Skip to content

sonarExecuteScan

Executes the Sonar scanner

Description

The step executes the sonar-scanner cli command to scan the defined sources and publish the results to a SonarQube instance. Check source repository for more details.

Usage

We recommend to define values of step parameters via .pipeline/config.yml file.
In this case, calling the step is essentially reduced to defining the step name.
Calling the step can be done either in an orchestrator specific way (e.g. via a Jenkins library step) or on the command line.

library('piper-lib-os')

sonarExecuteScan script: this

piper sonarExecuteScan

Outputs

Output type Details
influx measurement step_data
  • sonar
    • measurement sonarqube_data
    • blocker_issues
    • critical_issues
    • major_issues
    • minor_issues
    • info_issues

Prerequisites

  • The project needs a sonar-project.properties file that describes the project and defines certain settings, see here.
  • A SonarQube instance needs to be defined in the Jenkins.

Parameters

Overview - Step

Name Mandatory Additional information
script (yes) Jenkins only reference to Jenkins main pipeline script
branchName no
changeBranch no
changeId no
changeTarget no
coverageExclusions no
customScanVersion no
customTlsCertificateLinks no
disableInlineComments no
githubApiUrl no
githubToken no Vault Secret pass via ENV, Vault or Jenkins credentials (githubTokenCredentialsId)
inferBranchName no
inferJavaBinaries no
inferJavaLibraries no
instance no
legacyPRHandling no
m2Path no
options no
organization no
owner no
projectKey no
proxy no
pullRequestProvider no
repository no
serverUrl no
sonarScannerDownloadUrl no
token no Vault System Trust Secret pass via ENV, Vault, System Trust or Jenkins credentials (sonarTokenCredentialsId)
verbose no activates debug output
version no
versioningModel no
waitForQualityGate no

Overview - Execution Environment

Orchestrator-specific only

These parameters are relevant for orchestrator usage and not considered when using the command line option.

Name Mandatory Additional information
containerCommand no Jenkins only
containerShell no Jenkins only
dockerEnvVars no
dockerImage no
dockerName no
dockerOptions no
dockerPullImage no
dockerVolumeBind no Jenkins only
dockerWorkspace no Jenkins only

Details

branchName

Non-Pull-Request only: Name of the SonarQube branch that should be used to report findings to. Automatically inferred from environment variables on supported orchestrators if inferBranchName is set to true.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_branchName (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

changeBranch

Pull-Request only: The name of the pull-request branch. Automatically inferred from environment variables on supported orchestrators.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_changeBranch (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☐ steps
  • ☐ stages
Resource references none

changeId

Pull-Request only: The id of the pull-request. Automatically inferred from environment variables on supported orchestrators.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_changeId (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☐ steps
  • ☐ stages
Resource references none

changeTarget

Pull-Request only: The name of the base branch. Automatically inferred from environment variables on supported orchestrators.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_changeTarget (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☐ steps
  • ☐ stages
Resource references none

containerCommand

Jenkins-specific: Used for proper environment setup.

Kubernetes only: Allows to specify start command for container created with dockerImage parameter to overwrite Piper default (/usr/bin/tail -f /dev/null).

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

containerShell

Jenkins-specific: Used for proper environment setup.

Allows to specify the shell to be executed for container with containerName.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

coverageExclusions

A list of patterns that should be excluded from the coverage scan.

back to overview

Scope Details
Aliases -
Type []string
Mandatory no
Default $PIPER_coverageExclusions (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

customScanVersion

Defines a custom version for the Sonar scan which deviates from the typical versioning pattern using version and versioningModel. It allows to set non-numeric versions as well and supersedes the value of version which is calculated automatically. The parameter is also used by other scan steps (e.g. Detect, Fortify, WhiteSource) and thus allows a common custom version across scan tools.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_customScanVersion (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

List of download links to custom TLS certificates. This is required to ensure trusted connections to instances with custom certificates.

back to overview

Scope Details
Aliases -
Type []string
Mandatory no
Default $PIPER_customTlsCertificateLinks (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

disableInlineComments

Pull-Request only: Disables the pull-request decoration with inline comments. DEPRECATED: only supported in SonarQube < 7.2

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default false
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

dockerEnvVars

Environment variables to set in the container, e.g. [http_proxy: "proxy:8080"].

back to overview

Scope Details
Aliases -
Type map[string]string
Mandatory no
Default
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

dockerImage

Name of the docker image that should be used. If empty, Docker is not used and the command is executed directly on the Jenkins system.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default sonarsource/sonar-scanner-cli:5.0
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

dockerName

Kubernetes only: Name of the container launching dockerImage. SideCar only: Name of the container in local network.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default sonar
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

dockerOptions

Docker options to be set when starting the container.

back to overview

Scope Details
Aliases -
Type []string
Mandatory no
Default [{-u 0}]
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

dockerPullImage

Set this to 'false' to bypass a docker image pull. Useful during development process. Allows testing of images which are available in the local registry only.

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default true
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

dockerVolumeBind

Jenkins-specific: Used for proper environment setup.

Volumes that should be mounted into the docker container.

back to overview

Scope Details
Aliases -
Type map[string]string
Mandatory no
Default
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

dockerWorkspace

Jenkins-specific: Used for proper environment setup.

