If you are already running a centralized SonarQube instance, use this action to scan a Git repository with the SonarQube static analysis scanner. The data collected from the scans is available in your SonarQube reports, and the results are also displayed in the CloudBees platform analytics dashboards. You can also use the action output as a quality gate for the next step or job in your workflow.
If you do not have SonarQube already installed, use the Scan with SonarQube bundled action instead. |
All CloudBees action repositories are listed at CloudBees, Inc. on GitHub. |
Inputs
Input name | Data type | Required? | Description |
---|---|---|---|
|
String |
Yes |
The SonarQube server URL. |
|
String |
No |
The |
|
String |
No |
The SonarQube password. |
|
String |
No |
The branch name to be scanned. |
|
String |
No |
The SonarQube access token. |
|
String |
No |
The SonarQube username. |
|
String |
No |
The file path of the code to be scanned. |
Outputs
Output name | Data type | Description |
---|---|---|
|
String |
The number of Critical security findings discovered during the scan. |
|
String |
The number of Very high security findings discovered during the scan. |
|
String |
The number of High security findings discovered during the scan. |
|
String |
The number of Medium security findings discovered during the scan. |
|
String |
The number of Low security findings discovered during the scan. |
Usage examples
Basic example
The following is a basic example for using the action:
- name: Scan with SonarQube uses: cloudbees-io/sonarqube-plugin@v1 with: server-url: https://my-sonarqube-server-url
Scan C-family code languages
In the following example, the cmakeList-path
input is specified for a C-family code language scan:
- name: Scan C-family code with SonarQube uses: cloudbees-io/sonarqube-plugin@v1 with: server-url: ${{ vars.SONARQUBE_SERVER_URL }} cmakeList-path: https://path/to/my/CMakeFileList.txt
Using the action output
Access the output values in downstream steps and jobs using the outputs
context.
Use the output in your workflow as follows, where <action_step_ID>
is the action step ID, and <severity>
is an output parameter name, such as critical-count
:
${{steps.<action_step_ID>.outputs.<severity>}}
The following example uses the action output in a downstream step of the same job:
The following example uses the action output in a downstream job: