Onboard
Introduction
Users
Teams
Introduction
IntroductionPromote an image in Amazon ECRRetrieve an object from Amazon S3Store an object on Amazon S3Copy Docker images with CraneDownload a file from JFrog ArtifactoryMove or copy an image from JFrog ArtifactoryUpload a file to JFrog ArtifactoryGet artifact detailsRegister a build artifactRegister a deployed environment artifact
IntroductionCreate or update a functionInvoke a function
IntroductionRun an AWS CodePipelineRun a Bamboo projectRun a Bitbucket pipelineRun a CloudBees CI jobRun a CircleCI workflowRun a GitHub Actions workflowRun a GitLab pipelineRun a Harness pipelineRun a Jenkins® jobRun a JFrog pipelineBuild and publish Docker images with KanikoRun a TeamCity project
Check out a Git repository
IntroductionAWS credentialsECR credentialsEKS credentialsGit global credentialsOCI credentials
IntroductionRun Ansible PlaybookDeploy with Argo WorkflowsDeploy with AWS CodeDeployDeploy a binary with Amazon EC2Deploy to ECSRender an Amazon ECS task definitionDeploy with AWS Elastic BeanstalkDeploy with HerokuDeploy with OctopusDeploy with OpenShiftDeploy with SpinnakerDeploy with Tosca
Publish evidence items
Fetch secrets from CyberArk Conjur
IntroductionHelm chart installHelm chart packageHelm chart publishHelm chart uninstall
IntroductionCreate a Kubernetes namespaceCreate/update a Kubernetes resourceDeploy to a Kubernetes cluster
IntroductionVerify with NewRelic
Execute remote commands via SSH
IntroductionAnchoreAquasecJFrog XraySnyk ContainerSonatype (Nexus) ContainerTrivy
IntroductionStackhawkZAP
IntroductionCheckmarxCheckovCoverity on PolarisFind Security BugsGitHub Security ScannerGosecGrypeMendNexus IQnjsscanSnykSonarQube bundledSonarQube
IntroductionBlack DuckMendSnyk
IntroductionGitleaksTruffleHog ContainerTruffleHog CodeTruffleHog S3
IntroductionCreate a change requestUpdate or close a change requestGet a change request current stateQuery a change request approval
Publish test results
Multi-workflows dispatch
Introduction
Manage workflows
Introductioncloudbees and other context objectsenvnameonpermissionsjobs.<job_id>.<job_id>.delegates.<job_id>.env.<job_id>.environment.<job_id>.if.<job_id>.needs.<job_id>.outputs.<job_id>.permissionsjobs.<job_id>.uses.<job_id>.services.<job_id>.services.<service_id>.services.<service_id>.args.services.<service_id>.env.services.<service_id>.imagejobs.<job_id>.steps.<job_id>.steps[*].id.<job_id>.steps[*].env.<job_id>.steps[*].if.<job_id>.steps[*].name.<job_id>.steps[*].run.<job_id>.steps[*].shell.<job_id>.steps[*].uses.<job_id>.steps[*].with.<job_id>.steps[*].with.args.<job_id>.steps[*].with.entrypoint.<job_id>.steps[*].timeout-minutesjobs.<job_id>.timeout-minutes
An example workflow
Reusable workflows
Personal access tokens
Trigger a workflow using an API
IntroductionManual approval
Connect a repositoryCreate a workflowRun a scanPublish an image
Introduction
Learn about feature management
Create flags in code
Manage multiple SDK keys in your application
Create/manage flags in the UI
Namespaces and labels
Configure feature flags
Feature management custom roles
Flag approval requests and reviews
Audit history
Configuration as code
Flag impressions and activity status
Code references
Properties and custom properties
Target groups
Enabling secret mode
IntroductionAndroid / Android TV / Fire TVC/C++ (client-side)C/C++ (server-side)GoJavaJavaScript (browser) / Chromecast / TizenJavaScript SSR.NET/C#Node.jsiOS / tvOSPHPPythonReact NativeRuby
IntroductionClient-side AndroidClient-side C ClientClient-side C++ ClientClient-side JavaClient-side JavaScript (browser)Client-side .NET/C# clientClient-side Objective-CClient-side React NativeClient-side SwiftServer-side CServer-side C++Server-side GoServer-side JavaServer-side .NET/C#Server-side NodeJSServer-side PythonServer-side PHPServer-side RubyBoth client-side and server-side JavaScript SSR
IntroductionAndroid appAngular appDjango appGin app.NET Core appReact appSpring Boot app

CloudBees action: Scan with SonarQube

3 minute read

If you are already running a centralized SonarQube instance, use this action to scan a Git repository with the SonarQube static analysis scanner. The data collected from the scans is available in your SonarQube reports, and the results are also displayed in the CloudBees platform analytics dashboards. You can also use the action output as a quality gate for the next step or job in your workflow.

