Versions Compared

Old Version 15

changes.mady.by.user Christian Ott

Saved on

compared with

New Version 16

changes.mady.by.user Christian Ott

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Whichever external system you use to execute the Sonar™ scan, you need to run it with the correct parameters for your SonarQube™ application. Use the analysis parameter matrix below to find yours.

Analysis Parameter Matrix

The table shows the minimally necessary parameters to get Include Code Quality for Bitbucket to work with Sonar™Scanner. Look at the SonarQube™ documentation for additional parameters or different scanning methods.

Developer Edition or higher

Community Edition

SonarCloud™ https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/overview/

Common Parameters

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ 
  -Dsonar.host.url=<SONAR_SERVER_URL>

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \
  -Dsonar.host.url=<SONAR_SERVER_URL>
Note

SonarQube™ versions 7.9.x and 8+ only allow certain characters [0-9a-zA-Z:-_.] in their project keys. Branch names typically contain / and cannot be used.

Use the same character as configured in the SonarQube™ server configuration under ‘Branch renaming for Sonar™ Project Keys’.

To replace illegal characters with the replacement character, the following sed expression can be used in your CI/CD configuration:

sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g

Code Block
languagebash
sonar-scanner \
  -Dsonar.projectKey=<SONAR_PROJECT_KEY> \
  -Dsonar.host.url=https://sonarcloud.io \
  -Dsonar.organization=<SONAR_CLOUD_ORGANIZATION>

Branch Analysis

Code Block
languagebash
  -Dsonar.branch.name=<branch_name>

Parameter not supported, branch included in Sonar™ project key asBRANCH_NAME

See Developer Edition or higher

Pull Request Analysis

Code Block
languagebash
  -Dsonar.pullrequests.key=<pull request id from Bitbucket>
  -Dsonar.pullrequest.branch=<source branch name of pull request>
  -Dsonar.pullrequest.base=<destination branch name of pull request>

See: https://docs.sonarqube.org/latest/analysis/pull-request/

Info

Take the source branch name of pull requests for BRANCH_NAME in Sonar™ project key

See Developer Edition or higher

Only SonarQube™ 7.7

Code Block
languagebash
  -Dsonar.analysis.scmRevision=COMMIT_ID
Code Block
languagebash
  -Dsonar.analysis.scmRevision=COMMIT_ID

Not needed

Build Systems

Bamboo

We provide a first class integration for Bamboo with our Include Code Quality for Bamboo plugin. See our dedicated wiki page for more information.

Jenkins

  1. Use Bitbucket Webhook to Jenkins or any other app to notify Jenkins about new code changes. See these instructions on how to set it up. It is important enabling the setting "Omit SHA1 Hash Code" in the repository settings of the app (see this issue on Github for more details).Follow https://plugins.jenkins.io/atlassian-bitbucket-server-integration/ to connect Jenkins to Bitbucket.

  2. Install the the https://plugins.jenkins.io/sonar/ Jenkins plugin, follow the instructions on the Sonar™ Scanner for Jenkins Wiki to set up the Sonar™Scanner configuration.The Jenkins Git plugin includes the origin/ prefix in branch names, which has to be removed. Use a Jenkins freestyle job.configure your analysis.

  3. [Community Edition] Install the https://plugins.jenkins.io/envinject/ plugin.

Community Edition: Freestyle Job

  1. New 'Freestyle Job'

  2. Select 'Bitbucket Server' for source code management

  3. Select repository: enter */<yourMainBranch> as 'Branch specifier' in 'Branches to build'

  4. Select "Bitbucket webhook trigger" and enable the pull request events

  5. Add build steps

    1. Write out the sanitized SONAR_BRANCH to a file by adding a 'Execute Shell' task with content:

      Code Block
      languagebash
      echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2- | sed s/[^0-9a-zA-Z:_.\-]/'-'/g) > sonar-branch

    (Community Edition only) SonarQube™ versions 7.9.x and 8.x need to replace illegal branch characters.
    Use the following command to export the sanitized branch name to a file:

    Code Blockecho SONAR_BRANCH=$(
    2. Inject this variable with an 'Inject environment variable' step: select `sonar-branch` as 'Properties filepath'
    3. Add 'Execute SonarQube Scanner' step: override project key and project name in the 'Analysis Properties' field like:
       Code Block
      sonar.projectKey=my.plugin.key:${SONAR_BRANCH}
sonar.projectName="Sonar Test Project - ${SONAR_BRANCH}"
  6. Save configuration
  7. Trigger analysis with 'Build Now', it should successfully analyze your main branch
  8. Change the 'Branch specifier' to ** to listen to all branches
  9. Create a Pull Request in Bitbucket and verify an analysis is triggered
Community Edition: Multibranch Pipeline
  1. Add a 'Multibranch Pipeline'
  2. Select 'Bitbucket Server' for 'Branch Sources' and add a Repository
  3. Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events
  4. Save 
Add a Jenkinsfile to the repository. It needs needs to calculate the sonar.projectKey for the current branch (See https://mibexsoftware.atlassian.net/wiki/spaces/MSS/pages/3071082501/Sonar+Analysis+Configuration#Analysis-Parameter-Matrix)
Below is an example of such a pipeline:
 Code Block
languagegroovy
pipeline {
    agent any
    environment {
        scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' 
        SONAR_BRANCH = sh(returnStdout: true, script: "printf '%s' $GIT_BRANCH | 
...
sed 
...
'
...
s/[^0-9a-zA-Z:_.\\-]/
...
 To inject the environment variable from the file sonar-branch , you also need to install the Jenkins EnvInject Plugin.
...
-/g'")
    }
    stages {
        stage('Analysis') {        
            steps {
                withSonarQubeEnv('sonar') {
                    sh "${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=test.pipeline.proj:$SONAR_BRANCH -Dsonar.projectName=\"Awesome Pipeline - $SONAR_BRANCH\"" 
                }
            }
        }
    }
}
Developer Edition or higher: Multibranch Pipeline
  1. Add a 'Multibranch Pipeline'
  2. Select 'Bitbucket Server' for 'Branch Sources' and add a Repository
  3. Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events
  4. Save 
Use this Jenkinsfile for inspiration:
 Note
Only Branch Analysis is working: Due to missing feature https://issues.jenkins.io/browse/JENKINS-66581 pull request analysis is currently not possible
 Code Block
languagegroovy
pipeline {
    agent any
    environment {
        scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' 
    }
    stages {
        stage('branch analysis') {
            when { 
              not {
                changeRequest()
              } 
            }
            steps {
                withSonarQubeEnv('sonar-cloud') {
                sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}"
                }
            }
        }
        
        // NOT WORKING: https://issues.jenkins.io/browse/JENKINS-66581
        stage('PR analysis') {
            when {
                changeRequest()
            }
            steps {
                withSonarQubeEnv('sonar-cloud') {
                sh "${scannerHome}/bin/sonar-scanner \
                      -Dsonar.pullrequest.key=${env.CHANGE_ID} \
                      -Dsonar.pullrequest.base=${env.CHANGE_TARGET} \
                      -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
                }
            }
        }
    }
}
Problems During Setup
We at Mibex Software are happy to help you in our support desk or at support@mibexsoftware.com
...