SonarQube is an open-source platform used by development teams to manage source code quality. SonarQube has been developed with a main objective in mind: to make code quality management accessible to everyone with minimal effort.
Plugin version 2.1.3.2022121644
Revised on December 16, 2022
Supported versions
The plugin has been tested with the following versions:
-
This plugin supports SonarQube versions 8.7 to 8.9, 9.5, and 9.7.1 including "LTS" versions.
-
This plugin supports SonarCloud.io - the cloud solution for SonarQube.
Plugin configurations
Plugin configurations are sets of parameters that can be applied across some, or all, of the plugin procedures. They can reduce the repetition of common values, create predefined parameter sets, and securely store credentials. Each configuration is given a unique name that is entered in the designated parameter for the plugin procedures that use them.
Creating plugin configurations
To create plugin configurations in CloudBees CD/RO, complete the following steps:
-
Navigate to
. -
Select Add plugin configuration to create a new configuration.
-
In the New Configuration window, specify a Name for the configuration.
-
Select the Project that the configuration belongs to.
-
Optionally, add a Description for the configuration.
-
Select the appropriate Plugin for the configuration.
-
Configure the parameters per the descriptions below.
Configuration procedure parameters
Parameter | Description | ||
---|---|---|---|
Server configuration |
Required. The EC-SonarQube internal configuration name. |
||
Description |
The description for the plugin configuration. |
||
Protocol |
Required. Specifies whether to prepend the hostname with
|
||
Host |
Required. The host name of the SonarQube server. |
||
URL path of SonarQube |
The URL path of SonarQube. For example, |
||
SonarQube server port |
Required. The SonarQube server port. For example, 9000. |
||
Ignore SSL errors |
Turn SSL verification off for instances with self-signed certificates. Ignore SSL errors works only for REST API calls for procedures Get Last SonarQube Metrics and CollectReportingData . |
||
Organization key |
The organization key that is required to identify the organization associated with your project. For instance, it is required to work with SonarCloud. |
||
Auth type |
The authentication type; a username with a password or an access token. |
||
Password |
The login or authentication token of a SonarQube user with the Execute Analysis permission.
If you use an authentication token, use it in the login field and leave the password blank. |
||
Token |
The personal access token. |
||
Debug level |
The verbosity level of the output. |
||
HTTP proxy |
The proxy that should be used for connections. |
||
Proxy authorization |
The username and password for the proxy. |
||
Check connection resource |
A resource that is used to check the connection. |
||
Check Connection? |
If checked, the connection endpoint and credentials entered as part of the configuration will be tested. If this option is checked, configuration will not be saved if the test fails. |
Plugin procedures
CollectReportingData
Collects reporting data from SonarQube and sends it to CloudBees CD/RO reporting server.
By default, the following fields are mapped to the report:
CollectReportingData parameters
Parameter | Description |
---|---|
Configuration name |
Required. The unique name for the configuration. |
Preview mode |
This mode is provided to let you perform a WHAT IF analysis before enabling automatic reporting. If selected, no metadata is set and reports are not sent to the reporting server. Instead, detailed information about each object retrieved from SonarQube that includes transformation, mapping, and payload, is included in the summary logs. |
Project key |
Required. The project key that is unique for each project in SonarQube. |
File prefix |
If provided, the matching string is removed from the file path before sending the report.
For example, if the file path is |
Field mapping |
Allows you to place custom fields to the payload or modify payload values.
For example, |
Transform script |
Allows you to provide a Perl script for payload customization.
This method is invoked by a plugin with two parameters.
The first parameter is the context object and the second parameter is the payload object.
Since EC-SonarQube-1.5.2.0 sends two types of reports, the payload is a hash reference with build and payload sections.
The method should be named In this example, the
|
Metadata property path |
The property sheet where run metadata is stored.
If omitted, |
Base URL for drill-down |
The base URL for SonarQube. If empty, it is set to |
Debug |
If selected, the summary logs are written with the highest verbosity for the entire procedure. |

Get Last SonarQube Metrics
Retrieves the last metrics from SonarQube based on specified parameters.
Retrieves the last run metrics from SonarQube server. If Sonar task ID is specified, then it waits for the SonarQube server to finish processing and retrieves metrics that could be used in gates.
This procedure supports propertySheet, XML and JSON outputs.
Get Last SonarQube Metrics parameters
Parameter | Description |
---|---|
Configuration name |
Required. The unique name for the configuration. |
Sonar task ID |
The task ID that is passed to this procedure from the run of SonarScanner, initiated by third-party software. If it is set, this procedure waits for SonarQube to process the task, download analysis data, and process metrics. If this parameter is not passed, then only the metrics check for the specified SonarQube project is ran. |
Project key |
Required. The project key that is unique for each project in SonarQube. |
Project name |
Required. The name of the project that is displayed in the SonarQube web interface. |
Project version |
The project version in SonarQube. |
Sonar timeout |
The timeout, in minutes, to wait for the task to be completed. The default timeout is 60 minutes. |
Type of stored result |
Set the result property format. |
Property to store results |
Set the result property where run metadata is stored.
If omitted, |
Metrics: Complexity |
The metrics to store. The options are All, New, or None. |
Metrics: Documentation |
The metrics to store. The options are All, New, or None. |
Metrics: Duplications |
The metrics to store. The options are All, New, or None. |
Metrics: Issues |
The metrics to store. The options are All, New, or None. |
Metrics: Maintainability |
The metrics to store. The options are All, New, or None. |
Metrics: QualityGates |
The metrics to store. The options are All, New, or None. |
Metrics: Reliability |
The metrics to store. The options are All, New, or None. |
Metrics: Security |
The metrics to store. The options are All, New, or None. |
Metrics: General |
The metrics to store. The options are All, New, or None. |
Metrics: Tests |
The metrics to store. The options are All, New, or None. |