If you do not have SonarQube already installed, use the Scan with SonarQube bundled action instead.
All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name Data type Required? Description

url

String

Yes

The SonarQube server URL.

cmakeList-path

String

No

The CMakeFileList.txt file path for scanning C-family code languages. For more information, refer to the CMake documentation.

password

String

No

The SonarQube password.

ref

String

No

The branch name to be scanned.

token

String

No

The SonarQube access token.

username

String

No

The SonarQube username.

workspace-dir

String

No

The file path of the code to be scanned.

Outputs

Table 2. Output details
Output name Data type Description

critical-count

String

The number of Critical security findings discovered during the scan.

very-high-count

String

The number of Very high security findings discovered during the scan.

high-count

String

The number of High security findings discovered during the scan.

medium-count

String

The number of Medium security findings discovered during the scan.

low-count

String

The number of Low security findings discovered during the scan.

Usage examples

Basic example

The following is a basic example for using the action:

      - name: Scan with SonarQube
        uses: cloudbees-io/sonarqube-plugin@v1
        with:
          server-url: https://my-sonarqube-server-url

Scan C-family code languages

In the following example, the cmakeList-path input is specified for a C-family code language scan:

      - name: Scan C-family code with SonarQube
        uses: cloudbees-io/sonarqube-plugin@v1
        with:
          server-url: ${{ vars.SONARQUBE_SERVER_URL }}
          cmakeList-path: https://path/to/my/CMakeFileList.txt

Using the action output

Access the output values in downstream steps and jobs using the outputs context.

Use the output in your workflow as follows, where <action_step_ID> is the action step ID, and <severity> is an output parameter name, such as critical-count:

${{steps.<action_step_ID>.outputs.<severity>}}

The following example uses the action output in a downstream step of the same job:

name: my-workflow
kind: workflow
apiVersion: automation.cloudbees.io/v1alpha1

on:
  push:
    branches:
      - main

permissions:
  scm-token-own: read
  scm-token-org: read
  id-token: write

jobs:
  sonarqube-scan-job:
    steps:
      - name: check out source code
        uses: cloudbees-io/checkout@v1

      - id: sonarqube-step
        name: sonarqube scan
        uses: cloudbees-io/sonarqube-plugin@v1
        with:
          server-url: https://my-sonarqube-server-url

      - name: source dir examine
        uses: docker://golang:1.20.3-alpine3.17
        shell: sh
        run: |
          ls -latR /cloudbees/workspace

      - id: print-outputs-from-sonarqube-step
        name: print outputs from upstream sonarqube step
        uses: docker://alpine:latest
        run: |
            #printing all outputs
            echo "Outputs from upstream sonarqube step:"
            echo "Critical count: ${{steps.sonarqube-step.outputs.critical-count}}"
            echo "Very high count: ${{steps.sonarqube-step.outputs.very-high-count}}"
            echo "High count: ${{steps.sonarqube-step.outputs.high-count}}"
            echo "Medium count: ${{steps.sonarqube-step.outputs.medium-count}}"
            echo "Low count: ${{steps.sonarqube-step.outputs.low-count}}"

The following example uses the action output in a downstream job:

name: my-workflow
kind: workflow
apiVersion: automation.cloudbees.io/v1alpha1

on:
  push:
    branches:
      - main

permissions:
  scm-token-own: read
  scm-token-org: read
  id-token: write

jobs:
  job1:
    outputs:
      sonarqube-job-output-critical: ${{ steps.sonarqube-step.outputs.critical-count }}
      sonarqube-job-output-very-high: ${{ steps.sonarqube-step.outputs.very-high-count }}
      sonarqube-job-output-high: ${{ steps.sonarqube-step.outputs.high-count }}
      sonarqube-job-output-medium: ${{ steps.sonarqube-step.outputs.medium-count }}
      sonarqube-job-output-low: ${{ steps.sonarqube-step.outputs.low-count }}
    steps:
      - name: check out source code
        uses: cloudbees-io/checkout@v1
        with:
          repository: my-gh-repo-org/my-repo
          ref: main
          token: ${{ secrets.GIT_PAT }}

      - id: sonarqube-step
        name: sonarqube scan
        uses: cloudbees-io/sonarqube-plugin@v1
        with:
          server-url: https://my-sonarqube-server-url

  job2:
    needs: job1
    steps:
      - id: print-outputs-from-job1
        name: print outputs from upstream job1
        uses: docker://alpine:latest
        run: |
          # Printing all outputs
          echo "Outputs from upstream sonarqube job:"
          echo "Critical count: ${{ needs.job1.outputs.sonarqube-job-output-critical }}"
          echo "Very high count: ${{ needs.job1.outputs.sonarqube-job-output-very-high }}"
          echo "High count: ${{ needs.job1.outputs.sonarqube-job-output-high }}"
          echo "Medium count: ${{ needs.job1.outputs.sonarqube-job-output-medium }}"
          echo "Low count: ${{ needs.job1.outputs.sonarqube-job-output-low }}"
SonarQube bundled