Jenkins with SonarQube Scanner

SonarQube is an open source software used for code analysis, detecting bugs, code smells and vulnerabilities. It can be easily integrated with many CI engines. In this guide, we will see how it can be used with Jenkins.

I already have installed Jenkins 2.64 (this Jenkins version requires Java 8 in order to run). If you have Jenkins installed, you just need another Jenkins plugin.

SonarQube supports many database engines, but in this guide we will use MySQL 5.6.

Install SonarQube

We will download SonarQube 6 and extract the zip in /opt/sonarqube directory.

Install Sonar-runner

We will download Sonar-runner 2.4 and extract the zip in /opt/sonar-runner directory.

Configuration

Before you make changes on configuration files, create a database and a user that have privileges on the database. (For example, user: sonarqube, database: sonarqube)

SonarQube:

Go to /opt/sonarqube/conf and edit sonar.properties. Uncomment these lines:

In this file, you can change the port (default is 9000), web context (from / to /sonar) etc.

Sonar Runner:

Go to /opt/sonar-runner/conf and edit sonar-runner.propertiesUncomment these lines:

Start SonarQube

Go to http://localhost:9000/ and see the dashboard. Initial credentials are admin/admin.

SonarQube in Jenkins

  • Go to Manage Jenkins > Manage plugins. Search for SonarQube Scanner for Jenkins. Install it.
  • Go to Manage Jenkins > Configure System and add the SonarQube Server. Complete the fields like this:

The authentication token is generated from SonarQube dashboard. (Go to http://localhost:9000/account/security and generate token)

  • Go to Manage Jenkins > Global Tool Configuration and add the SonarQube Scanner. Like this:

  • Create a Freestyle project.
    • Select a SCM (with URL, credentials and branch). I will select Git.
    • Add build step > Execute SonarQube Scanner. In Analysis properties field, put something like this.
    • To be more specific, you can replace with sonar.projectVersion=$GIT_COMMIT (This is a global variable in Jenkins, from Git plugin)
    • Build the job. The result of analysis is on SonarQube server (http://localhost:9000)

Leave a Reply

Your email address will not be published. Required fields are marked *