Initiate Scanning Process
Scans the specified directory with code and gets data with analysis metrics from the SonarQube server. Additionally, the heap size is configurable to support large codebase analysis. You can also enable debug mode for a scanner. If the debug level of the plugin is 2
and higher, the scanner debug mode is enabled automatically.
This procedure supports propertySheet, XML and JSON outputs. Task_id
(analysis that was initiated) is being returned, so it may be used by the Get Last SonarQube Metrics procedure.
Initiate Scanning Process parameters
Parameter | Description | ||
---|---|---|---|
Configuration name |
Required. The unique name for the configuration. |
||
Work directory |
Set the working directory. |
||
Source encoding |
Set the source file encoding. For example, ISO-8859-1. |
||
Project key |
Required. The project key that is unique for each project in SonarQube. |
||
Project name |
Required. The name of the project that is displayed in the SonarQube web interface. |
||
Project version |
Required. The project version in SonarQube. |
||
Local path to sources |
Required. Comma-separated paths to directories that contain source files. For example, |
||
Sonar timeout |
The timeout, in minutes, to wait for the task to be completed. The default timeout is 60 minutes. |
||
Custom values for SonarScanner |
The SonarScanner custom settings. For example, |
||
Enable SonarScanner debug mode |
Enable debug mode for SonarScanner. |
||
Heap space (MB) |
The heap size, in megabytes. For example, 512.
|
||
Type of stored result |
Set the result property format. |
||
Property to store results |
Set the result property where run metadata is stored.
If omitted, |

Run Sonar Scanner
Runs SonarScanner on the specified directory with code and retrieves data with analysis metrics from the SonarQube server. Additionally, the heap size is configurable to support large codebase analysis. You can also enable debug mode for a scanner. If the debug level of the plugin is 2
and higher, the scanner debug mode is enabled automatically.
After scanning, it waits for the SonarQube server to finish processing and retrieves metrics that could be used in gates.
Run Sonar Scanner parameters
Parameter | Description |
---|---|
Configuration name |
Required. The unique name for the configuration. |
Work directory |
Set the working directory. |
Source encoding |
Set the source file encoding. For example, ISO-8859-1. |
Project key |
Required. The project key that is unique for each project in SonarQube. |
Project name |
Required. The name of the project that is displayed in the SonarQube web interface. |
Project version |
Required. The project version in SonarQube. |
Local path to sources |
Required. Comma-separated paths to directories that contain source files. For example, |
Sonar timeout |
The timeout, in minutes, to wait for the task to be completed. The default timeout is 60 minutes. |
Custom values for SonarScanner |
The SonarScanner custom settings. For example, |
Enable SonarScanner debug mode |
Enable debug mode for SonarScanner. |
Heap space (MB) |
The heap size, in megabytes. For example, 512.
Set this property if you get Java heap space or |
Type of stored result |
Set the result property format. |
Property to store results |
Set the result property where run metadata is stored.
If omitted, |
Metrics: Complexity |
The metrics to store. The options are All, New, or None. |
Metrics: Documentation |
The metrics to store. The options are All, New, or None. |
Metrics: Duplications |
The metrics to store. The options are All, New, or None. |
Metrics: Issues |
The metrics to store. The options are All, New, or None. |
Metrics: Maintainability |
The metrics to store. The options are All, New, or None. |
Metrics: QualityGates |
The metrics to store. The options are All, New, or None. |
Metrics: Reliability |
The metrics to store. The options are All, New, or None. |
Metrics: Security |
The metrics to store. The options are All, New, or None. |
Metrics: General |
The metrics to store. The options are All, New, or None. |
Metrics: Tests |
The metrics to store. The options are All, New, or None. |

Use cases
Parameters for the EC-SonarQube job to initiate analysis
Parameter | Description |
---|---|
Configuration |
Uses the name of the configuration of the plugin (Server credentials and URL). |
Work directory |
Source code directory. |
Property to store results |
Used to configure where run data is stored. This data may be used within gate configurations. |
Project key |
The project key unique for each project in SonarQube. |
Project name |
Name of the project displayed on the web interface of SonarQube. |
Project version |
The project version in SonarQube. |
Local path to sources |
Comma-separated paths to directories that contain source files. For example: |
Custom values for SonarScanner |
Custom settings of SonarScanner. For example, use of |
Metrics |
Configures storing All, New only, or None parameters for each section of metrics of SonarQube. |

Analysis data is saved for each run. All available SonarQube parameters depend on the list of installed plugins and can be checked in the log after the job runs.

