Configure SonarQube™ Analysis in build pipeline

In order for Include Code Quality for Bitbucket to include SonarQube™ analysis results in your Bitbucket instance, your build pipeline must trigger a SonarQube™ analysis.

As such it must execute the Sonar™Scanner or one of its build system-dependent alternatives (e.g. the SonarQube™ Maven plug-in).

Whichever external system you use to execute the SonarQube™ scan, you need to run it with the correct parameters for your SonarQube™ application. Use the analysis parameter matrix provided below.

Analysis Parameter Matrix

The table shows the minimally necessary parameters to get Include Code Quality for Bitbucket to work with Sonar™Scanner. Look at the SonarQube™ documentation for additional parameters or different scanning methods.

Developer Edition

	Developer Edition or higher
Common Parameters	BASH `sonar-scanner \ -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ -Dsonar.host.url=<SONAR_SERVER_URL>`
Branch Analysis	BASH `-Dsonar.branch.name=<branch_name>`
Pull Request Analysis	BASH `-Dsonar.pullrequest.key=<pull request id from Bitbucket> -Dsonar.pullrequest.branch=<source branch name of pull request> -Dsonar.pullrequest.base=<destination branch name of pull request>` See: https://docs.sonarqube.org/latest/analysis/pull-request/
Only SonarQube™ 7.7	BASH `-Dsonar.analysis.scmRevision=COMMIT_ID`

Community Edition

	Community Edition
Common Parameters	BASH `sonar-scanner \ -Dsonar.projectKey=<SONAR_PROJECT_KEY:BRANCH_NAME> \ -Dsonar.host.url=<SONAR_SERVER_URL>` SonarQube™ versions 7.9.x and 8+ only allow certain characters in their project keys:`[0-9a-zA-Z:-_.]`. Branch names typically contain `/` and cannot be used. Use the same replacement character as configured in the SonarQube™ server configuration in the app’s settings in Bitbucket (Bitbucket Admin → Include Code Quality) under ‘Branch renaming for Project Keys’. To replace illegal characters with the replacement character, the following sed expression can be used in your CI/CD configuration: `sed s/[^0-9a-zA-Z:_.\-]/'<YOUR_CONFIGURED_CHAR>'/g`
Branch Analysis	Parameter not supported. The SonarQube™ Community Edition does not handle branches and pull requests in a single project. As such, a separate SonarQube™ project for each branch is used to show SonarQube™ information for pull requests and branches. The branch must be included in SonarQube™ `projectKey` as`BRANCH_NAME` (see Common Parameters above)
Pull Request Analysis	Parameter not supported. Use the source branch name of pull requests as `BRANCH_NAME` in SonarQube™ `projectKey`.
Only SonarQube™ 7.7	BASH `-Dsonar.analysis.scmRevision=COMMIT_ID`

SonarCloud

	SonarCloud™ https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/overview/
Common Parameters	BASH `sonar-scanner \ -Dsonar.projectKey=<SONAR_PROJECT_KEY> \ -Dsonar.host.url=https://sonarcloud.io \ -Dsonar.organization=<SONAR_CLOUD_ORGANIZATION>`
Branch Analysis	BASH `-Dsonar.branch.name=<branch_name>`
Pull Request Analysis	BASH `-Dsonar.pullrequest.key=<pull request id from Bitbucket> -Dsonar.pullrequest.branch=<source branch name of pull request> -Dsonar.pullrequest.base=<destination branch name of pull request>` See: https://docs.sonarqube.org/latest/analysis/pull-request/
Only SonarQube™ 7.7	Not needed

Build Systems

You can find below further details on how to set up your SonarQube™ analysis with Bamboo and Jenkins.

Bamboo

Jenkins

Problems During Setup?

We at Mibex Software are happy to help you in our support desk or at support@mibexsoftware.com

_{SONAR™, SONARQUBE™ and SONARCLOUD™ are independent and trademarked products and services of SonarSource SA: see}_{http://sonarsource.com}_,_{http://sonarqube.org}_,_{http://sonarcloud.io}_.