This documentation relates to QuickBuild 10.0.x
Select here if you are using a different version

Scan code with SonarQube

Version 2 by Steve Luo
on Feb 19, 2020 04:08.

<< Changes from 1 to 2
compared with
Version 3 by Steve Luo
on Feb 19, 2020 04:13.

Changes from 3 to 4 >>
Key
These lines were removed. This word was removed.
These lines were added. This word was added.

View page history


There are 3 changes. View first change.

 Since QuickBuild 10, [SonarQube|https://www.sonarqube.org], a continuous code inspection solution, can be added to your continuous integration workflow.
  
 You can trigger SonarQube to analyze your source code by adding a step. The step can be:
  
 * Sonar Scanner Step
 * Maven Step
 * Gradle Step
 * Command line Step
  
 h2. Configuring Webhook
  
 QuickBuild uses Webhook to communicate with SonarQube. So firstly, you need config the webhook both in QuickBuild and in SonarQube.
  
 h3. QuickBuild Side
  
 Go to configuration Settings page, then Webhook tab, you can define the SonarQube settings:
  
 !sonar-settings.png!
  
 If the "Anyone" pseudo-group does not have permission to perform analyses, you'll need to
 supply the credentials of a user with Execute Analysis permission for the analysis to run under. So, you need input Login or Token and Password for authentication. See more details at below page:
  
 https://docs.sonarqube.org/latest/analysis/analysis-parameters/
  
 h3. SonarQube Side
  
 Go to project administration page, create a webhook:
  
 !quickbuild-webhook.png!
  
 Please make sure the secret is identical to the secret filled in QuickBuild.
  
 The URL is in below format:
  
 {code}
 http://{your-quickbuild-host}/rest/webhook/sonarqube/{configurationId}
{code}
  
  
 h2. Sonar Scanner Step
  
 In your configuration workflow, you can add Sonar Scanner Step to trigger SonarQube to analyze your source code.