sonarExecuteScan¶
Executes the Sonar scanner
Description¶
The step executes the sonar-scanner cli command to scan the defined sources and publish the results to a SonarQube instance. Check source repository for more details.
Usage¶
We recommend to define values of step parameters via .pipeline/config.yml file.
In this case, calling the step is essentially reduced to defining the step name.
Calling the step can be done either in an orchestrator specific way (e.g. via a Jenkins library step) or on the command line.
library('piper-lib-os')
sonarExecuteScan script: this
piper sonarExecuteScan
Outputs¶
Output type | Details |
---|---|
influx | measurement step_data
sonarqube_data |
Prerequisites¶
- The project needs a
sonar-project.properties
file that describes the project and defines certain settings, see here. - A SonarQube instance needs to be defined in the Jenkins.
Parameters¶
Overview - Step¶
Name | Mandatory | Additional information |
---|---|---|
script | (yes) | reference to Jenkins main pipeline script |
branchName | no | |
changeBranch | no | |
changeId | no | |
changeTarget | no | |
coverageExclusions | no | |
customScanVersion | no | |
customTlsCertificateLinks | no | |
disableInlineComments | no | |
githubApiUrl | no | |
githubToken | no | pass via ENV, Vault or Jenkins credentials (githubTokenCredentialsId ) |
inferBranchName | no | |
inferJavaBinaries | no | |
inferJavaLibraries | no | |
instance | no | |
legacyPRHandling | no | |
m2Path | no | |
options | no | |
organization | no | |
owner | no | |
projectKey | no | |
proxy | no | |
pullRequestProvider | no | |
repository | no | |
serverUrl | no | |
sonarScannerDownloadUrl | no | |
token | no | pass via ENV, Vault, Trust Engine or Jenkins credentials (sonarTokenCredentialsId ) |
verbose | no | activates debug output |
version | no | |
versioningModel | no | |
waitForQualityGate | no |
Overview - Execution Environment¶
Orchestrator-specific only
These parameters are relevant for orchestrator usage and not considered when using the command line option.
Name | Mandatory | Additional information |
---|---|---|
containerCommand | no | |
containerShell | no | |
dockerEnvVars | no | |
dockerImage | no | |
dockerName | no | |
dockerOptions | no | |
dockerPullImage | no | |
dockerVolumeBind | no | |
dockerWorkspace | no |
Details¶
branchName¶
Non-Pull-Request only: Name of the SonarQube branch that should be used to report findings to. Automatically inferred from environment variables on supported orchestrators if inferBranchName
is set to true.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_branchName (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
changeBranch¶
Pull-Request only: The name of the pull-request branch. Automatically inferred from environment variables on supported orchestrators.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_changeBranch (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
changeId¶
Pull-Request only: The id of the pull-request. Automatically inferred from environment variables on supported orchestrators.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_changeId (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
changeTarget¶
Pull-Request only: The name of the base branch. Automatically inferred from environment variables on supported orchestrators.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_changeTarget (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
containerCommand¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Allows to specify start command for container created with dockerImage parameter to overwrite Piper default (/usr/bin/tail -f /dev/null).
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
containerShell¶
Jenkins-specific: Used for proper environment setup.
Allows to specify the shell to be executed for container with containerName.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
coverageExclusions¶
A list of patterns that should be excluded from the coverage scan.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | $PIPER_coverageExclusions (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
customScanVersion¶
Defines a custom version for the Sonar scan which deviates from the typical versioning pattern using version
and versioningModel
.
It allows to set non-numeric versions as well and supersedes the value of version
which is calculated automatically.
The parameter is also used by other scan steps (e.g. Detect, Fortify, WhiteSource) and thus allows a common custom version across scan tools.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_customScanVersion (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
customTlsCertificateLinks¶
List of download links to custom TLS certificates. This is required to ensure trusted connections to instances with custom certificates.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | $PIPER_customTlsCertificateLinks (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
disableInlineComments¶
Pull-Request only: Disables the pull-request decoration with inline comments. DEPRECATED: only supported in SonarQube < 7.2
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerEnvVars¶
Jenkins-specific: Used for proper environment setup.
