Integrate your SonarQube analysis into your toolchain

Share this post:

If you have been using a SonarQube server for your code quality/code coverage, you can now use it from within your toolchain in IBM® Bluemix® Continuous Delivery. The SonarQube integration includes direct support for Gradle and Maven, but can also be used with Ant (see the Related topics section below).

The process to set up the SonarQube tool integration has two main steps:

  1. Add SonarQube to your toolchain.
  2. Add a Maven or Gradle job build job to your Delivery Pipeline.

Step 1: Add SonarQube to your toolchain

From your toolchain’s Overview page, click Add a Tool. On the SonarQube configuration page, enter these details:

  • A name for the integration, such as “my-sonarqube”
  • The URL of your SonarQube server
  • The user credentials.

SonarQube tile

This is an example of the SonarQube configuration using an authentication token instead of user credentials (login/password).

Step 2: Add SonarQube job to Delivery Pipeline

Add a build job to your pipeline and for the builder type, select Maven (Artifactory/Nexus/SonarQube) or Gradle (Artifactory/Nexus/SonarQube) based on which you are using. All screenshots are done using Maven.

If you are using an Artifactory or Nexus Maven repository which is already set up in your toolchain, you need to specify it under the Tool integration type. If you don’t specify a tool integration name, a name is created for you by default. You can also specify the name if you want:

Artifactory name
Artifactory integration name

Build job configuration with artifactory instance name
Artifactory instance name in the build job configuration panel

Similarly, you can name the SonarQube integration instance if required.

Build job configuration first part

For the Build Command, you only need to specify the maven sonar task by entering: mvn clean sonar:sonar. If you are using Gradle, the command is gradle sonarqube.

Build job configuration - second part

The Maven build job also provides environment variables that can be used when you run your build command:

  • MAVEN_NAME: The name of the maven service instance
  • MAVEN_USER_ID: The user id for the maven repository
  • MAVEN_TOKEN: The token or password for the maven repository
  • MAVEN_SNAPSHOT_URL: The maven snapshot repository
  • MAVEN_RELEASE_URL: The maven release repository
  • MAVEN_MIRROR_URL: The maven mirror repository
  • SONAR_INSTANCE_NAME: The name of the SonarQube instance
  • SONAR_SERVER_URL: The URL of the SonarQube server
  • SONAR_USER_ID: The SonarQube user name
  • SONAR_USER_TOKEN: The SonarQube password or authentication token

The following properties are Maven properties:

  • The settings.xml is available in $HOME/.m2/settings.xml
  • The name of the snapshots repository is ‘snapshots’
  • The name of the release repository is ‘releases’
  • The name of the mirror repository is ‘central’

Once the build job is done, you can click on the SonarQube tile to open the SonarQube server URL. From there, you can see the result of the last scan and take appropriate actions.

Feedback is welcome!

You can see how easy it is to integrate SonarQube within your toolchain and your delivery pipeline. If you have ideas or suggestions on how to improve our SonarQube integration, feel free to contact by replying below or on dW Answers.


  • Ant integration: If you are using Ant to run your build, you can also integrate with SonarQube. Use the same build job as for Maven.
    Use the SonarQube environment variables inside your build.xml file to retrieve SonarQube information:
    Ant script
  • SonarQube requirements: SonarQube requires a 1.8 JVM to be used. This is important in the pipeline as the default JVM is not a 1.8 JVM. You can set the JAVA_HOME to /opt/IBM/java8. See the official you can check this SonarQube requirements documentation for more details.



via Bluemix Blog

June 21, 2017 at 10:15AM