This document provides a description about how to create a project in SonarQube.

Prerequisites

To be able to enter a project into SonarQube you need a dedicated SonarQube account. Since access to SonarQube is handled via Federated Identity you should be able to log in using your regular GÉANT user account. If that doesn't work please contact us following this process to have an account created for you. If you need further help you may also reach out to the team via the Slack channel dedicated to SonarQube.

Entering the project into SonarQube

To be able to analyse software in SonarQube you need to create a specific SonarQube project first. This can easily be done by following the procedure below.

1- Log in to the SonarQube main page at https://sonarqube.software.geant.org/

2- Click on the "+" icon at the top right tab then select "Create new project" as shown below

GEANT Software Development Support > Adding Projects to SonarQube > 7.png

3- Enter the project key and display name

Project key: This is a unique identifier. Allowed characters are: letters, numbers, - , _ , . and : , with at least one non-digit. Please hover over the little "?" for more info.
Display name: Name of the project that will be displayed on SonarQube web interface.
- As to Name and Key there is no strict naming convention to follow. E.g., it is not necessary to use the same project name as chosen within the GÉANT Software Catalogue. However, it is advisable to choose meaningful names, not generic terms such as "software_project_01". If you are uncertain what a meaningful name for your project could be, please have a look at the projects already listed within the GÉANT Software Catalogue as this may give you some guidance.
After having filled in these 2 fields click on "Set Up"

GEANT Software Development Support > Adding Projects to SonarQube > 8.PNG

The next few steps will allow you to analyze your project. Now you will be taken to add a token and then to run the analysis on your project, as explained in step 4 below.

4- Choose a token and click on "Generate" (note: the token is not the "project name" you chose earlier). The token is used for authentication purposes later in the process - it is used to identify you whenever an analysis is performed. If it has been compromised, you can revoke it at any point of time in your user account.

GEANT Software Development Support > Adding Projects to SonarQube > 9.PNG

5- A token is generated and being displayed to you (you'll need it later). Click on "Continue"

GEANT Software Development Support > Adding Projects to SonarQube > 10.PNG

6- Answer some questions about your project's main language and your OS. This will activate a "Download" button for the appropriate scanner for your machine, some tip for your environment variable as well as the suitable command to execute the scanner from your computer.

Note that the following screenshots may look different based on the programming language and OS you select.

That's it! Now you can go to the main page of "Projects" to find your newly added project. There you will be able to configure the analysis. More on this here.

GEANT Software Development Support > Adding Projects to SonarQube > 12.PNG

By default, any newly created project will be considered "Public". It means every SonarQube user, authenticated or not, will be able to:

Browse: Access a project, browse its measures, issues and perform some issue edits (confirm/resolve/reopen, assignment, comment).
See Source Code: View the project's source code.

Note: the following steps require Administration privileges (which you may not have, even on your own projects. In this case please contact us via our Slack channel that is dedicated to SonarQube and ask for assistance.):

If you want to be sure only a limited list of Groups and Users can see the project, you need to mark it Private. Once a project is private you will be able to define which Groups and Users can Browse the project or See Source Code.
If you want all newly created projects to be considered "Private", you can change the default visibility in Administration > Projects > Management (by clicking on the little "pencil" icon in the top right corner of the screen).
Also, you can go to Administration > Projects > Management to see your newly added application there

GEANT Software Development Support > Adding Projects to SonarQube > SQ_010.png

Adding your source code to the newly created project and analysing it with SonarQube

After the project has been created you need to assign the source code of the project that you want to analyse to SonarQube. As SonarQube is flexible to analyse projects this can be done in a variety of ways:

Source code only

MANUAL: Adding Source Code Directly to a SonarQube project

Using Gitlab CI

MANUAL: Continuous Integration Setup with GitLab CI and SonarQube

Using a Continuous Integration tool (Bitbucket, ...)

MANUAL: Bitbucket and SonarQube

Getting help

For more details we recommend to visit the user documentation provided by SonarQube
WP9 T2 provides the dedicated Slack channel #sonarqube-code-review to help users with any issues they may face