Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Executes a sonar scan. This operation takes inputs for both a Sonar project properties path and an analysis properties file and individual properties for project location, source code location, compiled classes location, and verbose logging option. If both are provided, the plugin will use the analysis properties input and do nothing with the individual properties. 

...

the path. This operation only returns its task Id and browsable url on the specified SonarQube instance.

Info

Analysis Properties

There is a significant amount of analysis parameters available to augment a Sonar scan. It is recommended to research which parameters are necessary for your projects and sonar scans.

Analysis Tool Instance Properties

Property Name

Property Code

Required

Description

SonarQube Scanner Home

FDSQ_SCANNER_HOME

Yes

SonarQube Scanner Home Directory

SonarQube instance URL

FDSQ

FDSONARQUBEACCT_INSTANCE_URL

Yes

SonarQube Server Instance URL (example: https://localhost:9000)

SonarQube Token

FDSQ

FDSONARQUBEACCT_TOKEN

Yes

No

SonarQube Server Token provides credentials to run code scans or to invoke web services as a replacement of the user login. Provide a token or username and password.

SonarQube Username

FDSQ

FDSONARQUBEACCT_USERNAME

Yes

No

The username for your SonarQube Server Instance. Provide a token or username and password.

SonarQube Password

FDSQ

FDSONARQUBEACCT_PASSWORD

Yes

No

The password for your SonarQube Server Instance.

Project Properties

Property NameProperty CodeRequiredDescription

SonarQube Project Key

FDSQ_PROJECT_KEY

Yes

Unique identifier for a given SonarQube instance project.

SonarQube Project NameFDSQ_PROJECT_NAMENoName of the project that will be displayed on the web interface. Defaults to the project key. If not provided and there is already a name in the database, it won't be overwritten.SonarQube Project FDSQ_PROJECT_VERSIONNoThe project version that will be displayed on the web interface.

 Provide a token or username and password.

SonarQube Clinet path

FDSONARQUBEACCT_SONAR_HOME

No

SonarQube Client path in the server (e.g. /u01/sonarClinet/sonar-scanner-3.1.0.1141-linux/bin)

Inputs

Input Name

Input Code

Required

Description

Project Location

SonarQube Account Code

FDSQ_INP_

PROJECT_LOCATIONNoPath to the project root, relative to FD_TEMP_DIR.FDSQ_INP_SOURCE_CODE_LOCATIONNoPath to the project sources, relative to FDSQ_INP_PROJECT_LOCATION. Defaults to project base directory.Compiled Classes Location

ANALYSIS_TOOL_ACCOUNT_CODE

Yes

The SonarQube account with all the required properties like Sonar Scanner Home, Instance Url, Token for running SonarQube Instance.

Sonar Project Properties Path

FDSQ_INP_

CLASSES

PROPERTIES_FILE_

LOCATION

PATH

No

Path to the compiled classes, relative to FDSQ_INP_PROJECT_LOCATION. Defaults to project base directory.Enable Verbose OptionFDSQ_INP_VERBOSE_OPTIONNoToggles logging level when more debug information is needed

Absolute file path of the sonar-project.properties file.

Analysis Properties

FDSQ_INP_ANALYSIS_PROPERTIES

No

Define the sonar project properties manually. This will override all other fields. Required

properties

property: sonar.

host.url and sonar.

projectKey

Outputs

Output Name

Description

FDSQ_OUT_TASK_ID

Id of the task or Sonar scan started.

FDSQ_OUT_DASHBOARD_URL

SonarQube instance dashboard url. Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report.

Artifacts

This operation doesn’t consume or produce any artifacts.

Endpoint Selection

This operation will select all available endpoints associated to the environment/instancedelegates the selection to the workflow developer to determine.

Endpoint Execution

This operation will execute on any one of the selected endpoints and will be random in the determination of which oneoperations delegates the execution to the workflow developer to decide.

Special Considerations

If you choose to use a token over username and password for authentication you can generate it on your SonarQube Server. To get a SonarQube Token: login to your SonarQube Instance and navigate to My Account->Security->Generate New Token. Make sure you copy and save this token somewhere secure because after you leave this screen you will not beable to see your token again.

...

  • SonarQube instance required

  • Sonar Scanner installed on target environment

Insert excerpt
analyzeCode
analyzeCode
nameInstalling SonarQube
nopaneltrue

Example

Insert excerpt
analyzeCode
analyzeCode
nameSonar Authentication
nopaneltrue

Step 2: Create a SonarQube Analysis Tool Account

...

  • Under SonarQube Account define:

    • SonarQube Instance URL (http://host:port with no extra "/" at the end).

    • Token OR username AND password for SonarQube Instance.

Step 3: Set your host url

  • Navigate to your SonarQube installation location. We'll refer to it as $install_directory in the next steps.

  • Update the global settings to point to your SonarQube server by editing $install_directory/conf/sonar-scanner.properties:

    sonar-scanner.properties

    Code Block
    #----- Default SonarQube server
    #sonar.host.url=http://localhost:9000 #Don't forget to remove the "#" here if it is there by default

Step 4: Define sonar project properties (2 options)

  • Option 1: Create a configuration file in the root directory of the project and name it sonar-project.properties, then give the file path to this file under Sonar Project Properties Path.

    Info
    titleNote

    Sonar Project Properties Path or Analysis Properties is required but not both. Notice both are defined in this example, therefore, the analysis properties will take precedence.

  • Option 2: Create the sonar project properties from the Workflow screen under Analysis Properties.

    Image Added
    Info
    titleNote

    Sonar Project Properties Path or Analysis Properties is required but not both. Notice both are defined in this example, therefore, the analysis properties will take precedence.


    Info
    titleNote

    Omitting sonar.sources or sonar.projectBaseDir properties means the sonar scan will default to scanning all files in the base directory of the workflow execution → Endpoint Base Directory/ProjectId/WorkflowExecutionId (I.E.: prod/flexdeploy/fdtlt04/work/302231/198535/)


  • For a list of all possible properties available visit SonarQube Analysis Properties.

Step 5: Define output names for FDSQ_OUT_TASK_ID and FDSQ_OUT_DASHBOARD_URL and create variables with matching names.

...

Step 6: Create a project, select your sonar scan workflow, and instance.

Step 7: Run the workflow to start your sonar scan. 

Example output:

...