Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The SonarQube analysis has to be run on the outside of Bitbucket. The most common scenario is an integration of the analysis into the build pipeline. A typical sonar Sonar analysis has the following steps:

  1. New code changes pushed to a branch, or a pull request that has been created in Bitbucket

  2. The build pipeline is triggered and informed of the new changes

  3. A build is run, which triggers the Sonar analysisand executes the SonarScanneror one of its build system-dependent alternatives.

  4. The results of the analysis are sent to the SonarQube application

  5. The SonarQube application informs Sonar for Bitbucket plugin over a webhook that a new analysis is complete. Sonar for Bitbucket annotates the pull request with the issues found in the analysis.

...

Developer Edition or higher

Community Edition

SonarCloud

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ 
  -Dsonar.host.url=<SONAR_SERVER_URL>

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \
  -Dsonar.host.url=<SONAR_SERVER_URL>
Note

SonarQube versions 7.9.x and 8.x only allow certain characters [0-9a-zA-Z:-_.] in their project keys. Branch names typically contain / and cannot be used.

Use the same character as configured in the SonarQube server configuration under ‘Branch renaming for Sonar Project Keys’.

To replace illegal characters with the replacement character, the following sed expression can be used in your CI/CD configuration:

sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \
  -Dsonar.host.url=https://sonarcloud.io \
  -Dsonar.organization=<SONAR_CLOUD_ORGANIZATION>

Branch Analysis

Code Block
languagebash
  -Dsonar.branch.name=<branch_name> 

Not needed with correct sonar project key

See Developer Edition or higher

Pull Request Analysis

Code Block
languagebash
  -Dsonar.pullrequests.key=<pull request identifier from VCS>Bitbucket>
  -Dsonar.pullrequest.branch=<source branch name of pull request>
  -Dsonar.pullrequest.base=<destination branch name of pull request>
Info

Take the source branch name of pull requests for BRANCH_NAME

See Developer Edition or higher

Only SonarQube 7.7

Code Block
languagebash
  -Dsonar.analysis.scmRevision=COMMIT_ID
Code Block
languagebash
  -Dsonar.analysis.scmRevision=COMMIT_ID

Not needed

...