Skip to content

How To Integrate SonarQube With Jenkins

This post intends to guide users on integrating SonarQube with Jenkins.

What is SonarQube

SonarQube is a very popular code quality management tool that is used widely for code analysis to identify code smells, possible bugs, and performance enhancements. SonarQube supports many popular programming languages like Java, JavaScript, C#, Python, Kotlin, Scala etc. It also provides test and code coverage.

SonarQube Features 

  1. Supports multiple Languages.
  2. Easily integrates with IDE like Eclipse and IntelliJ.
  3. Easily configured with build management tools like Maven, Gradle, and Ant.
  4. Easy integration with CI/CD tools like Jenkins, TeamCity, Hudson etc.
  5. Prebuilt quality checks are available to start with.
  6. Provides detailed metrics and reports to visualize code quality trends.
  7. SonaQube is Open Source and has a vast and active community to support.

Why do we need SonarQube?

SonarQube offers comprehensive code analysis capabilities that help in detecting code smells, bugs, vulnerabilities, and other issues early in the development process, allowing developers to solve them as soon as possible, hence saving time, effort, and costs associated with bug fixing, troubleshooting, and rework later on.

It also acts as a quality Management tool. Apart from the code analysis it gathers and generates test reports like unit testing and code coverage.SonarQube provides code coverage data, allowing organisations to evaluate the success of their test suites. Teams can detect gaps in test coverage and improve the overall reliability and robustness of the software by estimating how much of the code is covered by tests.

SonarQube Components

SonarQube has 2 main components-

A)SonarQube Server: Server Comprises 3 components-

1)Rules: These are the best practices and guidelines that should be followed while writing the code/script. Many default rules come with the SonarQube installation.

2)Database: Whenever a report is generated in SonarQube, it gets stored in the SonarQube database by default.

3)Web Interface: It’s a GUI or dashboard to create new projects, and observe reports and metrics.

B)SonarScanner: This service is responsible for running project analysis and sending the result to SonarQube Server for processing.

Prerequisites:

1)Install and Configure Jenkins

2)Git repo with Project code

3)Install and Configure Java

4)Install and Configure Maven

SonarQube Setup

1)Go here and download the community edition.

2)UnZip it and save it on your local machine.

To start Sonar, go to the location and Execute the following commands:

Windows: For the Windows platform right click and run the .bat file.

C: \sonarqube\bin\windows-x86-xx\StartSonar.bat

Mac: Navigate to bin/macosx-universal –>./sonar.sh

Open the browser and start the local host.SonarQube server will start on localhost:9000

On the Login screen provide the default username and password = admin/admin. After successful Login, click the new Project–>Select Manually–>Give a project Key and Click the Setup button.

Under Provide a token, select Generate a token. Give your token a name, click the Generate button, and click Continue. Copy this token for future reference.

SonarQube Integration With Jenkins

To integrate SonarQube with Jenkins follow the below-mentioned steps:-

1)Install the plugin

1) log in to Jenkins
2)Go to Plugin Manager
3)Install the Plugin “SonarQube Scanner”

SonarQube Plugin For Jenkins

2)Create a Jenkins freestyle project

Go To New item–>Select Freestyle project–>General–>Select Git as Source code management

Provide your Git repo in the URL section. Add a branch to build. For example, specify */master if you want to build a master branch or */main as per recent changes in the Git master branch renamed as main.

Source code management git

Scroll down and navigate to Build environment. Select Prepare SonarQube Scanner environment checkbox. Provide the authentication token which was generated for the SonarQube sample project.

SonarQube Scanner

Go to the build steps and provide Goals under the Goals section. Ensure that the correct Maven version is provided in the Maven Version section.

Sonar Goals

3)Configure Jenkins

Go to Jenkins Dashboard–>Open Manage Jenkins–>Configure System–>Jenkins location

Fetch your machine’s IP address and configure Jenkins URL with the IP address in the Jenkins URL section.

Jenkins Location Configuration

4)Configure SonarQube Environment

Add a name to your Sonarqube server and provide the Sonar server URL. Add the authentication token which was generated at the Sonar server.

SonarQube With Jenkins

Click Apply and Save.

5)Configure Post-build action

This step is optional. If you want after the successful execution of the build, an HTML report to get published then you can refer to this article to configure post-build actions.

Now Jenkins freestyle job is configured to execute and generate the Sonar Report.

Execution And Sonar Report

1)Start the local sonar server on your machine at port 9090.
2)Go to the configured project and Build the Project in Jenkins.
3)Observe the console output.

Once the build is successful, the Sonar dashboard is updated with the latest results.

SonarQube Jenkins Integration

Navigate to the sonar dashboard and analyze the results.

SonarQube Analysis

Tip: If Jenkins build fails due to an access issue to the Sonar analysis report. Then in the goals section of Jenkins build steps, define the goal along with the project key and token :

clean verify sonar:sonar 
  -Dsonar.projectKey=Your Project key
  -Dsonar.host.url=http://localhost:9000 
  -Dsonar.login=Your Token

By using SonarQube we can improve the code quality and reliability of our application.