Page Comparison

...

A recommended flow with Include Code Quality for Bitbucket looks like:

New code changes pushed to Bitbucket (or new pull request is created)
1. Bitbucket triggers your build pipeline for code changes
Your build pipeline must trigger the Sonar™ analysis
1. and executes the Sonar™Scanneror one of its build system-dependent alternatives.
2. see below for required parameters
SonarQube™ informs Include Code Quality for Bitbucket over a Webhook about a new analysis report.
1. Include Code Quality for Bitbucket annotates existing pull requests with the issues found in the analysis.

Whichever external system you use to execute the Sonar™ scan, you need to run it with the correct parameters for your SonarQube™ application. Use the analysis parameter matrix below to find yours.

...

Developer Edition or higher

Community Edition

SonarCloud™ https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/overview/

Common Parameters

Code Block

language	bash

sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ 
  -Dsonar.host.url=<SONAR_SERVER_URL>

Code Block

language	bash

sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \
  -Dsonar.host.url=<SONAR_SERVER_URL>

Note

SonarQube™ versions 7.9.x and 8.x + only allow certain characters [0-9a-zA-Z:-_.] in their project keys. Branch names typically contain / and cannot be used.

Use the same character as configured in the SonarQube™ server configuration under ‘Branch renaming for Sonar™ Project Keys’.

To replace illegal characters with the replacement character, the following sed expression can be used in your CI/CD configuration:

sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g

Code Block

language	bash

sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \
  -Dsonar.host.url=https://sonarcloud.io \
  -Dsonar.organization=<SONAR_CLOUD_ORGANIZATION>

Branch Analysis

Code Block

language	bash

  -Dsonar.branch.name=<branch_name>

Parameter not supported, branch included in Sonar™ project key asBRANCH_NAME

See Developer Edition or higher

Pull Request Analysis

Code Block

language	bash

  -Dsonar.pullrequests.key=<pull request id from Bitbucket>
  -Dsonar.pullrequest.branch=<source branch name of pull request>
  -Dsonar.pullrequest.base=<destination branch name of pull request>

See: https://docs.sonarqube.org/latest/analysis/pull-request/

Info
Take the source branch name of pull requests for `BRANCH_NAME` in Sonar™ project key

See Developer Edition or higher

Only SonarQube™ 7.7

Code Block

language	bash

  -Dsonar.analysis.scmRevision=COMMIT_ID

Code Block

language	bash

  -Dsonar.analysis.scmRevision=COMMIT_ID

Not needed

...

We provide a first class integration for Bamboo with our Include Code Quality for Bamboo plugin. See our dedicated wiki page for more information.

Jenkins

Use Bitbucket Webhook to Jenkins or any other app to notify Jenkins about new code changes. See these instructions on how to set it up. It is important enabling the setting "Omit SHA1 Hash Code" in the repository settings of the app (see this issue on Github for more details).
Follow the instructions on the Sonar™ Scanner for Jenkins Wiki to set up the Sonar™Scanner configuration.
The Jenkins Git plugin includes the origin/ prefix in branch names, which has to be removed. Use a Jenkins freestyle job.
Code Block
language bash
echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2-) > sonar-branch
(Community Edition only) SonarQube™ versions 7.9.x and 8.x need to replace illegal branch characters.
Use the following command to export the sanitized branch name to a file:
Code Block
echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2- | sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g) > sonar-branch

To inject the environment variable from the file sonar-branch , you also need to install the Jenkins EnvInject Plugin.

...

Versions Compared

Old Version 14

New Version 15

Key

Jenkins