Versions Compared

Old Version 2

changes.mady.by.user Stefan Kelm

Saved on

compared with

New Version 3

changes.mady.by.user Marcin Wolski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Pseudo name

Description

BRANCH_NAMEName of branch under consideration. Can optionally be used in combination with PATH_OF_REPOSITORY
PATH_OF_REPOSITORYPathname to your Git project (Github, BitBucket, etc)
SQ_SCANNER_INSTALL_DIRThis name refers to the local installation directory of the scanner for SonarQube
SQ_PROJECT_LOCAL_INSTALL_DIRThis name refers to the local installation directory of your project on your cumputer
SONARQUBE_TOKENYour SonarQube token. This is usually created when a project is entered into SonarQube but can also be newly requested if needed.

Clone your Bitbucket repository

First you need to clone the Bitbucket repository to your local machine.
Clone your project repository

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

#
# change to the directory in which you want to clone your SonarQube project.
# cd <SQ_PROJECT_LOCAL_INSTALL_DIR>
#
# Use the following command if you want to clone the entire project:
#
# git clone <PATH_OF_REPOSITORY>/<project_name>.git
#
# Example:
git clone https://bitbucket.software.geant.org/scm/~omar.qouqas/wp9t2.git
 
#
# Use the following command if you want to clone a specific branch
#
# git clone -b <BRANCH_NAME> <PATH_OF_REPOSITORY>/<project_name>.git
#

Prepare the SonarQube scanner

The following steps are nesessary to prepare the SonarQube scanner.

Install the SonarQube scanner

To install the scanner on your machine please follow instructions here.

When installed, the SonarQube scanner usually resides in a directory on your local machine. The installation directory of the scanner is usually different from the installation location of the development project. We will be referring to the installation directory of the scanner as SQ_SCANNER_INSTALL_DIR.

Create a token in SonarQube (optional step)

This step can be omitted when you have already created and SAVED your SonarQube token. If you have not done it before or if you have forgotten your SonarQube token, please follow the SonarQube description here for more info on generating tokens.

Remember your SonarQube token (now referred to as SONARQUBE_TOKEN). You will need it in the next step.

Edit the sonar-scanner.properties file

There is a variety of options, all of which serve to adjust your SonarQube scanner to your environment. These adjustments must be done in the file sonar-scanner.properties which can be found within the  <SQ_SCANNER_INSTALL_DIR>/conf directory.

...

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

# Configure here general information about the environment, such as SonarQube server connection details for example
# No information about specific project should appear here
 
# ----- Default SonarQube server
sonar.host.url=https://sonarqube.software.geant.org
 
# ----- Default source code encoding
#sonar.sourceEncoding=UTF-8
 
#
# token created in SonarQube User > My Account > Security
#
# The following token is not a real SonarQube token, just an example.
# You need to replace it with your SONARQUBE_TOKEN
#
sonar.login=b5d3exxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7c5d2

Add the SonarQube scanner to you PATH variable

Add the executable directory of the SonarQube scanner (<SQ_SCANNER_INSTALL_DIR>/bin) to your PATH environment variable. Typical installation directories are:

...

1
2
3
4
5
6
7
8

INFO:
INFO: usage: sonar-scanner [options]
INFO:
INFO: Options:
INFO:  -D,--define <arg>     Define property
INFO:  -h,--help             Display help information
INFO:  -v,--version          Display version information
INFO:  -X,--debug            Produce execution debug output

Configuration file sonar-project.properties

Then, in order to run the scanner on a specific project, you need to do the following:

...

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

#
# provide SonarQube project name and/or SonarQube project key (key must be unique in a given SonarQube instance)
#
# sonar.projectName=My project
#
# key name of our training project
#
sonar.projectKey=DemoKey
 
# Path is relative to the sonar-project.properties file. Defaults to .
sonar.sources=.
 
#
# sonar.java.binaries must point to the .class files
# the below is an example. Please use the correct path to your .class files
#
sonar.java.binaries=C:/Users/Omar/eclipse-workspace/NLCalculator/bin/Calculator/
 
# --- optional properties
# sonar.projectVersion=1.0
# Encoding of the source code. Default is default system encoding
# sonar.sourceEncoding=UTF-8

Analyse your project

Run the SonarQube scanner

Now that you have the set up and files configured properly, all you need to do is to run the sonar-scanner from within the project's directory.

The command line should eventually show "EXECUTION SUCCESS", as depicted below:

View your project in SonarQube

That's all. Now you can go to the SonarQube web interface to view the results of the analysis:

SonarQube Analysis

A typical SonarQube analysis will include  

...

You can click on the results and you will be redirected to the project issues section on SonarQube website

Summary

SonarQube is a powerful platform for continuous inspection of source code and various aspects pertaining to quality and best practices. Integrating SonarQube analysis into pull requests in Bitbucket server makes this very useful for developers. SonarQube's website has more information on the product. 

...