Introduction

This document describes how to add source code to a SonarQube project

  • Using plain source code
  • Without using a repository management system (e.g., BitBucket, Git)
  • Without using a Continuous Integration tool (e.g., Bamboo, Jenkins) 

Adding your source code to the newly created project and analysing it with SonarQube

Steps:


1- Go to the main page of "Projects" to find your newly added project. Next, click on "Configure analysis".


2- Choose a token and click on "Generate" (note: the token is not the "project name"). The token is used for authentication purposes later in the process - it is used to identify you whenever an analysis is performed. If it has been compromised, you can revoke it at any point of time in your user account.


3- A token is generated and being displayed to you (you'll need it later). Click on "Continue"


4- Answer some questions about your project's main language and your OS. This will activate a "Download" button for the appropriate scanner for your machine, some tips for your environment variable as well as the suitable command to execute the scanner from your computer.

Note that the following screenshots may look different based on the programming language and OS you select.


5- Click the "Download" button, this will open a new page for the SonarScanner official documentation where you can download the scanner on your computer. Follow the instructions on installation and use of this scanner from the official documentation.

Analyzing with SonarQube Scanner: More info available here.

5a- The analysis itself will be performed by running the sonar-scanner application on your local system (the system which also hosts the source code of that project). If you have not already downloaded sonar-scanner you can do that now by pressing the "Download" button.

5b- Afterwards run sonar-scanner with the options as provided by the GUI. By clicking on "Copy" the command-line being shown is copied to the clipboard and can be used on your local command line.

5c- The command should look similar to:


    sonar-scanner.bat -D"sonar.projectKey=DemoKey123_4" -D"sonar.sources=." -D"sonar.host.url=https://sonarqube.software.geant.org" -D"sonar.login=f193af1cb416e5c243d6dd347f938e9d1b63f21e"

The options provided by the -D switch are as follows:

  • -Dsonar.projectKey: the project key as defined in Step 3 here
  • -Dsonar.sources: the local directory path to the source code to be analysed
  • -Dsonar.host.url: the URL to GEANT's SonarQube instance (there's no need to change this)
  • -Dsonar.login: the token as provided by the system in Step 3 above

Please read here for further details (including download links) about the recommended SonarQube Scanner which is the default launcher to analyse a project with SonarQube.

6- Afterwards the results of the SonarQube analysis will show up in the project like this


7- Please note that following the process as described above will run the SonarQube analysis on your source code only once. The analysis will not be repeated (unless you perform step "5c" manually again). In order to have SonarQube regularly analyse your source code you need to have it linked to a Continuous Integration (CI) process such as GitLab CI.

Getting help: