SonarQube

10 minute readExtensibilityDeveloper productivity

EC-SonarQube plugin integrates with SonarQube (versions starting from 5.4 to the SonarQube 7.1).

SonarQube is an open source platform used by development teams to manage source code quality. Sonar has been developed with a main objective in mind: make code quality management accessible to everyone with minimal effort.

Plugin version 1.5.0.2021082313

Revised on August 25, 2021

Integrated version

This plugin supports SonarQube versions from 6.7 to to 8.9, including "LTS" version. Also, Plugin works with SonarCloud.io - the cloud solution for SonarQube.

For all parameter descriptions below, required parameters are shown in bold italics.

More information can be found at this website.

Information about SonarCloud can be found at SonarCloud.io.

Additional info about SonarQube and CloudBees integration in CloudBees Plugin Directory.

Plugin configurations

Plugin configurations are sets of parameters that apply across some or all of the plugin procedures. They reduce repetition of common values, create predefined parameter sets for end users, and securely store credentials where needed. Each configuration is given a unique name that is entered in designated parameters on procedures that use them.

Creating plugin configurations

To create plugin configurations in CloudBees CD, do these steps:

  1. Go to Administration > Plugins to open the Plugin Manager.

  2. Find the EC-SonarQube row.

  3. Click Configure to open the EC-SonarQube Configurations page.

  4. Click Create Configuration.

  5. To enable CloudBees CD server to communicate with the SonarQube API, enter the following information:

ParameterDescription

Configuration Name

The name of the configuration to create.

Description

Specifies the description for the configuration.

SonarQube server host configuration

SonarQube endpoint, e.g. http://my-server:9000.

Organization Key

It is required if SonarCloud used

Auth type

Authentication type:a username with a password or access token.

Credential

Username and password to access SonarQube.

Token

The personal access token to access SonarQube.

Debug Level

Verbosity level of output. Possible values: Info, Debug, Trace. Debug and Trace levels push sonar scanner to work in Debug mode and ignore this setting for InitiateScanner and RunSonarScanner procedures.

Test connection

Should commander test connection on creating configuration. Authentication is not being tested.

HTTP Proxy

A HTTP proxy that should be used for connections.

Proxy Authorization

Username and password used to connect to HTTP proxy.

Editing plugin configurations

To edit plugin configurations in CloudBees CD, do these steps:

  1. Go to Administration > Plugins to open the Plugin Manager.

  2. Find the EC-SonarQube row.

  3. Click Configure to open the EC-SonarQube Configurations page.

  4. Find the configuration that you want to edit.

  5. Click Edit.

  6. Edit the parameters in the configuration.

  7. Click OK to save the modified configuration.

Plugin procedures

Collect reporting data

Collects reporting data from SonarQube and sends it to CloudBees CD reporting server.

By default, following fields are mapped to the report:

CodeQuality report:

Parameter from SonarQube for pluginRow in build report

pluginConfiguration

Plugin configuration name.

pluginName

Name of the plugin

duration

Duration of SonarQube scan.

baseDrillDownUrl

Base URL for Drill-Down.

endTime

timestamp + duration converted to date

Procedure configuration parameters

ParameterDescription

Configuration name

The name of the configuration that contains the information required to connect to SonarQube.

Preview mode

This mode is provided to let a user perform a WHAT IF analysis before enabling automatic reporting. If this mode is set, no metadata will be set and reports will be not be sent to the Reporting Server. Instead detailed information about each object retrieved from SonarQube that includes transformation, mapping and payload, will be shown in the summary logs.

Project Key

The project key that is unique for each project in SonarQube.

File Prefix

If provided, matching string will be removed from file path before sending report. For example if file path is /opt/repo/file1, file prefix = /opt/repo will resolve it to /file1 Similarly file prefix = /opt/repo/ will resolve it to file1.

Field Mapping

Allows user to place custom fields to payload, or modify payload values. Examples: "MyApplication":codeQuality.releaseName - map value "MyApplication" to code_quality report releaseName field.

Transform Script

Allows user to provide perl script for payload customization. This method will be invoked by plugin with 2 parameters. 1st parameter is context object, 2nd is payload object. Since EC-SonarQube-1.5.0.2021082313 sends two types of reports, payload will be a hash reference with build and payload sections. Method should be named "transform", and should return payload object. In this example myCustomField field will be added to codeQuality payload object and to each codeQualityFile payload object:

sub transform {
    my ($context, $payload) = @_;
    # $payload->{codeQuality}->{myCustomField} = 1;
    # for my $p (@{$payload->{codeQualityFile}}) {
    #     $p->{myCustomField2} = 2;
    # }
    return $payload;
}
sub one {
    my ($context) = @_;
    return time();
}

Metadata Property Path

Property sheet where run metadata will be stored. Optional field. If omited, /mySchedule/EC-SonarQube-%Project Key%-%Report Object Type% will be used for schedule contest. For all other contexts root is /myProject.

Base URL For Drill-Down

Base URL for the SonarQube. If empty it will be set to %url_from_configuration%/dasboard?id=%Project Key%.

