Page Comparison

Sonar Include Code Quality for Bitbucket never triggers a SonarQube SonarQube™ analysis. The most common scenario is an integration of the SonarQube SonarQube™ analysis into your build pipeline.

A recommended flow with Sonar Include Code Quality for Bitbucket looks like:

1. New code changes pushed to Bitbucket (or new pull request is created)

   1. Bitbucket triggers your build pipeline for code changes

2. Your build pipeline must trigger the Sonar Sonar™ analysis

   1. and executes the SonarScanner Sonar™Scanneror one of its build system-dependent alternatives.

   2. see below for required parameters

3. SonarQube SonarQube™ informs Sonar Include Code Quality for Bitbucket over a Webhook about a new analysis report.

   1. Sonar Include Code Quality for Bitbucket annotates existing pull requests with the issues found in the analysis.

...

Whichever external system you use to execute the Sonar Sonar™ scan, you need to run it with the correct parameters for your SonarQube SonarQube™ application. Use the analysis parameter matrix below to find yours.

Analysis Parameter Matrix

The table shows the minimally necessary parameters to get Sonar Include Code Quality for Bitbucket to work with SonarScanner Sonar™Scanner. Look at the SonarQube SonarQube™ documentation for additional parameters or different scanning methods.

sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ 
  -Dsonar.host.url=<SONAR_SERVER_URL>

sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \
  -Dsonar.host.url=<SONAR_SERVER_URL>

sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \
  -Dsonar.host.url=https://sonarcloud.io \
  -Dsonar.organization=<SONAR_CLOUD_ORGANIZATION>

  -Dsonar.branch.name=<branch_name> 

  -Dsonar.pullrequests.key=<pull request id from Bitbucket>
  -Dsonar.pullrequest.branch=<source branch name of pull request>
  -Dsonar.pullrequest.base=<destination branch name of pull request>

  -Dsonar.analysis.scmRevision=COMMIT_ID

  -Dsonar.analysis.scmRevision=COMMIT_ID

Build Systems

Bamboo

We provide a first class integration for Bamboo with our Sonar for Bamboo plugin. See our dedicated wiki page for more information.

Jenkins

1. Use Bitbucket Webhook to Jenkins or any other app to notify Jenkins about new code changes. See these instructions on how to set it up. It is important enabling the setting "Omit SHA1 Hash Code" in the repository settings of the app (see this issue on Github for more details).

2. Follow the instructions on the Sonar Sonar™ Scanner for Jenkins Wiki to set up the SonarScanner Sonar™Scanner configuration.

3. The Jenkins Git plugin includes the origin/ prefix in branch names, which has to be removed. Use a Jenkins freestyle job.
   

   Code Block
   language bash
   echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2-) > sonar-branch

4. (Community Edition only) SonarQube SonarQube™ versions 7.9.x and 8.x need to replace illegal branch characters.
   Use the following command to export the sanitized branch name to a file:

   Code Block
   echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2- | sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g) > sonar-branch

...

You can then use this environment variable to trigger the Sonar Sonar™ analysis with -Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX>:$SONAR_BRANCH

Problems During Setup

We at Mibex Software are happy to help you in our support desk or at support@mibexsoftware.com

...