SonarQube Scanner PLUGIN for Jenkins, send your code to your Sonarqube server for analysis

Tiempo de lectura: 2 minutos

Reading time: 4 minutes

Hello, today I’m going to show you how to install and send code to SonarQube using SonarQube Scanner Plugin and Jenkins. This way, we can create a stage within the CI/CD pipeline that is responsible for analyzing the code integration.

The first thing we need to do is open Jenkins and go to Manage Jenkins:

Go to Manage Plugins > Available plugins and search for SonarQube Scanner

Click on Install Without restart

Now we need to go to Manage Jenkins and Global Tool Configuration.

In this section, go to SonarQube Scanner and click on Add SonarQube Scanner:

Choose a name and a version to install:

Click on Apply and then Save.

We can also add the SonarQube server data so that we can execute Jobs.

For that, go to Configure System > SonarQube servers

Click on Environment Variables and then on Add SonarQube:

Fill in the requested information:

Click on Apply and then Save.

Now, the first time we run a JOB, SonarQube will be automatically installed. After executing the task, we can see the location of SonarQube and create an environment variable that points to the installation.

In this case, it is located at:

/var/jenkins_home/tools/hudson.plugins.sonar.SonarRunnerInstallation/SonarQube_Scanner/

To add the environment variable, follow these steps:

  • Access the Jenkins administration panel and click on “Configure System”.
  • Scroll down to the “Global Environment Variables” section and click on the “Add” button.
  • In the “Name” field, enter the name of the variable, for example, “SCANNER_HOME”.
  • In the “Value” field, enter the complete path where SonarQube Scanner is installed on yoursystem, for example, “/usr/local/sonar-scanner”.
  • Click on “Save” to save the configuration.

Once the environment variable is added, you can use it in your Jenkinsfile as ${env.SCANNER_HOME}.

If we echo ${SCANNER_HOME} in a JOB, it will return the specified path:

Now we can create the stage within the Jenkinsfile:

stage('SonarQube analysis') {
    environment {
        scannerHome = "${SCANNER_HOME}"
        projectPropertiesPath = "./Server/app/sonar-project.properties"
    }
    steps {
        script {
            def scannerCmd = "${scannerHome}bin/sonar-scanner"
            sh "${scannerCmd} -Dproject.settings=${projectPropertiesPath}"
        }
    }
}

By adding this stage, Jenkins will download the project using Git or GitLab locally and then apply this plugin from the root path. That’s why we first specify projectPropertiesPath with the project’s path and where the SonarQube configuration is added (this file is located in the root of the project), sonar-project.properties:

sonar.projectKey=SONARQUBE_PROJECT_KEY
sonar.projectName=SONARQUBE_PROJECT_NAME
sonar.projectVersion=1.0

sonar.sources=.

sonar.host.url=DEPLOYED_SONARQUBE_URL
sonar.login=GENERATED_SONARQUBE_TOKEN

With this configuration, we can now run SonarQube Scanner from Jenkins.

If we want the pipeline execution to stop when the code is not of sufficient quality, we can add the following:

pipeline {
    agent any
    stages {
        stage('SonarQube Scan') {
            steps {
                withSonarQubeEnv('SonarQube Server') {
                    sh 'sonar-scanner'
                }
            }
        }
    }
    post {
        always {
            withSonarQubeEnv('SonarQube Server') {lua
Copy code
            def qg = withSonarQubeQualityGate()
            if (qg.status != 'OK') {
                error "Pipeline aborted due to quality gate failure: ${qg.status}"
            }
        }
    }
}
}

Concluding the pipeline configuration, we have added a stage for SonarQube analysis that will analyze the code using SonarQube Scanner. Additionally, we have set up the necessary configurations, including the SonarQube project key, name, and version, as well as the SonarQube server URL and login token. The pipeline includes a post-build step that checks the quality gate status and aborts the pipeline if the status is not ‘OK’.

This setup allows you to integrate SonarQube analysis into your CI/CD pipeline, ensuring code quality and identifying potential issues or vulnerabilities.

PIPE

Leave a Comment