Job configuration
When your workflow launches, code is processed locally on the agent by SonarScanner in the Work
directory. If this is an initial run or the configuration of your SonarQube server was changed, SonarScanner downloads all plugins from the SonarQube server. The Job
configuration gives all required parameters for the scanner to initiate an analysis.
Pipeline configuration
To configure the SonarQube plugin in a pipeline:
-
Clone your repository into a
Work
directory. -
Configure Run Sonar Scanner to run as a task targeting the
Work
directory. -
Remove the
Work
directory, if necessary.
After fetching the code, the SonarQube plugin triggers SonarScanner to initiate analysis by checking the code in the working directory against the given list of parameters. After the analysis runs, results are saved and may be used as gate parameters for follow-on steps.

Known issues
-
The Java code of SonarQube scanner doesn’t allow connection to an instance if it detects a broken SSL certificate. For example, when using self-signed certificates.
-
A workaround is to add your certificate to the Java Keystore. This plugin includes a basic validator for SSL certificate issues, which may detect such issues.
-
-
Authorized proxy access is supported in SonarQube versions starting from 6.x due to limitations for proxy handling in old versions of the
sonar-scanner-engine-shaded
.
Release notes
EC-SonarQube 2.1.3
-
Fixed issue with Ignore SSL option for REST based procedures ("Get Last SonarQube Metrics" and "CollectReportingData")
EC-SonarQube 2.1.2
-
Updated the SonarScanner CLI version to 4.7.0.2747.
-
Fixed issue related to Test connection when using an authentication token.
-
Deprecated support for SonarQube 6.7. To use SonarQube 6.7, you must use CD agent 10.10 or lower.
EC-SonarQube 2.0.0
-
Upgraded from Perl 5.8 to Perl 5.32. The plugin is not backward compatibility with releases prior CloudBees CD/RO 10.3. Starting with this release, a new agent is required to run the plugin procedures.
-
Ported the plugin to PDK.
EC-SonarQube 1.5.0
-
Added support for new plugin configurations.
-
Added support for token credentials.
-
Updated supported versions of SonarQube. The plugin now supports SonarQube server versions 6.7 to 8.9.
-
Fixed an issue with checking the connection to SonarCloud.
EC-SonarQube 1.4.0
-
Updated supported versions of SonarQube. The plugin now supports SonarQube server versions 6.7 to 8.5.
-
Added support for external credential management.
-
In the Get Last SonarQube Metrics procedure, the Project version parameter has been updated, and is now an optional parameter.
-
Fixed a bug with proxy credentials that remained after a configuration was deleted.
EC-SonarQube 1.3.0
-
Added the option to check a connection when creating or editing a configuration.
-
Added support for HTTP proxy. Customers who use HTTP proxy can specify proxy information (host, port and credentials at the configuration level) and all procedures use the proxy as second credentials for authentication.
EC-SonarQube 1.1.3
-
Fixed URL for reports.
-
Added support for creating configurations by users with an
@
sign in a name.
EC-SonarQube 1.1.0
-
A new procedure named CollectReportingData has been added to support predictive analytics.
-
Changes were made to support the ability to view and manage plugin configurations from within Deploy without having to navigate to the Automation Platform UI.
EC-SonarQube 1.0.4
-
Fixed an error during plugin promotion on the ElectricFlow instance that is running on Windows.
-
Configured the plugin to allow the ElectricFlow UI to render the plugin procedure parameters entirely using the configured form XMLs.
-
Enabled the plugin for managing the plugin configurations inline when defining an application process step or a pipeline stage task.
EC-SonarQube 1.0.3
-
Added SonarCloud.io support.
-
Changed the list of required parameters for procedures to support versions from 5.4 to the latest version.
-
Added validators to some procedure parameters for easier configuration.
-
Added SonarQube authorization token support.
-
Added testing connection functionality to the configuration page.
-
Added support for the SonarQube server from version 6.4.
-
Updated the plugin procedures documentation.
-
Improved debug output.
-
Provided fixes for the reported list of bugs.
EC-SonarQube 1.0.2
-
Added support for the InitiateScanner procedure for initiating analysis only.
-
Added support for the GetLastSonarMetrics procedure to retrieve metrics from the last analysis.
-
Fixed a problem with authorization on the SonarQube side.
-
Added support for the SonarQube server from version 5.4.
-
Fixed potential problems with running SonarScanner on Windows operating systems.
-
Added output in JSON and XML format.
-
Fixed a problem with the result property output.