Integrate your SonarQube analysis into your toolchain
Share this post:
If you have been using a SonarQube server for your code quality/code coverage, you can now use it from within your toolchain in IBM® Bluemix® Continuous Delivery. The SonarQube integration includes direct support for Gradle and Maven, but can also be used with Ant (see the Related topics section below).
The process to set up the SonarQube tool integration has two main steps:
- Add SonarQube to your toolchain.
- Add a Maven or Gradle job build job to your Delivery Pipeline.
Step 1: Add SonarQube to your toolchain
From your toolchain’s Overview page, click Add a Tool. On the SonarQube configuration page, enter these details:
- A name for the integration, such as “my-sonarqube”
- The URL of your SonarQube server
- The user credentials.
This is an example of the SonarQube configuration using an authentication token instead of user credentials (login/password).
Step 2: Add SonarQube job to Delivery Pipeline
Add a build job to your pipeline and for the builder type, select Maven (Artifactory/Nexus/SonarQube) or Gradle (Artifactory/Nexus/SonarQube) based on which you are using. All screenshots are done using Maven.
If you are using an Artifactory or Nexus Maven repository which is already set up in your toolchain, you need to specify it under the Tool integration type. If you don’t specify a tool integration name, a name is created for you by default. You can also specify the name if you want:
Artifactory integration name
Artifactory instance name in the build job configuration panel
Similarly, you can name the SonarQube integration instance if required.
For the Build Command, you only need to specify the maven sonar task by entering:
mvn clean sonar:sonar. If you are using Gradle, the command is
The Maven build job also provides environment variables that can be used when you run your build command:
MAVEN_NAME: The name of the maven service instance
MAVEN_USER_ID: The user id for the maven repository
MAVEN_TOKEN: The token or password for the maven repository
MAVEN_SNAPSHOT_URL: The maven snapshot repository
MAVEN_RELEASE_URL: The maven release repository
MAVEN_MIRROR_URL: The maven mirror repository
SONAR_INSTANCE_NAME: The name of the SonarQube instance
SONAR_SERVER_URL: The URL of the SonarQube server
SONAR_USER_ID: The SonarQube user name
SONAR_USER_TOKEN: The SonarQube password or authentication token
The following properties are Maven properties:
- The settings.xml is available in
- The name of the snapshots repository is ‘snapshots’
- The name of the release repository is ‘releases’
- The name of the mirror repository is ‘central’
Once the build job is done, you can click on the SonarQube tile to open the SonarQube server URL. From there, you can see the result of the last scan and take appropriate actions.
Feedback is welcome!
You can see how easy it is to integrate SonarQube within your toolchain and your delivery pipeline. If you have ideas or suggestions on how to improve our SonarQube integration, feel free to contact by replying below or on dW Answers.
- Ant integration: If you are using Ant to run your build, you can also integrate with SonarQube. Use the same build job as for Maven.
Use the SonarQube environment variables inside your build.xml file to retrieve SonarQube information:
- SonarQube requirements: SonarQube requires a 1.8 JVM to be used. This is important in the pipeline as the default JVM is not a 1.8 JVM. You can set the
/opt/IBM/java8. See the official you can check this SonarQube requirements documentation for more details.
via Bluemix Blog https://ibm.co/2pQcNaA
June 21, 2017 at 10:15AM