Debug

If set the summary logs will be written with the highest verbosity for the entire procedure.

Run sonar scanner

Procedure runs scanner on specified directory with code and gets data with analysis metrics from SonarQube server. Additionally we have configuration for the Heap Size to support big codebase analysis. Also, There is a way to enable debug mode for a scanner. If debug level of the plugin is 2 and more, then debug mode for scanner is getting enabled automatically.

After running scanner it waits for the SonarQube server to finish processing and gets metrics back that could be used in gates

Procedure Configuration Parameters

ParameterDescription

Configuration

Uses the name of configuration of the Plugin(Server credentials and URL).

Work directory

Source code directory.

Source encoding

Set the source file encoding. e.g. ISO-8859-1.

Project key

The project key that is unique for each project in SonarQube.

Project name

Name of the project that will be displayed on the web interface of SonarQube.

Project version

The project version in SonarQube.

Local path to sources

Comma-separated paths to directories containing source files, like: "./library, ./lib, ./gf_tool.pl".

Sonar timeout

Timeout in minutes to wait for the task to be completed. Default: 60 minutes.

Custom values for Sonar Scanner

Custom settings of Sonar Scanner. e.g. "key=value", new pair on each line, like in common sonarscanner config.

Enable sonar scanner debug mode

Enable debug mode for sonar scanner. If debug level of configuration is set to "Debug" or "Trace" this option is ignored and debug mode forced to get enabled for sonar scanner.

Heap space

If you get Java heap space error or java.lang.OutOfMemoryError on scanner run, please set this property. This the size in Megabytes. E.g. 512. Sonar scanner will get this additional param via enviroment variable to prevent such errors.

Type of stored result

Set the result property format.

Property to store results

Allows user to configure the section where all data after the run will be stored. This will may be used in Gates configuration.

Metrics

Configs allow storing All, New only or None params for each section of metrics of SonarQube.

Initiate scanner

Procedure runs scanner on specified directory with code. Additionally we have configuration for the Heap Size to support big codebase analysis. Also, There is a way to enable debug mode for a scanner. If debug level of the plugin is 2 and more, then debug mode for scanner is getting enabled automatically.

Procedure supports propertySheet, XML and JSON outputs. Task_id (analysis that was initiated) is being returned, so it may be used by "Get Last SonarQube Metrics" procedure.

Procedure Configuration Parameters

ParameterDescription

Configuration

Uses the name of configuration of the Plugin(Server credentials and URL).

Work directory

Source code directory.

Source encoding

Set the source file encoding. e.g. ISO-8859-1.

Project key

The project key that is unique for each project in SonarQube.

Project name

Name of the project that will be displayed on the web interface of SonarQube.

Project version

The project version in SonarQube.

Local path to sources

Comma-separated paths to directories containing source files, like: "./library, ./lib, ./gf_tool.pl".

Sonar timeout

Timeout in minutes to wait for the task to be completed. Default: 60 minutes.

Custom values for Sonar Scanner

Custom settings of Sonar Scanner. e.g. "key=value", new pair on each line, like in common sonarscanner config.

Enable sonar scanner debug mode

Enable debug mode for sonar scanner. If debug level of configuration is set to "Debug" or "Trace" this option is ignored and debug mode forced to get enabled for sonar scanner.

Heap space

If you get Java heap space error or java.lang.OutOfMemoryError on scanner run, please set this property. This the size in Megabytes. E.g. 512. Sonar scanner will get this additional param via enviroment variable to prevent such errors.

Type of stored result

Set the result property format.

Property to store results

Allows user to configure the section where all data after the run will be stored. This will may be used in Gates configuration.

Get LastSonar metrics

Procedure gets data with last run metrics from SonarQube server. If Sonar task id is specified, then it waits for the SonarQube server to finish processing and gets metrics back that could be used in gates.

Procedure supports propertySheet, XML and JSON outputs.

Procedure Configuration Parameters

ParameterDescription

Configuration

Uses the name of configuration of the Plugin(Server credentials and URL).

Sonar task id

The task id passed to this procedure from the run of sonar scanner initiated by thirdparty software. If it is set, then this procedure will: wait for SonarQube to process the task, download analysis dat and process metrics. If this param is not passed, then only metrics check from the last for specified SonarQube project is being run.

Project key

The project key that is unique for each project in SonarQube.

Project name

Name of the project that will be displayed on the web interface of SonarQube.

Project version

The project version in SonarQube.

Sonar timeout

Timeout in minutes to wait for the task to be completed. Default: 60 minutes.

Type of stored result

Set the result property format.

Property to store results

Allows user to configure the section where all data after the run will be stored. This will may be used in Gates configuration.

Metrics

Configs allow storing All, New only or None params for each section of metrics of SonarQube.

Examples and use cases

Pipeline configuration

To make it working the user needs to have the same directory for getting the code (like through the Git Plugin for example) and pushing Sonar Scanner to work from. The work directory creation was done by this procedure: link. After getting the code Plugin pushes Sonar Scanner to initiate analysis checking the code in the working directory by given list of params. Afterward, params are getting saved and could be used as gates params for the next step.

