1. Using Visual Builder Studio
  2. Common Tasks
  3. Build Your Applications
  4. Configure and Run Project Jobs and Builds
  5. Configure a Job
  6. Use SonarQube

Use SonarQube

SonarQube is open source quality management software that continuously analyzes your application. When you configure a job to use SonarQube, the build generates an analysis summary that you can view from the job or build details page.

To learn about SonarQube, see its documentation at https://docs.sonarqube.org.

Create and Manage the Pre-Defined SonarQube Server Connection

You must be the project owner to add and manage SonarQube server connections.

To create the connection, you'll need the URL of a SonarQube server that's available on the public internet.

Here's how you can set up a SonarQube system for your project's users and then create and manage a pre-defined SonarQube connection that they can use:

Action How To

Add a SonarQube connection

  1. In the left navigator, click Project Administration Project Administration.

  2. Click Build.

  3. Click the SonarQube Server tab.

  4. Click Add SonarQube Server Connection.

  5. In the Create SonarQube Server dialog box, enter a name for the server, provide the SonarQube server’s URL, and specify the credentials of a user who has access to the server.

  6. Click Create.

Edit a connection to change the user credentials or provide another server ID

  1. In the left navigator, click Project Administration Project Administration.

  2. Click Build.

  3. Click the SonarQube Server tab

  4. Click the connection name and then click Edit Edit icon.

  5. In the Edit SonarQube Server dialog box, update the SonarQube server’s URL and the credentials of a user who can access the server.

  6. Click Update.

Delete the connection

  1. In the left navigator, click Project Administration Project Administration.

  2. Click Build.

  3. Click the SonarQube Server tab.

  4. Click the connection name and then click Delete.

  5. In the Delete SonarQube Server dialog, click Delete.

Configure a Job to Connect to SonarQube

You can configure a job to use SonarQube from the Before Build tab and then add a post-build action (on the After Build tab) to publish its reports:

  1. Open the job’s configuration page.
  2. Click the Before Build tab.
  3. From Add Before Build Action, select SonarQube Settings.
  4. From Sonar Server, select the pre-configured SonarQube server.

    The Username, Password, and SonarQube Server URL display the selected user's details. To add a server, contact the organization administrator.

  5. To provide the SonarQube project name and the SonarQube project key, expand Advanced SonarQube Settings, and update the values. Make sure that the SonarQube project key is unique.

    By default, the project key is set to <organization>_<projectname>.<jobname>and the project name is set to <projectname>.<jobname>.

  6. Click the After Build tab.
  7. From Add After Build Action, select SonarQube Result Publisher.
  8. To use the SonarQube Quality Gate status as the build status, select Apply SonarQube quality gate status as build status.
    If the SonarQube Quality Gate status is Passed, the build is marked as successful. If the SonarQube Quality Gate status is Failed, the build is marked as failed. To learn about SonarQube Quality Gates, see https://docs.sonarqube.org/display/SONAR/Quality+Gates.
  9. To create an archive file that contains the SonarQube analysis files, select the Archive Analysis Files check box.
  10. Click Save.

To view the SonarQube analysis summary after a build, from the job’s details page, click SonarQube Analysis Summary SonarQube Analysis Summary. The SonarQube Analysis Summary displays SonarQube server URL for the job and the analysis summary.

Enable SonarQube for Gradle Applications

Use the following steps to enable SonarQube for your Gradle application.

  1. Add a SonarQube connection.
  2. Create a build job, using the Gradle Linux 7 VM build executor.
  3. In the Job Configuration page, select the Git tab, then select Git from the Add Git dropdown.
    Add a Git repository for your Gradle project files.
  4. Select the Before Build tab, then select SonarQube Settings from the Add Before Build Action dropdown.
  5. Select the SonarQube server you set up in step 1.
  6. Expand the Advanced SonarQube Settings and examine the Project Name entry.
    If the entry contains spaces, enclose it with double quotes.
  7. In the Steps tab, select Add Step, then select Gradle from the Common Build Tools dropdown list.
    1. Select Use 'gradlew' wrapper.
    2. Enter the Gradle version needed to run your project.
    3. In Tasks, add clean build.
    4. Enter the location of your build file, build.gradle.
    5. Click Turn on SonarQube.
  8. In the After Build tab, add the SonarQube Result Publisher action.
  9. Select Apply SonarQube quality gate status as build status and Archive Analysis Files.
  10. Click Save to save the build configuration.
  11. From the Build Details page, click Build Now to run the build job.
  12. Once the build completes, click SonarQube Analysis Summary SonarQube Analysis Summary to display the SonarQube Analysis Summary page, which shows the SonarQube server URL for the job and the analysis summary.

