I want to set up Sonar with Jenkins. But I'm not sure if the Sonar site describes two different ways to do this or if there are two necessary steps:
As far as I understood it, it's two different ways. If this is the case, what is the difference and what are the advantages and disadvantages (between the Sonar itself and Sonar runner)?
If you want to analyse a project with SonarQube and Jenkins, here's what you need:
A SonarQube server up and running
A Jenkins server up and running with the SonarQube Scanner for Jenkins installed and configure to point to your SonarQube server
A job configured to run a SonarQube analysis on your project:
Using the default and standard SonarQube Scanner (suitable for most projects)
Using the SonarQube Scanner for MSBuild (for .NET solutions)
Using a post build action for Maven-based projects
Everything is described more in details on the SonarQube Scanner for Jenkins documentation page.
Related
I have configured sonarqube for one of my projects, but now i want to publish the sonarqube details in my jenkins dashboard. what could be the best possible way to do that?
I'm not sure that there is a straight forward way of getting "all" the data from sonar on to your Jenkins dashboard but can actually get a sonar badge and Quality gate info by using the Sonar plugin for Jenkins.
https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-jenkins/?q=cache:Tbhy8757pK4J:https://docs.sonarqube.org/latest/analysis/scan/sonarscanner-for-jenkins/+&cd=1&hl=en&ct=clnk&gl=us
First of all, you need to deploy sonarqube on your local machine, ones it is done, then copy the URL of your sonarqube server, I am assuming, you have deployed sonarqube server on port 9090, once this done, log in to the sonarqube server and then create a project and then generate a token for that project:
Once these above configuration is done, just hit below maven command to generate sonarqube report on the sonarqube server:
mvn sonar:sonar -Dsonar.projectKey=[projectName] -Dsonar.host.url=http://localhost:9090 -Dsonar.login=[tokenId]
Below is the screenshot, this is how your reports on the sonarqube will looks like:
I have installed sonar and jenkins. Now I want to add Sonarqube into Jenkins. But in the manage plugins, it doesn't show me the Sonarqube.the display I get
SonarQube is a standalone server. It offers a web user interface to visualize bugs, code smells and vulnerabilities. You cannot include this web-ui SonarQube in Jenkins.
However, you can trigger a scan as part of your Jenkins job. This scan can "send" its findings into a SonarQube installation - either hosted by your own (on-premise), or using the hosting offer at sonarcloud.io.
There are a couple of different ways to include the scanner in your job, but the setup is specific to your programming language and build tools (Maven, VisualStudio, command line, ...). Check the sonarcloud docs for the way, that fit's best to your situation.
I am trying to run a SonarQube scan from Jenkins job. I have the SonarQube Scanner for Jenkins plugin installed v2.6.1 running on local Jenkins (for dev only);
I have seen conflicting reports on whether or not you can run SonarQube on a different server then Jenkins. It wouldn't make sense if you could not do that... if you can, instructions on how to accomplish it would be great. Simply putting in the URL to the SQ server where Jenkins expects a directory to Sonar Runner locally, does not work.
Jenkins and SonarQube do not have to be on the same machine.
The SonarQube plugin in Jenkins will run one of these three scanners:
SonarQube Scanner
SonarQube Scanner for Maven
SonarQube Scanner for MsBuild
Depending on which scanner you use, it works a bit differently:
For the SonarQube Scanner, pass -Dsonar.host.url=http://your.host:1234 as additional arguments. (or add it to your sonar.properties file)
For the SonarQube Scanner for Maven, add -Dsonar.host.url=http://your.host:1234 to your maven build step.
For the SonarQube Scanner for MsBuild, add /d:sonar.host.url=http://your.host:1234 to your MsBuild.exe call.
I had integrated sonarqube with the jenkins by adding a plugging and changing the configuration. But after i build a project, the build is succeded but not analysis results are added to sonarqube UI. And I cannot click on SonarQube link in the project page after build. but if i run the sonarqube analysis without jenkins i get the results in the web UI.
the sonarqube was also injected to the build:
according to the console output.
Can you please help me to get my integration correct?
Best regads,
Nadis
Install SonarQube Runner and configure it with Jenkins under SonarQube Runner section (Go to Manage Jenkins ->Configure System).
For step by step information on "Configuring Sonar with Jenkins" follow this link.
I am using Maven as a build tool and Jenkins as a CI tool. Currently I have a Jenkins job configured with a Maven build step.
I started using SonarQube and was wondering what is the advantage of using the Jenkins SonarQube plugin and configuring the SonarQube analysis as a post-build-action over simply adding sonar:sonar to the goals of my existing Maven build step.
Thanks and best regards,
Ronald
You can save a lot of configuration. So, if you use jenkins sonar plugin you can centralize database credentials and sonar credentials but if you make a decision about execute sonar:sonar in each jenkins job you will configure each with the same credentials.
I just found: Why use sonar plugin for Jenkins rather than simply use maven goal "sonar:sonar"?
And to add one reason: Using the Jenkins SonarQube plugins one can specify "Skip if triggered by SCM Changes". This is nice if you trigger your Jenkins job for each commit but only want to do a SonarQube analysis at a scheduled time, e.g. one per night.
And here is a summary of the the points made by "emelendez":
Centralize database credentials and sonar credentials Use jenkins
Use jenkins sonar plugin configuring SonarRunner for non Java projects
I've just changed to maven-sonar-plugin from the Jenkins SonarQube plugin to avoid divergence of information between the pom.xml and sonar-project.properties.
For example, developers elsewhere had bumped the project version number in the pom.xml, but they don't use the Jenkins builds and didn't care about the sonar-project.properties (or probably understand it). By switching to the maven plugin instead, the project version is defined once and referenced in the sonar property set within the pom.
The downside is that I no longer have the SonarQube link from the project's Jenkins page.
I'm not sure where the responsibility might be for adding this link back for projects using maven-sonar-plugin... The link is "owned" by the Jenkins SonarQube Plugin, but this is not being used here. Meanwhile the maven-sonar-plugin component is integrating with maven not Jenkins.
Something would need to observe the build and extract the SonarQube link which is emitted as a [INFO] ANALYSIS SUCCESSFUL, you can browse http://... line in the log.