Job configuration

When workflow launches - code is being processed locally on agent by sonar-scanner in the Work directory. If configuration of SonarQube Server was changed or on initial run - sonar-scanner downloads all plugins from SonarQube Server. Job configuration gives all required params for the scanner to initiate an analysis.

Params for the EC-SonarQube job to initiate analysis

ParameterDescription

Configuration

Uses the name of configuration of the Plugin(Server credentials and URL).

Work directory

Source code directory.

Property to store results

Allows user to configure the section where all data after the run will be stored. This will may be used in Gates configuration.

Project key

The project key that is unique for each project in SonarQube.

Project name

Name of the project that will be displayed on the web interface of SonarQube.

Project version

The project version in SonarQube.

Local path to sources

Comma-separated paths to directories containing source files, like: "./library, ./lib, ./gf_tool.pl".

Custom values for Sonar Scanner

Custom settings of Sonar Scanner. e.g. "key=value", new pair on each line, like in common sonarscanner config.

Metrics

Configs allow storing All, New only or None params for each section of metrics of SonarQube.

Analysis data is saved every time. The list of all params that SonarQube could provide depending on the list of its plugins could be easily checked in the log after Job run.

Gate configuration example

Known issues

  • The Java code of SonarQube scanner doesn’t allow to get connected to the instance that works on broken SSL certificate (like self-signed one).

To fix this certificate should be added to Java Keystore. To inform a user about the potential problem, Plugin got basic validator of SSL certificate issues.

  • Authorized proxy access is supported in SonarQube versions starting from 6.x due to limitations of proxy handling in old versions of the sonar-scanner-engine-shaded.

Release notes

EC-SonarQube 1.5.0

  • Added support for the new plugin configurations.

  • Added support for token credential.

  • Updated supported versions of SonarQube. The plugin now supports SonarQube server versions from 6.7 to 8.9.

  • Fixed an issue with check connection to https://sonarcloud.io.

EC-SonarQube 1.4.2

  • Fixed an issue when on some old setups EditConfiguration did not work properly.

EC-SonarQube 1.4.1

  • Updated plugin documentation.

EC-SonarQube 1.4.0

  • Updated supported versions of SonarQube. The plugin now supports SonarQube server versions from 6.7 to 8.5.

  • External credential management support has been added.

  • The parameter "Project version" in "Get Last SonarQube Metrics" procedure is optional now.

  • Fixed a bug with remaining proxy credentials after deleting a config.

EC-SonarQube 1.3.3

  • The documentation has been migrated to the main documentation site.

EC-SonarQube 1.3.2

  • Fixed saving a report URL in the pipeline context.

EC-SonarQube 1.3.1

  • Rebranding to "CloudBees CD".

EC-SonarQube 1.3.0

  • Add checking connection while creating/editing a configuration.

  • Support for HTTP Proxy has been provided. Customers who use HTTP proxy can specify Proxy Information (Host, Port and Credentials at the configuration level) and all procedures will use the Proxy as second credentials for authentication.

EC-SonarQube 1.2.1

  • Renaming to "CloudBees".

EC-SonarQube 1.2.0

  • Plugin promotion time has been improved.

EC-SonarQube 1.1.3

  • Fixed URL for reports.

  • Configurations can be created by users with "@" sign in a name.

EC-SonarQube 1.1.2

  • Added metadata that is required for 9.0 release.

EC-SonarQube 1.1.1

  • SonarQube logo icon has been added.

EC-SonarQube 1.1.0

  • A new procedure called CollectReportingData has been added in order to support predictive analytics.

  • Changes were made in order to have the ability to view and manage plugin configurations from within Deploy without having to navigate to the platform UI.

EC-SonarQube 1.0.4

  • Fixed an error during plugin promotion on ElectricFlow instance that is running on windows.

  • Configured the plugin to allow the ElectricFlow UI to render the plugin procedure parameters entirely using the configured form XMLs.

  • Enabled the plugin for managing the plugin configurations in-line when defining an application process step or a pipeline stage task.

EC-SonarQube 1.0.3

  • Add SonarCloud (SonarCloud.io) Support

  • Change the list of required params for procedures to support versions from 5.4 to the Latest

  • Add Validators to some parameters of procedures for easier configuration

  • Add SonarQube auth tokens support

  • Add Testing connection functionality to configuration page

  • Bugfix: Support of SonarQube server from version 6.4

  • Update procedures documentation

  • Improve debug output

  • Fixes for the reported list of bugs

EC-SonarQube 1.0.2

  • Add InitiateScanner procedure for initiating analysis only

  • Add GetLastSonarMetrics procedure to be able to grab metrics from the last analysis

  • Bugfix: authorization on SonarQube side

  • Support of SonarQube server from version 5.4

  • Fix possible problems with running sonar scanner on Windows OS

  • Add output in JSON and XML format

  • Bugfix: result property output

EC-SonarQube 1.0.1

  • Apply the last version of sonar scanner

  • Add filters for metric groups

EC-SonarQube 1.0.0

  • Add complete RunSonarScanner procedure

  • Add SonarQube server configuration