This document provides a description on how to enter a software project into SonarQube and have your source code analysed using SonarQube. SonarQube is a flexible tool that supports different use cases in terms of source code assessment:

  • SonarQube is able to analyse projects in many different programming languages
  • The provided software may come as pure source code or with a build management system like Maven or Gradle
  • Projects can be added as SonarQube stand-alone or with an additional continuous integration (CI) tool involved which is recommended (e.g., Bamboo or Jenkins)

Prerequisites

Project in the GÉANT Software Catalogue

Projects that will be analysed with SonarQube need to be listed in the GÉANT Software Catalogue. Although there is no technical dependency of a SonarQube project to a project listed in the Software Catalogue, there is the common understanding that all services used throughout the GÉANT community must be published in the Software Catalogue. In this sense they provide a "source of truth" for all application and service related information to the larger GÉANT community. The purpose of this is to have an up-to-date repository of information about software projects and teams in order to:

  • Facilitate and support the GÉANT software engineering community
  • Create a base and starting point for further analysis and reporting on GÉANT software development efforts

If you are not sure whether or not your application is already listed in the GÉANT Software Catalogue please check here.

If you project is not yet listed in the Software Catalogue please use the link below to add your project. If you are interested in more detailed information on how to do so please visit the link to the Wiki

Software repository

SonarQube works with a variety of Source Code Management (SCM) systems like e.g. Gitlab and Bitbucket and we assume this as the standard way how you develop your project. In case your project is not managed via a repository or you just want to "quick scan" e.g. a dedicated module or XML file, we recommend to make a local copy of a specific software branch that should be analysed to your local computer and have SonarQube run on this specific branch.

Prerequisites for SonarQube

To be able to enter a project into SonarQube you need a dedicated SonarQube account. Since access to SonarQube is handled via Federated Identity you should be able to log in using your regular GÉANT user account. If that doesn't work please contact us following this process to have an account created for you. If you need further help you may also reach out to the team via the Slack channel dedicated to SonarQube.

Adding the project to SonarQube

To be able to analyse software in SonarQube you need to create specific SonarQube project first. This can easily be done by following the procedure following the link.

MANUAL: Adding Projects to SonarQube

Options to analyse your project

One of the long-term targets of the GÉANT project is a streamlined and unified process for developing software projects. One of the ideal goals would be that each development team in the GÉANT developer community uses the same tools. Although desired, today's reality is that there are a variety of different tolos that development teams use today. To be able to serve the majority of those, WP9 T2 provides a set of different manuals how SonarQube can be used in combination with different CI pipelines.

The "preferred way": Integrating SonarQube with GitLab CI or Bitbucket

Integrating SonarQube with GitLab allows to perform SonarQube analysis for all GitLab projects that use the CI/CD pipeline.

MANUAL: Continuous Integration Setup with GitLab CI and SonarQube

Integrating SonarQube with Bitbucket provides automated feedback on code quality issues in the relevant context of pull requests where the peer code reviews are happening.

MANUAL: Bitbucket and SonarQube

Add your source code to SonarQube

Most of the software projects are managed by a Source Code Management system (SCM) and usually come with a build system. Therefore we assume that adding code physically to your PC might not be the standard way. There are however circumstances in which this option might be considered helpful:

  • the project is not managed via a Source Code Management (SCM) system
  • you are just interested in a specific section of the code (e.g. an XML file) or a dedicated component of a large project

So if you want to try SonarQube please follow the following process:

MANUAL: Adding Source Code directly to a SonarQube project

Getting help