The SonarQube analysis has to be run on the outside of Bitbucket. The most common scenario is an integration of the analysis into the build pipeline. A typical sonar Sonar analysis has the following steps:
New code changes pushed to a branch, or a pull request that has been created in Bitbucket
The build pipeline is triggered and informed of the new changes
A build is run, which triggers the Sonar analysisand executes the SonarScanneror one of its build system-dependent alternatives.
The results of the analysis are sent to the SonarQube application
The SonarQube application informs Sonar for Bitbucket plugin over a webhook that a new analysis is complete. Sonar for Bitbucket annotates the pull request with the issues found in the analysis.
...
| Developer Edition or higher | Community Edition | SonarCloud |
---|
| Code Block |
---|
| sonar-scanner \
-Dsonar.projectKey=<SONAR_PROJECT_KEY> \
-Dsonar.host.url=<SONAR_SERVER_URL> |
| Code Block |
---|
| sonar-scanner \
-Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \
-Dsonar.host.url=<SONAR_SERVER_URL> |
Note |
---|
SonarQube versions 7.9.x and 8.x only allow certain characters [0-9a-zA-Z:-_.] in their project keys. Branch names typically contain / and cannot be used. Use the same character as configured in the SonarQube server configuration under ‘Branch renaming for Sonar Project Keys’. To replace illegal characters with the replacement character, the following sed expression can be used in your CI/CD configuration: sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g
|
| Code Block |
---|
| sonar-scanner \
-Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.organization=<SONAR_CLOUD_ORGANIZATION> |
|
---|
Branch Analysis | Code Block |
---|
| -Dsonar.branch.name=<branch_name> |
| Not needed with correct sonar project key | See Developer Edition or higher |
---|
Pull Request Analysis | Code Block |
---|
| -Dsonar.pullrequests.key=<pull request identifier from VCS>Bitbucket>
-Dsonar.pullrequest.branch=<source branch name of pull request>
-Dsonar.pullrequest.base=<destination branch name of pull request> |
| Info |
---|
Take the source branch name of pull requests for BRANCH_NAME |
| See Developer Edition or higher |
---|
Only SonarQube 7.7 | Code Block |
---|
| -Dsonar.analysis.scmRevision=COMMIT_ID |
| Code Block |
---|
| -Dsonar.analysis.scmRevision=COMMIT_ID |
| Not needed |
---|
...