SonarQube

Kovair DevOps SonarQube Integration Plugin

SonarQube
Listen to this article

SonarQube Plugin Details

Plugin Version: 1.0.0
Last Update on: December 10, 2019

Overview

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

SonarQube:

More information can be found at SonarQube.

Version Supported:

This plugin was developed and tested against SonarCloud(https://sonarcloud.io/). SonarScanner 4.2 is used for code analysis (Ref : https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/)

Plugin Operation:

1. Run Code Analysis
This operation allows to code analysis using SonarQube.

Input parameter(s):

ParameterIs MandatoryHelp Text
UrltrueSonarqube Cloud Url(https://sonarcloud.io)
TokentrueSonarqube Token.
SonarqubeScanner PathtrueSonarqubeScanner file path (Ex: C:\\sonar-scanner-windows\\bin\\sonar-scanner.bat).
Project PathtrueProject Path (Ex: C:\\DemoAspProject)
ProjectKeytrueSonarqube ProjectKey
OrganizationtrueSonarqube Organization

Output parameter(s):

ParameterHelp Text
SonarqubeStatusStatus of the Operation

Pass/Fail Condition:

StatusCondition
PassedOutputlog should contain ‘EXECUTION SUCCESS’
FailedIf outputlog does not contain ‘EXECUTION SUCCESS’ or some internal error occurs.

2. Analysis Report
This operation allows to fetch code analysis report(Quality Gate,Bugs,Vulnerabilities etc).

Input parameter(s):

ParameterIs MandatoryHelp Text
UrltrueSonarqube Cloud Url(https://sonarcloud.io)
TokentrueSonarqube Token.
ProjectKeytrueSonarqube ProjectKey

Output parameter(s):

ParameterHelp Text
Quality GateQuality Gate.
BugsTotal bugs.
VulnerabilitiesVulnerabilities.
Code SmellsCode Smells.
CoverageCoverage.
DuplicationsDuplications.
Lines of CodeLines of Code.
SonarqubeStatusStatus of the Operation

Pass/Fail Condition:

StatusCondition
PassedIf basecomponent in console outputlog contains required data.
FailedIf basecomponent in console outputlog does not contains required data. or some internal error occurs.

3. Get Issues
This operation allows to get top 100 issues from sonarqube.

Input parameter(s):

ParameterIs MandatoryHelp Text
UrltrueSonarqube Cloud Url(https://sonarcloud.io)
TokentrueSonarqube Token.
ProjectKeytrueSonarqube ProjectKey

Output parameter(s):

ParameterHelp Text
Issue CountIssue Count.
SonarqubeStatusStatus of the Operation

Pass/Fail Condition:

StatusCondition
PassedIf outputlog contains the issue list.
FailedIf outputlog does not contains the issue list or some internal error occurs.

Disclaimers:

  1. User should have account in sonarcloud as the adapter is developed for sonarcloud(https://sonarcloud.io/).
  2. Sonarqube scanner(https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/) should be installed in Agent machine.
  3. This plugin will not work with Maven, Make and Gradle.

Release Details:

SonarQube Plugin: 1.0.0
Initial version with basic functionalities

Contact us:

Yes, I accept the Privacy Statement and want to receive latest information from Kovair.
EnglishFrenchGermanItalianJapaneseSpanishChinese (Simplified)