Use a Unix Shell Script to Enable SonarQube for Gradle Applications

You can use a Unix Shell script to enable SonarQube for Gradle applications.

  1. Add a SonarQube connection.
  2. Create a build job, using the Gradle Linux 7 VM build executor.
  3. In the Job Configuration page, select the Git tab, then select Git from the Add Git dropdown.
    Add a Git repository for your Gradle project files.
  4. Select the Before Build tab, then select SonarQube Settings from the Add Before Build Action dropdown.
  5. Select the SonarQube server you set up in step 1.
  6. Expand the Advanced SonarQube Settings and examine the Project Name entry.
    If the entry contains spaces, enclose it with double quotes.
  7. In the Steps tab, select Add Step, then select Unix Shell from the Common Build Tools dropdown list.
    1. Click Turn on SonarQube.
    2. In the For Gradle tab, copy the Gradle command line content and paste it into the Unix Shell script area, at the top of the screen. For example:
      gradle clean build --build-file=sonarqube-scanner-gradle-multimodule/build.gradle sonarqube -Dsonar.host.url=$SONAR_URL -Dsonar.login=$SONAR_LOGIN -Dsonar.password=$SONAR_PASSWD -Dsonar.projectName=$SONAR_PROJECT_NAME -Dsonar.projectKey=$SONAR_PROJECT_KEY
  8. In the After Build tab, add the SonarQube Result Publisher action.
  9. Select Apply SonarQube quality gate status as build status and Archive Analysis Files.
  10. Click Save to save the build configuration.
  11. From the Build Details page, click Build Now to run the build job.
  12. Once the build completes, click SonarQube Analysis Summary SonarQube Analysis Summary to display the SonarQube Analysis Summary page, which shows the SonarQube server URL for the job and the analysis summary.

Enable SonarQube for Maven Applications

Use the following steps to enable SonarQube for your Maven application.

  1. Add a SonarQube connection.
  2. Create a build job, using the Required Components Linux 7 VM build executor.
  3. In the Job Configuration page, select the Git tab, then select Git from the Add Git dropdown.
    Add a Git repository for your Maven project files.
  4. Select the Before Build tab, then select SonarQube Settings from the Add Before Build Action dropdown.
  5. Select the SonarQube server you set up in step 1.
  6. Expand the Advanced SonarQube Settings and examine the Project Name entry.
    If the entry contains spaces, enclose it with double quotes.
  7. In the Steps tab, select Add Step, then select Maven from the Common Build Tools dropdown list.
    1. In Tasks, add clean install.
    2. Enter the location of your POM file, pom.xml.
    3. Click Turn on SonarQube.
  8. In the After Build tab, add the SonarQube Result Publisher action.
  9. Select Apply SonarQube quality gate status as build status and Archive Analysis Files.
  10. Click Save to save the build configuration.
  11. From the Build Details page, click Build Now to run the build job.
  12. Once the build completes, click SonarQube Analysis Summary SonarQube Analysis Summary to display the SonarQube Analysis Summary page, which shows the SonarQube server URL for the job and the analysis summary.

Use a Unix Shell Script to Enable SonarQube for Maven Applications

You can use a Unix Shell script to enable SonarQube for Maven applications.

  1. Add a SonarQube connection.
  2. Create a build job, using the Required Components Linux 7 VM build executor.
  3. In the Job Configuration page, select the Git tab, then select Git from the Add Git dropdown.
    Add a Git repository for your Maven project files.
  4. Select the Before Build tab, then select SonarQube Settings from the Add Before Build Action dropdown.
  5. Select the SonarQube server you set up in step 1.
  6. Expand the Advanced SonarQube Settings and examine the Project Name entry.
    If the entry contains spaces, enclose it with double quotes.
  7. In the Steps tab, select Add Step, then select Unix Shell from the Common Build Tools dropdown list.
    1. Click Turn on SonarQube.
    2. In the For Maven tab, copy the Maven command line content and paste it into the Unix Shell script area, at the top of the screen. For example:
      mvn clean install -f sonarqube-scanner-maven/maven-basic/pom.xml sonar:sonar -Dsonar.host.url=$SONAR_URL -Dsonar.login=$SONAR_LOGIN -Dsonar.password=$SONAR_PASSWD -Dsonar.projectName=$SONAR_PROJECT_NAME -Dsonar.projectKey=$SONAR_PROJECT_KEY
  8. In the After Build tab, add the SonarQube Result Publisher action.
  9. Select Apply SonarQube quality gate status as build status and Archive Analysis Files.
  10. Click Save to save the build configuration.
  11. From the Build Details page, click Build Now to run the build job.
  12. Once the build completes, click SonarQube Analysis Summary SonarQube Analysis Summary to display the SonarQube Analysis Summary page, which shows the SonarQube server URL for the job and the analysis summary.

