Skip to main content
Version: Release 24.3

SonarQube Container Plugin

The SonarQube container plugin allows you to perform security scans and analysis of your code quality. SonarQube is installed and hosted on your own servers.

note

In the release flow editor, Container tasks have a red border.

Prerequisites

  • Sonar server running and accessible via HTTP(s)
  • Remote runner setup to run the container tasks

Set up Connection to Sonar Server

  1. From the navigation pane, under CONFIGURATION, click Connections.
  2. Under HTTP server connections, next to SonarQube: Server (Container), click add button. The New SonarQube: Server (Container) page opens.
  3. In the Title field, enter the name of the configuration. This name will display in SonarQube tasks.
  4. In the URL field, enter the URL to access the server.
  5. In the Token field, enter the user token.
  6. If required, enter the proxy details.
  7. To test the connection, click Test.
  8. To save the configuration, click Save.

Create Sonar Configuration

Note: Branch and Pull request fields are not mandatory.

Check Compliance (Container)

  1. In the release flow tab of a Release template, add a task of type SonarQube > Check Compliance (Container).
  2. Click the added task to open it.
  3. In the Capabilities field, enter a value that matches the capability set for your Runner. This helps you to route jobs to that particular Runner.
  4. In the Server field, select the configured server.
  5. In the Resource field, enter the namespace of the project to pull the metrics.
  6. In the Branch field, enter the name of the GIT branch.

Create Sonar Configuration

Check Quality (Container)

  1. In the release flow tab of a Release template, add a task of type SonarQube > Check Quality (Container).
  2. Click the added task to open it.
  3. In the Capabilities field, enter a value that matches the capability set for your Runner. This helps you to route jobs to that particular Runner.
  4. In the Server field, select the configured server.
  5. In the Resource field, enter the namespace of the project to pull the metrics.
  6. In the Branch field, enter the name of the GIT branch.
  7. In the Pull request field, enter the ID of the pull request.

Note: Enter -1 to ignore the following actions.

  1. In the Violations field, enter a number to define the maximum number of expected violations for the project.
  2. In the Complexity field, enter a number to define the maximum expected complexity for the project.
  3. In the Line Coverage field, enter a number to define the minimum expected line coverage for the project. The value must be in percentage.
  4. In the Duplicated Lines Density field, enter a number to define the maximum expected duplicated lines density for the project. The value must be in percentage.

Create Sonar Configuration

Check Violations (Container)

  1. In the release flow tab of a Release template, add a task of type SonarQube > Check Violations (Container).
  2. Click the added task to open it.
  3. In the Capabilities field, enter a value that matches the capability set for your Runner. This helps you to route jobs to that particular Runner.
  4. In the Server field, select the configured server.
  5. In the Resource field, enter the namespace of the project to pull the metrics.
  6. In the Branch field, enter the name of the GIT branch.
  7. In the Pull request field, enter the ID of the pull request.

Note: Enter -1 to ignore the following actions.

  1. In the High Violations Threshold field, enter a number to define the maximum expected high severity violations for the project.
  2. In the Medium Violations Threshold field, enter a number to define the maximum expected medium severity violations for the project.

Create Sonar Configuration