit test failures, findings criteria, and/or console log entries.

   • Mark step as unstable. Specify the conditions for making the step unstable, such as unit test failures, findings criteria, and/or console log entries.

9. (Optional) Specify the output variables to be passed to other steps down the chain. For details, see Publish output variables.

Back to top

See also:

• Use plugins
• Set chain options
• View chain runs