SonarQube

The SonarQube bundled plugin runs static analysis against source code in a repository and reports findings and metrics. You can optionally record the defects and metrics on your SonarQube server.

Prerequisites

Before you can use the SonarQube plugin, ensure that you fulfill the following prerequisites:

  • On your PulseUno server, install and configure the SonarScanner command-line application.

  • Install a SonarQube server on your network (not necessarily on the PulseUno server).

  • The SonarQube plugin uses the Web Service Java Client to make REST requests to a SonarQube server. For supported SonarQube versions, see the Support Matrix.

  • To configure additional supported parameters, use the sonar-scanner.properties and sonar-project.properties files.

    Default location of the sonar-scanner.properties file:

    <SonarScanner_install_directory>/conf/sonar-scanner.properties

    The sonar-project.properties settings override the settings in the sonar-scanner.properties file.

Back to top

Configure SonarQube plugin

Because the SonarScanner operates on source code files, use the SonarQube plugin in a chain that populates a workspace.

For details on how to set up scheduled chain runs, see Schedule chain runs.

To configure the SonarQube step:

  1. Add the SonarQube step to a chain, as described in Create chains.

  2. (Optional) Rename the plugin step. The default name is SonarQube.

  3. Enter the Project Configuration details:

    Field Description
    Source folder Enter the stream or branch directory against which to run the analysis.
    Relative stream folder in the workspace (Optional) Enter the relative path to the stream or branch directory in the workspace.
    Path to SonarQube Scanner workspace

    Enter the path to the SonarScanner workspace.

    Leave empty to use the default path: .sonar
    Relative path to Java binaries (Optional) Enter the relative path to Java binaries to analyze Java sources.
    Project key

    Specify the unique SonarQube project key. Typically, this is the value defined for <groupId>:<artifactId> in Maven, for example:

    example-key
    com.example:project1

    Note: The properties Project key, Project name, and Project version are optional if you have set them in the Project Properties box or the Project Properties File. If you are using the Publish mode of analysis, the project key is required.
    Project name Specify the name of the SonarQube project to be displayed in the web browser. Typically, this is the value defined for <name> in Maven.
    Project version Specify the SonarQube project version. Typically, this is the value defined for <version> in Maven, for example, 1.0.
    Project Properties (Optional) Enter project properties that override the settings in the sonar-scanner.properties or sonar-project.properties files.
    Project Properties File (Optional) Specify a full path to the sonar-project.properties file.

  4. Enter the Analysis Configuration details:

    Field Description
    Analysis mode

    Select an analysis mode:

    • publish
    • preview
    • issues
    Legacy server Select this option if you are using SonarQube version 5.1.x or earlier.
    Use Quality Gate Status as result

    Publish mode only: Select this option if you want the status of the chain step to be determined based on the Quality Gate status in SonarQube.

    For example, if the Quality Gate fails, the chain step also fails.

  5. Enter the Client Configuration details:

    Field Description

    Full path to the SonarQube Scanner application

    (Optional) Enter the full path to the SonarScanner application, for example:

    C:\sonar-scanner\bin\sonar-scanner.bat

    We recommend adding the path as an agent variable and using the variable instead of the actual path. For example:

    {{SONARQUBE_SCANNER_PATH}}

    For details, see Add variables to agents.
    Full path to sonar-scanner.properties

    (Optional) Enter the full path to the sonar-scanner.properties file.

    If this field is empty, PulseUno uses the SonarQube Scanner application path to locate sonar-scanner.properties.

  6. Enter the Server Configuration details:

    Field Description
    SonarQube Server URL

    Enter the URL of the SonarQube server.

    If you work with a single SonarQube server, we recommend adding the URL as a global variable and using the variable instead of the URL, for example:

    {{SONARQUBE_SERVER_URL}}

    For details, see Define chain and global variables.

    Leave the field empty to use the default path: http://localhost:9000
    Username (Optional) Enter the username to connect to the SonarQube server.
    Password

    (Optional) Specify the password to connect to the SonarQube server.

    Note: The properties Username and Password are required only in specific security situations. For details, see the SonarQube documentation.

  7. Enter additional Server Configuration details:

    Field Description
    SonarQube server results timeout (in seconds)

    (Optional) Specify the time to wait before fetching scan results.

    When SonarQube analysis generates over 2000 findings, a short delay is needed before the results can be fetched. Normally, this delay is required only on the first run. On subsequent runs, only the delta needs to be updated.

    Default timeout: 300 seconds.
    The relative path to SQ Scanner report file

    (Optional) Enter the relative path to the SonarQube Scanner report.

    Leave empty to use the default path: sonar-report.json
    JDBC connection URL for the SQ database

    SonarQube version 5.1.x or earlier: Enter the JDBC connection URL for the SonarQube database, for example:

    jdbc:h2:tcp://localhost:9092/sonar

    JDBC connection database user

    SonarQube version 5.1.x or earlier: Enter the database username for the JDBC connection.
    JDBC connection database password

    SonarQube version 5.1.x or earlier: Enter the database password for the JDBC connection.

  8. (Optional) Define the control options for the plugin step:

    • Enable step. By default, the step is enabled to run. Clear this option if you need to deactivate the step.

      Disabled steps are skipped when the chain runs.

    • Fail the step. Specify the conditions for failing the step, such as unit test failures, findings criteria, and/or console log entries.

    • Mark step as unstable. Specify the conditions for making the step unstable, such as unit test failures, findings criteria, and/or console log entries.

  9. (Optional) Specify the output variables to be passed to other steps down the chain. For details, see Publish output variables.

Note: If you do not specify optional properties, SonarScanner uses the default values from the sonar-scanner.properties and sonar-project.properties files. The sonar-project.properties settings override the settings in the sonar-scanner.properties file.

Back to top

See also: