Configure Webhook in SonarQube™
Include Code Quality for Bitbucket receives the analysis results from SonarQube™ via Webhook.
Options for Webhook setup
You have two options to setup a Webhook:
Automatic Webhook setup (recommended) | Manual Webhook Setup | |
|---|---|---|
Supports SonarQube™ 7.8 or newer | ✅ | ✅ |
Supports SonarQube™ 7.7 or older | ✅ | |
Supports cases where the Bitbucket URL cannot be reached from SonarQube | ✅ | |
Support use of manually configured webhook secret | ✅ | |
Supports use of Basic Auth (username + password) | ✅ |
Troubleshooting
If you have issues with your configured webhook, check this section for troubleshooting.
Automatic Webhook setup
Whenever you add a new SonarQube™ server within your Bitbucket instance, a webhook is automatically created unless you explicitly choose to use a manual webhook (see below).
Manual Webhook setup
To manually configure the webhook, enable manual webhook configuration in the SonarQube™ server settings within Bitbucket (Bitbucket Admin → Include Code Quality).
To configure the manual webhook in SonarQube™ you have two options:
configure with a secret from your server configuration
configure with basic auth with a Bitbucket user
Configure with a secret from your server configuration
Create a Webhook with the following fields:
Name | ch.mibex.bitbucket.sonar |
URL | https://{YOUR_BITBUCKET_SERVER}/rest/sonar4stash/1.0/webhook/secret |
Secret | a self-chosen secret in SonarQube™ that must match the one in the Bitbucket app’s server configuration |
Configure with basic auth with a Bitbucket user
Create a Webhook with the following fields:
Name | ch.mibex.bitbucket.sonar |
URL | https://{USER}:{USER_PASSWORD}@{YOUR_BITBUCKET_SERVER}/rest/sonar4stash/1.0/webhook/basic_auth Where you replace {USER} and {USER_PASSWORD} from the URL with credentials of a Bitbucket user with READ permissions for the repos you want to analyze. |
Secret | leave empty |
For SonarQube™ 7.7, please make sure to pass -Dsonar.analysis.scmRevision=COMMIT_ID to your SonarQube™ analysis. For newer SonarQube™ versions, this is not necessary anymore.
SONAR™, SONARQUBE™ and SONARCLOUD™ are independent and trademarked products and services of SonarSource SA: see http://sonarsource.com , http://sonarqube.org , http://sonarcloud.io .