Kubernetes only: Specifies a dedicated user home directory for the container which will be passed as value for environment variable HOME.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

githubApiUrl

Pull-Request only: The URL to the Github API. See GitHub plugin docs DEPRECATED: only supported in SonarQube < 7.2

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default https://api.github.com
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

githubToken

Pull-Request only: Token for Github to set status on the Pull-Request.

back to overview

Scope Details
Aliases access_token
Type string
Mandatory no
Default $PIPER_githubToken (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☐ steps
  • ☐ stages
Resource references Jenkins credential id:
  id: githubTokenCredentialsId

Vault resource:
  name: githubVaultSecretName
  default value: github

Vault paths:
  • $(vaultPath)/github
  • $(vaultBasePath)/$(vaultPipelineName)/github
  • $(vaultBasePath)/GROUP-SECRETS/github

inferBranchName

Whether to infer the branchName parameter automatically based on the orchestrator-specific environment variable in runs of the pipeline.

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default false
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

inferJavaBinaries

Find the location of generated Java class files in all modules and pass the option sonar.java.binaries to the sonar tool.

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default false
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

inferJavaLibraries

If the parameter m2Path is configured for the step mavenExecute in the general section of the configuration, pass it as option sonar.java.libraries to the sonar tool.

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default false
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

instance

Jenkins only: The name of the SonarQube instance defined in the Jenkins settings. DEPRECATED: use serverUrl parameter instead

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_instance (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

legacyPRHandling

Pull-Request only: Activates the pull-request handling using the GitHub Plugin. DEPRECATED: only supported in SonarQube < 7.2

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default false
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

m2Path

Path to the location of the local repository that should be used.

back to overview

Scope Details
Aliases maven/m2Path
Type string
Mandatory no
Default $PIPER_m2Path (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

options

A list of options which are passed to the sonar-scanner.

back to overview

Scope Details
Aliases sonarProperties (deprecated)
Type []string
Mandatory no
Default $PIPER_options (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

organization

SonarCloud.io only: Organization that the project will be assigned to in SonarCloud.io.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_organization (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

owner

Pull-Request only: The owner of the scm repository.

back to overview

Scope Details
Aliases githubOrg
Type string
Mandatory no
Default $PIPER_owner (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references commonPipelineEnvironment:
  reference to: github/owner

projectKey

The project key identifies the project in SonarQube.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_projectKey (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

proxy

Proxy URL to be used for communication with the SonarQube instance.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default $PIPER_proxy (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

pullRequestProvider

Pull-Request only: The scm provider.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default GitHub
Possible values - GitHub
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

repository

Pull-Request only: The scm repository.

back to overview

Scope Details
Aliases githubRepo
Type string
Mandatory no
Default $PIPER_repository (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references commonPipelineEnvironment:
  reference to: github/repository

script

The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this parameter, as in script: this. This allows the function to access the commonPipelineEnvironment for retrieving, e.g. configuration parameters.

back to overview

Scope Details
Aliases -
Type Jenkins Script
Mandatory yes
Default
Secret no
Configuration scope
  • ☐ parameter
  • ☐ general
  • ☐ steps
  • ☐ stages
Resource references none

serverUrl

The URL to the Sonar backend. Jenkins only: The serverUrl parameter requires the instance parameter to be explicitly set to an empty string, as it will have no effect otherwise.

back to overview

Scope Details
Aliases - host
- sonarServerUrl
Type string
Mandatory no
Default $PIPER_serverUrl (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

sonarScannerDownloadUrl

URL to the sonar-scanner-cli archive.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

token

Token used to authenticate with the Sonar Server.

back to overview

Scope Details
Aliases sonarToken
Type string
Mandatory no
Default $PIPER_token (if set)
Secret yes
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☐ steps
  • ☐ stages
Resource references
Vault resource:
  name: sonarVaultSecretName
  default value: sonar

Vault paths:
  • $(vaultPath)/sonar
  • $(vaultBasePath)/$(vaultPipelineName)/sonar
  • $(vaultBasePath)/GROUP-SECRETS/sonar
Jenkins credential id:
  id: sonarTokenCredentialsId

System Trust resource:
  name: sonarSystemtrustSecretName
  value: sonar

verbose

verbose output

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default false
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

version

The project version that is reported to SonarQube.

back to overview

Scope Details
Aliases projectVersion (deprecated)
Type string
Mandatory no
Default $PIPER_version (if set)
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references commonPipelineEnvironment:
  reference to: artifactVersion

versioningModel

The versioning model used for the version when reporting the results for the project.

back to overview

Scope Details
Aliases -
Type string
Mandatory no
Default major
Possible values - major
- major-minor
- semantic
- full
Secret no
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages
Resource references none

waitForQualityGate

Whether the scan should wait for and consider the result of the quality gate.

back to overview

Scope Details
Aliases -
Type bool
Mandatory no
Default false
Possible values - true
- false
Secret no
Configuration scope
  • ☒ parameter
  • ☐ general
  • ☒ steps
  • ☒ stages
Resource references none

sonarTokenCredentialsId

Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Sonar Server.

back to overview

Scope Details
Aliases -
Type string
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages

githubTokenCredentialsId

Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Github Server.

back to overview

Scope Details
Aliases -
Type string
Configuration scope
  • ☒ parameter
  • ☒ general
  • ☒ steps
  • ☒ stages

Exceptions

none

Examples