How do I implement Sonarqube with Jenkins and Perforce,I have configured Sonarqube in our server and our source code is in Perforce,I know we can install perforce plugin in Sonarqube,so if I configure perforce plugin in Sonarqube ,will it fetch the latest code from perforce and analyse it?
SonarQube will not fetch source code by itself. You have to configure Jenkins to do that (there is a Jenkins plugin for Perforce).
Once your Jenkins job properly fetch source code, you can run a SonarQube analysis using a SonarQube Scanner step.
You should now have your source code properly analyzed and browsable in SonarQube.
On top of that you can install and configure the SonarQube Perforce plugin that will collect blame of all analyzed files and then allow to automatically assign issues to the last committer (but that's not mandatory).
Related
I just concluded my GitHub integration with Jenkins so that every time I commit code to my GitHub repository, Jenkins automatically builds.
Now I'm trying to integrate SonarCloud too but I haven't been successful.
I'm not looking to integrate with a local SonarQube server, I really need SonarCloud for my team to check it every time Jenkins builds.
I'm not sure if I should analyse the project locally to achieve this or if I can analyse my Jenkins server or GitHub repository and get the result I want because I can't find any documentation.
Can anyone point me in the right direction?
Thank you!
Sonarcloud is just a sonarqube server.
Just use sonar-scanner(the documentation for jenkins can be found here).
At first, you need to install the jenkins plugin for sonar-scanner.
After that, you open the configuration of sonar-scanner using Manage Jenkins > Configure System.
Insert https://sonarcloud.io under Server URL and your sonar token(of sonarclound) under Server authentication token
Under Manage Jenkins > Configure System, you should check Enable injection of SonarQube server configuration as build environment variables and in Build Environment in your job, you should enable Prepare SonarScanner environment.
After you've done that, you can run sonar-scanner with $SONAR_MAVEN_GOAL (if you are using maven), ./gradlew sonarqube (if you are using gradle) or sonar-scanner (if you use none of that).
we would like to start a sonarqube analyze on developers' branches (bitbucket) just before pull requests via jenkins . Is there a sample solution?as far as i understood "sonar for bitbucketserver" plugin only shows the analysis results it does not trigger sonarqube analysis . Our scanner will be on jenkins
without a CI tool I was able to trigger analysis by adding the plugin sonar-stash to sonarqube. This way integrating with Bitbucket. Command I executed in sonarqube server, under sonar-scanner/bin folder:
./sonar-scanner -Dsonar.analysis.mode=preview
-Dsonar.stash.notification=true
-Dsonar.stash.project=JAVA
-Dsonar.stash.repository=abcd
-Dsonar.stash.pullrequest.id=2
-Dsonar.stash.password=**********
I am trying to run a SonarQube scan from Jenkins job. I have the SonarQube Scanner for Jenkins plugin installed v2.6.1 running on local Jenkins (for dev only);
I have seen conflicting reports on whether or not you can run SonarQube on a different server then Jenkins. It wouldn't make sense if you could not do that... if you can, instructions on how to accomplish it would be great. Simply putting in the URL to the SQ server where Jenkins expects a directory to Sonar Runner locally, does not work.
Jenkins and SonarQube do not have to be on the same machine.
The SonarQube plugin in Jenkins will run one of these three scanners:
SonarQube Scanner
SonarQube Scanner for Maven
SonarQube Scanner for MsBuild
Depending on which scanner you use, it works a bit differently:
For the SonarQube Scanner, pass -Dsonar.host.url=http://your.host:1234 as additional arguments. (or add it to your sonar.properties file)
For the SonarQube Scanner for Maven, add -Dsonar.host.url=http://your.host:1234 to your maven build step.
For the SonarQube Scanner for MsBuild, add /d:sonar.host.url=http://your.host:1234 to your MsBuild.exe call.
I am using Maven as a build tool and Jenkins as a CI tool. Currently I have a Jenkins job configured with a Maven build step.
I started using SonarQube and was wondering what is the advantage of using the Jenkins SonarQube plugin and configuring the SonarQube analysis as a post-build-action over simply adding sonar:sonar to the goals of my existing Maven build step.
Thanks and best regards,
Ronald
You can save a lot of configuration. So, if you use jenkins sonar plugin you can centralize database credentials and sonar credentials but if you make a decision about execute sonar:sonar in each jenkins job you will configure each with the same credentials.
I just found: Why use sonar plugin for Jenkins rather than simply use maven goal "sonar:sonar"?
And to add one reason: Using the Jenkins SonarQube plugins one can specify "Skip if triggered by SCM Changes". This is nice if you trigger your Jenkins job for each commit but only want to do a SonarQube analysis at a scheduled time, e.g. one per night.
And here is a summary of the the points made by "emelendez":
Centralize database credentials and sonar credentials Use jenkins
Use jenkins sonar plugin configuring SonarRunner for non Java projects
I've just changed to maven-sonar-plugin from the Jenkins SonarQube plugin to avoid divergence of information between the pom.xml and sonar-project.properties.
For example, developers elsewhere had bumped the project version number in the pom.xml, but they don't use the Jenkins builds and didn't care about the sonar-project.properties (or probably understand it). By switching to the maven plugin instead, the project version is defined once and referenced in the sonar property set within the pom.
The downside is that I no longer have the SonarQube link from the project's Jenkins page.
I'm not sure where the responsibility might be for adding this link back for projects using maven-sonar-plugin... The link is "owned" by the Jenkins SonarQube Plugin, but this is not being used here. Meanwhile the maven-sonar-plugin component is integrating with maven not Jenkins.
Something would need to observe the build and extract the SonarQube link which is emitted as a [INFO] ANALYSIS SUCCESSFUL, you can browse http://... line in the log.
I want to set up Sonar with Jenkins. But I'm not sure if the Sonar site describes two different ways to do this or if there are two necessary steps:
As far as I understood it, it's two different ways. If this is the case, what is the difference and what are the advantages and disadvantages (between the Sonar itself and Sonar runner)?
If you want to analyse a project with SonarQube and Jenkins, here's what you need:
A SonarQube server up and running
A Jenkins server up and running with the SonarQube Scanner for Jenkins installed and configure to point to your SonarQube server
A job configured to run a SonarQube analysis on your project:
Using the default and standard SonarQube Scanner (suitable for most projects)
Using the SonarQube Scanner for MSBuild (for .NET solutions)
Using a post build action for Maven-based projects
Everything is described more in details on the SonarQube Scanner for Jenkins documentation page.