Create a Sonarqube Analysis Report for a VB Studio Project with Javascript Sources

The VB Studio build system supports Sonarqube analysis for Java using Maven and Gradle during building and packaging. This is for Java apps, not visual applications. It doesn't provide built-in support for analyzing Javascript sources. If you need to perform a Sonarqube analysis for Javascript sources, such as those created by VB Studio, you'll need to create your own Sonarqube analysis report by using the Unix Shell builder and then uploading the results to Sonarqube.

There are two ways to create a Sonarqube analysis report on Javascript sources in VB Studio:
  • If the project being built is a Maven project, you'll need to direct the Sonar Scanner Maven plugin to include the JS files for analysis.
  • If the project is a VB Studio project that is purely Javascript, you'll need to install and use the sonar-scanner command line tool to do the analysis.

Analyze Javascript Sources in a Maven Project

If the project being built is a Maven project, by default, the Sonar Scanner Maven plugin will include only the Java sources from src/main/java. You'll need to make sure the plugin also includes the Javascript files for analysis:

  1. Use the -Dsonar.source parameter on the command line to explicitly include the path to the Javascript files, as shown in this example: 

    mvn clean install sonar:sonar 
-Dsonar.host.url=$SONAR_URL 
-Dsonar.login=$SONAR_LOGIN 
-Dsonar.password=$SONAR_PASSWD 
-Dsonar.sources=src/main/java,src/main/webapp 
-Dsonar.projectName=$SONAR_PROJECT_NAME 
-Dsonar.projectKey=$SONAR_PROJECT_KEY 
-f UiServer/pom.xml

    In the example, -Dsonar.sources=src/main/java,src/main/webapp is used to explicitly add Java sources from src/main/java and Javascript sources from src/main/webapp.

  2. The log will show that the Javascript sources were analyzed, as were HTML and CSS files:

    [2021-04-01 21:31:30] [INFO] Sensor CSS Metrics [cssfamily]
[2021-04-01 21:31:30] [INFO] Sensor CSS Metrics [cssfamily] (done) | time=29ms
[2021-04-01 21:31:30] [INFO] Sensor CSS Rules [cssfamily]
[2021-04-01 21:31:31] [INFO] 12 source files to be analyzed
[2021-04-01 21:31:31] [INFO] 12/12 source files have been analyzed
[2021-04-01 21:31:31] [INFO] Sensor CSS Rules [cssfamily] (done) | time=1446ms

[2021-04-01 21:31:31] [INFO] Sensor JavaScript analysis [javascript]
[2021-04-01 21:31:34] [INFO] 13 source files to be analyzed
[2021-04-01 21:31:36] [INFO] 13/13 source files have been analyzed
[2021-04-01 21:31:36] [INFO] Sensor JavaScript analysis [javascript] (done) | time=4971ms

[2021-04-01 21:31:36] [INFO] Sensor HTML [web]
[2021-04-01 21:31:36] [INFO] Sensor HTML [web] (done) | time=137ms

Analyze a VB Studio Project That Contains Javascript Sources Only

For a VB studio project that contains just Javascript sources, you can create a Unix Shell step that downloads and installs the sonar-scanner command line tool, then uses it to perform the analysis:

  1. Open the job’s configuration page.

  2. Click the Steps tab.

  3. From Add Step, select Unix Shell.

  4. In Script, enter the following commands:

    1. Download the sonar-scanner command line tool from SonarQube website:

      curl -o sonar-scanner-cli-4.6.0.2311-linux.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.0.2311-linux.zip

    2. Unzip the tool:

      unzip sonar-scanner-cli-4.6.0.2311-linux.zip

    3. Run the scanner to perform the analysis, after explicitly specifying which Javascript sources you want it to analyze, as in -Dsonar.sources=UiServer/src/main/webapp:: 

      sonar-scanner-4.6.0.2311-linux/bin/sonar-scanner 
-Dsonar.host.url=$SONAR_URL 
-Dsonar.login=$SONAR_LOGIN 
-Dsonar.password=$SONAR_PASSWD 
-Dsonar.sources=UiServer/src/main/webapp 
-Dsonar.projectName=$SONAR_PROJECT_NAME 
-Dsonar.projectKey=$SONAR_PROJECT_KEY
    4. Click Save.

