SonarQube integration with Jenkins Pipeline
In this article we will discuss the steps required to integrate SonarQube with Jenkins. We will first see how to configure SonarQube in Jenkins and then create a Jenkins pipeline project and run analysis using SonarQube.
We will use Java and maven project to demonstrate the integration between SonarQube and Jenkins.
Pre-requisites
Now let us go through the pre-requisites to achieve Jenkins and SonarQube integration. As a first pre-requisite, we should have SonarQube installed from their official website and should be able to start SonarQube on the system either from the command line or as a service.
As a next pre-requisite, we should have Jenkins installed from their official website along with the recommended plugins.
Step 1: Generate a token in SonarQube
As a first step, we need to generate a user token in SonarQube so that we are able to access SonarQube from Jenkins server. We will create a secret text credential in Jenkins with the token created in SonarQube. To create the token in SonarQube, let us go to SonarQube –> Administration –> Security
Go to the user with which you want Jenkins to access SonarQube. In our case, we will see the Administrator user. In the Tokens column, we will see a number and a set of dashes beside it. This number is the number of tokens already available for this user. If your SonarQube setup is new, this number should be 0 in your case. Now when we click the set of dashes beside this number, it will open the a dialog box like the one shown below.
Enter any name for the token in the text box beside Generate button. Then click on Generate. It will create a new token and add a row in the list of generated tokens.
Copy the value of the token and keep it safe with you, as you will be able to see this value just once. Once copied, click on Done to close the dialog box.
Step 2: Install and configure Sonar Scanner plugin in Jenkins
To perform a scan or an analysis on a project using SonarQube, we first need a scanner. To install the scanner plugin, from Jenkins dashboard go to Manage Jenkins -> Manage Plugins
If you do not have the Sonar Scanner plugin already installed, go to the tab Available
Search for the plugin Sonar Scanner for Jenkins.
Check the checkbox in front of the plugin and then on the lower part of the page, click the link Download now and install after restart.
Step 3: Configure SonarQube in Jenkins
We have the token created in SonarQube in Step1. Now we will go to Manage Jenkins–> Configure System. Then we need to scroll down to the section which says SonarQube servers.
Check the checkbox Environment Variables
Provide a name. For our example, we will give it a name SonarServer1.
Provide url for the SonarQube server. The default url is http://localhost:9000 in case you do not mention the url explicitly.
Under Server authentication token click on Add button. This will open a new dialog where we will create a new credential with the token that we have already generated in SonarQube.
Select Secret text as the Kind of credential to be created. Provide the value of the token generated in SonarQube in the textbox labelled as Secret. Provide a description for reference inside the textbox labelled as Description. Then click on Add button to create the credential.
Now you will be able to select the description of the newly created credential under the Server authentication token.
Step 4: Create a Jenkins Pipeline Project
Now we have all the configurations completed. With this we can now proceed to create a project in Jenkins where we will make a call to SonarQube for code analysis.
Let us go to Jenkins Dashboard and select Add Item. In the new window that opens select a pipeline project and give a name to it and click OK.
If you want to learn how to write a scripted pipeline, you can refer this post: Structure of a Scripted Pipeline in Jenkins with sample code
Let us see the pipeline stages for SonarQube Analysis and Quality Gate for a java and maven project. Replace bat with sh on linux OS.
node(label:'master') {
try{
stage('Static Analysis') {
withSonarQubeEnv('SonarQube1')
{
bat 'mvn clean package sonar:sonar
echo 'Static Analysis Completed'
}
stage("Quality Gate"){
timeout(time: 1, unit: 'HOURS')
{
waitForQualityGate abortPipeline: true
def qg= waitForQualityGate()
if (qg.status!= 'OK'){
error "Pipeline aborted due to quality gate failure: ${qg.status}"
}
}
echo 'Quality Gate Passed'
}
}
}
Similarly, we can write the above code snippet using declarative pipeline.
Step 5: Create a webhook in SonarQube
Before we build our pipeline project, we will create a webhook in SonarQube. This is required for the second step i.e. Quality Gate. SonarQube takes sometime to process the analysis to show whether the quality gate has passed. Till that time, it is in IN-PROGRESS status. If your webhook is setup correctly, SonarQube will send the update to Jenkins as soon as the quality gate result is processed.
To create a webhook in SonarQube, you need to go to
Administration –> Configurations –> Webhooks
Click on the Create button to create a webhook. Provide the name and the url. The url should be jenkinsservername/ followed by sonarqube-webhook
Step 6: Build the Jenkins Pipeline project
Now we should be able to build the project and see the pipeline stages as shown below.
Step 7: Check the Code Analysis result in SonarQube
Let us have a look at what is taking place inside SonarQube.
When we open the Projects tab in SonarQube, we will observe that a new project has got created. If we drill this project further by clicking on the project name, we will see that the detailed analysis result.
As we are working on a Java based project, the default quality profile for Java projects has been used for analysis in SonarQube. If our project will pass the rules in this quality profile as per the default percentage for success assigned to each quality parameter, the Quality Gate will be shown as passed. We can also create our own quality profile and define the success percentage for the quality parameters as per our project requirement. To check the quality profile used, we can click on the project name and in the subsequent screen, look for the icon at top right side of the screen that says Project Information as shown below.
You will be able to see the details when you click on this icon.
Summary
This completes our first project analysis on SonarQube via Jenkins. In the summary that follows, we will re-iterate the steps required to achieve the SonarQube and Jenkins integration.
Let us summarize the steps required to integrate SonarQube with Jenkins.
| Step | Tool |
| Step 1: Generate an authorization token | SonarQube |
| Step 2: Install and configure Sonar Scanner plugin | Jenkins |
| Step 3: Configure SonarQube in Jenkins | Jenkins |
| Step 4: Create a Jenkins Pipeline Project | Jenkins |
| Step 5: Create a webhook in SonarQube | SonarQube |
| Step 6: Build the Jenkins Pipeline project | Jenkins |
| Step 7: Check the Code Analysis result | SonarQube |
