Include Code Quality for Bitbucket never triggers a SonarQube™ analysis.

The most common scenario is an integration of the SonarQube™ analysis into your build pipeline.

A recommended flow with Include Code Quality for Bitbucket looks like:

New code changes pushed to Bitbucket (or new pull request is created)
1. Bitbucket triggers your build pipeline for code changes
Your build pipeline must trigger the Sonar™ analysis
1. and executes the Sonar™Scanner or one of its build system-dependent alternatives.
2. see below for required parameters
SonarQube™ informs Include Code Quality for Bitbucket over a Webhook about a new analysis report.
1. Include Code Quality for Bitbucket annotates existing pull requests with the issues found in the analysis.

Whichever external system you use to execute the Sonar™ scan, you need to run it with the correct parameters for your SonarQube™ application. Use the analysis parameter matrix below to find yours.

Analysis Parameter Matrix

The table shows the minimally necessary parameters to get Include Code Quality for Bitbucket to work with Sonar™Scanner. Look at the SonarQube™ documentation for additional parameters or different scanning methods.

	Developer Edition or higher	Community Edition	SonarCloud™ https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/overview/

	Developer Edition or higher	Community Edition	SonarCloud™ https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/overview/
Common Parameters	`sonar-scanner \ -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ -Dsonar.host.url=<SONAR_SERVER_URL>`	`sonar-scanner \ -Dsonar.projectKey=<SONAR_PROJECT_KEY_PREFIX:BRANCH_NAME> \ -Dsonar.host.url=<SONAR_SERVER_URL>` SonarQube™ versions 7.9.x and 8+ only allow certain characters `[0-9a-zA-Z:-_.]` in their project keys. Branch names typically contain `/` and cannot be used. Use the same character as configured in the SonarQube™ server configuration under ‘Branch renaming for Sonar™ Project Keys’. To replace illegal characters with the replacement character, the following sed expression can be used in your CI/CD configuration: `sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g`	`sonar-scanner \ -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ -Dsonar.host.url=https://sonarcloud.io \ -Dsonar.organization=<SONAR_CLOUD_ORGANIZATION>`
Branch Analysis	`-Dsonar.branch.name=<branch_name>`	Parameter not supported, branch included in Sonar™ project key as`BRANCH_NAME`	See Developer Edition or higher
Pull Request Analysis	`-Dsonar.pullrequest.key=<pull request id from Bitbucket> -Dsonar.pullrequest.branch=<source branch name of pull request> -Dsonar.pullrequest.base=<destination branch name of pull request>` See: https://docs.sonarqube.org/latest/analysis/pull-request/	Take the source branch name of pull requests for `BRANCH_NAME` in Sonar™ project key	See Developer Edition or higher
Only SonarQube™ 7.7	`-Dsonar.analysis.scmRevision=COMMIT_ID`	`-Dsonar.analysis.scmRevision=COMMIT_ID`	Not needed

Build Systems

Bamboo

We provide a first class integration for Bamboo with our Include Code Quality for Bamboo plugin. See our dedicated wiki page for more information.

Jenkins

Use https://plugins.jenkins.io/atlassian-bitbucket-server-integration/ to connect Jenkins to Bitbucket.
Install the the https://plugins.jenkins.io/sonar/ Jenkins plugin, follow the instructions on the Sonar™ Scanner for Jenkins Wiki to configure your analysis.
[Community Edition] Install the https://plugins.jenkins.io/envinject/ plugin.

Community Edition: Freestyle Job

New 'Freestyle Job'
Select 'Bitbucket Server' for source code management
Select repository: enter */<yourMainBranch> as 'Branch specifier' in 'Branches to build'
Select "Bitbucket webhook trigger" and enable the pull request events
Add build steps
1. Write out the sanitized SONAR_BRANCH to a file by adding a 'Execute Shell' task with content:
  echo SONAR_BRANCH=$(printf '%s' $GIT_BRANCH | cut -d'/' -f 2- | sed s/[^0-9a-zA-Z:_.\-]/'-'/g) > sonar-branch
2. Inject this variable with an 'Inject environment variable' step: select `sonar-branch` as 'Properties filepath'
3. Add 'Execute SonarQube Scanner' step: override project key and project name in the 'Analysis Properties' field like:
  sonar.projectKey=my.plugin.key:${SONAR_BRANCH} sonar.projectName="Sonar Test Project - ${SONAR_BRANCH}"
Save configuration
Trigger analysis with 'Build Now', it should successfully analyze your main branch
Change the 'Branch specifier' to ** to listen to all branches
Create a Pull Request in Bitbucket and verify an analysis is triggered

Community Edition: Multibranch Pipeline

Add a 'Multibranch Pipeline'
Select 'Bitbucket Server' for 'Branch Sources' and add a Repository
Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events
Save

Add a Jenkinsfile to the repository. It needs needs to calculate the sonar.projectKey for the current branch (See Sonar™ Analysis Configuration | Analysis Parameter Matrix)

Below is an example of such a pipeline:

pipeline {
    agent any
    environment {
        scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' 
        SONAR_BRANCH = sh(returnStdout: true, script: "printf '%s' $GIT_BRANCH | sed 's/[^0-9a-zA-Z:_.\\-]/-/g'")
    }
    stages {
        stage('Analysis') {        
            steps {
                withSonarQubeEnv('sonar') {
                    sh "${scannerHome}/bin/sonar-scanner -Dsonar.projectKey=test.pipeline.proj:$SONAR_BRANCH -Dsonar.projectName=\"Awesome Pipeline - $SONAR_BRANCH\"" 
                }
            }
        }
    }
}

Developer Edition or higher: Multibranch Pipeline

Add a 'Multibranch Pipeline'
Select 'Bitbucket Server' for 'Branch Sources' and add a Repository
Add 'Bitbucket webhook trigger' to 'Scan Multibranch Pipeline Triggers' → enable push/pull-request events
Save

Use this Jenkinsfile for inspiration:

pipeline {
    agent any
    environment {
        scannerHome = tool name: 'scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation' 
    }
    stages {
        stage('branch analysis') {
            when { 
              not {
                changeRequest()
              } 
            }
            steps {
                withSonarQubeEnv('sonar-cloud') {
                sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}"
                }
            }
        }
        
       
        stage('PR analysis') {
            when {
                changeRequest()
            }
            steps {
                withSonarQubeEnv('sonar-cloud') {
                sh "${scannerHome}/bin/sonar-scanner \
                      -Dsonar.pullrequest.key=${env.CHANGE_ID} \
                      -Dsonar.pullrequest.base=${env.CHANGE_TARGET} \
                      -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
                }
            }
        }
    }
}

Problems During Setup

We at Mibex Software are happy to help you in our support desk or at support@mibexsoftware.com

Mibex Software Support

Sonar™ Analysis Configuration