  5. Run the build and check the build log to make sure that the analysis was successful:

    [2021-04-01 22:12:20] INFO: ------------- Run sensors on module Project1.Sonar_8_8_sonar_scanner
[2021-04-01 22:12:20] INFO: Load metrics repository
[2021-04-01 22:12:20] INFO: Load metrics repository (done) | time=486ms
[2021-04-01 22:12:22] INFO: Sensor CSS Metrics [cssfamily]
[2021-04-01 22:12:22] INFO: Sensor CSS Metrics [cssfamily] (done) | time=50ms
[2021-04-01 22:12:22] INFO: Sensor CSS Rules [cssfamily]
[2021-04-01 22:12:23] INFO: 12 source files to be analyzed
[2021-04-01 22:12:23] INFO: 12/12 source files have been analyzed
[2021-04-01 22:12:23] INFO: Sensor CSS Rules [cssfamily] (done) | time=1292ms
[2021-04-01 22:12:23] INFO: Sensor JaCoCo XML Report Importer [jacoco]
[2021-04-01 22:12:23] INFO: 'sonar.coverage.jacoco.xmlReportPaths' is not defined. Using default locations: target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml,build/reports/jacoco/test/jacocoTestReport.xml
[2021-04-01 22:12:23] INFO: No report imported, no coverage information will be imported by JaCoCo XML Report Importer
[2021-04-01 22:12:23] INFO: Sensor JaCoCo XML Report Importer [jacoco] (done) | time=3ms
[2021-04-01 22:12:23] INFO: Sensor JavaScript analysis [javascript]
[2021-04-01 22:12:26] INFO: 13 source files to be analyzed
[2021-04-01 22:12:28] INFO: 13/13 source files have been analyzed
[2021-04-01 22:12:28] INFO: Sensor JavaScript analysis [javascript] (done) | time=4827ms
[2021-04-01 22:12:28] INFO: Sensor C# Project Type Information [csharp]
[2021-04-01 22:12:28] INFO: Sensor C# Project Type Information [csharp] (done) | time=1ms
[2021-04-01 22:12:28] INFO: Sensor C# Properties [csharp]
[2021-04-01 22:12:28] INFO: Sensor C# Properties [csharp] (done) | time=0ms
[2021-04-01 22:12:28] INFO: Sensor JavaXmlSensor [java]
[2021-04-01 22:12:28] INFO: Sensor JavaXmlSensor [java] (done) | time=1ms
[2021-04-01 22:12:28] INFO: Sensor HTML [web]
[2021-04-01 22:12:28] INFO: Sensor HTML [web] (done) | time=151ms
[2021-04-01 22:12:28] INFO: Sensor VB.NET Project Type Information [vbnet]
[2021-04-01 22:12:28] INFO: Sensor VB.NET Project Type Information [vbnet] (done) | time=1ms
[2021-04-01 22:12:28] INFO: Sensor VB.NET Properties [vbnet]
[2021-04-01 22:12:28] INFO: Sensor VB.NET Properties [vbnet] (done) | time=1ms
[2021-04-01 22:12:28] INFO: ------------- Run sensors on project
[2021-04-01 22:12:28] INFO: Sensor Zero Coverage Sensor
[2021-04-01 22:12:28] INFO: Sensor Zero Coverage Sensor (done) | time=20ms
[2021-04-01 22:12:28] INFO: SCM Publisher SCM provider for this project is: git
[2021-04-01 22:12:28] INFO: SCM Publisher 25 source files to be analyzed
[2021-04-01 22:12:29] INFO: SCM Publisher 25/25 source files have been analyzed (done) | time=223ms
[2021-04-01 22:12:29] INFO: CPD Executor 5 files had no CPD blocks
[2021-04-01 22:12:29] INFO: CPD Executor Calculating CPD for 15 files
[2021-04-01 22:12:29] INFO: CPD Executor CPD calculation finished (done) | time=49ms
[2021-04-01 22:12:29] INFO: Analysis report generated in 165ms, dir size=202 KB
[2021-04-01 22:12:29] INFO: Analysis report compressed in 86ms, zip size=78 KB
[2021-04-01 22:12:30] INFO: Analysis report uploaded in 599ms
[2021-04-01 22:12:30] INFO: ANALYSIS SUCCESSFUL, you can browse http://server123.mycorp.com:9000/dashboard?id=qa-dev_project1_1.Sonar_8_8_sonar_scanner
[2021-04-01 22:12:30] INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
[2021-04-01 22:12:30] INFO: More about the report processing at http://server123.mycorp.com:9000/api/ce/task?id=AXiPfrh9RniEjxk9KTc9
[2021-04-01 22:12:40] INFO: Analysis total time: 32.061 s