The SonarQube analysis has to be run triggered outside of Bitbucket. The most common scenario is an integration of the SonarQube analysis into the your build pipeline.
A typical Sonar analysis has the following stepsrecommended flow with Sonar for Bitbucket looks like:
New code changes pushed to a branch, or a Bitbucket (or new pull request that has been created in Bitbucket
The build pipeline is triggered and informed of the new changes
A build is run, which triggers the Sonar analysisis created)
Bitbucket triggers your build pipeline for code changes
Your build pipeline must trigger the Sonar analysis
and executes the SonarScanneror one of its build system-dependent alternatives.
see below for required parameters
SonarQube informs Sonar for Bitbucket over a webhook that Webhook about a new analysis is completereport.
Sonar for Bitbucket annotates
existing pull
requests with the issues found in the analysis.
Whichever external system you use to execute the Sonar scan, you need to run it with the correct parameters for your SonarQube application. Use the analysis parameter matrix below to find yours.
...