How to trigger a SonarQube Analysis from Codefresh
SonarQube is a popular platform for Code Quality. It can be used for static and dynamic analysis of a codebase and can detect common code issues such as bugs and vulnerabilities.
There are many ways to perform an analysis with SonarQube but the easiest one would be to use the one that matches the build system of your application.
This section shows how to use the SonarQube plugin on Codefresh from the plugin directory. Once set-up your code will automatically be analysed everytime your pipeline runs.
Prerequisites for SonarQube integration
Before starting an analysis, you need to make sure that:
- You have at least a simple Codefresh pipeline up and running
- You have a SonarQube account (Developer, Enterprise, or on the SonarCloud)
Getting a security token from SonarQube
To use the SonarQube plugin, you will need to provide your login credentials in your Codefresh Pipeline or you generate a security token. We recommend the latter. You can either create a new one or reuse an existing one. Security wise it is best if each project has its own token.
Login into SonarQube with your account and navigate to USER -> MY ACCOUNT, which is on the top right corner of your profile. Next, select the Security tap and generate the security token. Save the token somewhere where you will be able to access it again easily.
Setting up your sonar-project.properties file
Not all environment variables are currently automatically defined in the SonarScanner. Thus, we have to set-up a
sonar-project.properties file in our root directry.
Please create the file and add the following values
The file is needed to run the SonarQube plugin.
Please note that projects using some languages may require additional configuration. For information on what may be needed for your language, refer to the appropriate language page in the Sonarqube documentation
Running an analysis from the Codefresh Plugin
If you are using the predefined Codefresh pipeline you just need to look-up SonarQube under
STEPS and you will find the custom plugin.
- Select the
- Copy and past the step to your pipeline
Please customise the values within the step as follows:
SONAR_HOST_URL: 'https://sonarcloud.io/'# this is the URL to SonarCloud, if applicable, please replace it with the Server URL
SONAR_LOGIN: usernameor access token (generated above)
SONAR_PASSWORD: passwordif username is used
SONAR_PROJECT_BASE_DIR: set working directory for analysis
Here is our example step:
Once the values are specified, save and run your pipeline.
Viewing the SonarQube analysis
Once the Codefresh build is started you can check the logs and monitor the analysis progress.
Once the analysis is complete you can visit the SonarQube dashboard and see the recent analysis of the project.
Then you can drill down and view the various statistics.