Environment variables to set in the container, e.g. [http_proxy: "proxy:8080"].
Scope | Details |
---|---|
Aliases | - |
Type | map[string]string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerImage¶
Jenkins-specific: Used for proper environment setup.
Name of the docker image that should be used. If empty, Docker is not used and the command is executed directly on the Jenkins system.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | sonarsource/sonar-scanner-cli:5.0 |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerName¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Name of the container launching dockerImage. SideCar only: Name of the container in local network.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | sonar |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerOptions¶
Jenkins-specific: Used for proper environment setup.
Docker options to be set when starting the container.
Scope | Details |
---|---|
Aliases | - |
Type | []string |
Mandatory | no |
Default | [{-u 0}] |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerPullImage¶
Jenkins-specific: Used for proper environment setup.
Set this to 'false' to bypass a docker image pull. Useful during development process. Allows testing of images which are available in the local registry only.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | true |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerVolumeBind¶
Jenkins-specific: Used for proper environment setup.
Volumes that should be mounted into the docker container.
Scope | Details |
---|---|
Aliases | - |
Type | map[string]string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
dockerWorkspace¶
Jenkins-specific: Used for proper environment setup.
Kubernetes only: Specifies a dedicated user home directory for the container which will be passed as value for environment variable HOME
.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
githubApiUrl¶
Pull-Request only: The URL to the Github API. See GitHub plugin docs DEPRECATED: only supported in SonarQube < 7.2
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | https://api.github.com |
Secret | no |
Configuration scope |
|
Resource references | none |
githubToken¶
Pull-Request only: Token for Github to set status on the Pull-Request.
Scope | Details |
---|---|
Aliases | access_token |
Type | string |
Mandatory | no |
Default | $PIPER_githubToken (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Jenkins credential id: id: githubTokenCredentialsId Vault resource: name: githubVaultSecretName default value: github Vault paths:
|
inferBranchName¶
Whether to infer the branchName
parameter automatically based on the orchestrator-specific environment variable in runs of the pipeline.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
inferJavaBinaries¶
Find the location of generated Java class files in all modules and pass the option sonar.java.binaries
to the sonar tool.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
inferJavaLibraries¶
If the parameter m2Path
is configured for the step mavenExecute
in the general section of the configuration, pass it as option sonar.java.libraries
to the sonar tool.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
instance¶
Jenkins only: The name of the SonarQube instance defined in the Jenkins settings. DEPRECATED: use serverUrl parameter instead
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_instance (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
legacyPRHandling¶
Pull-Request only: Activates the pull-request handling using the GitHub Plugin. DEPRECATED: only supported in SonarQube < 7.2
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
m2Path¶
Path to the location of the local repository that should be used.
Scope | Details |
---|---|
Aliases | maven/m2Path |
Type | string |
Mandatory | no |
Default | $PIPER_m2Path (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
options¶
A list of options which are passed to the sonar-scanner.
Scope | Details |
---|---|
Aliases | sonarProperties (deprecated) |
Type | []string |
Mandatory | no |
Default | $PIPER_options (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
organization¶
SonarCloud.io only: Organization that the project will be assigned to in SonarCloud.io.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_organization (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
owner¶
Pull-Request only: The owner of the scm repository.
Scope | Details |
---|---|
Aliases | githubOrg |
Type | string |
Mandatory | no |
Default | $PIPER_owner (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: github/owner |
projectKey¶
The project key identifies the project in SonarQube.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_projectKey (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
proxy¶
Proxy URL to be used for communication with the SonarQube instance.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | $PIPER_proxy (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
pullRequestProvider¶
Pull-Request only: The scm provider.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | GitHub |
Possible values | - GitHub |
Secret | no |
Configuration scope |
|
Resource references | none |
repository¶
Pull-Request only: The scm repository.
Scope | Details |
---|---|
Aliases | githubRepo |
Type | string |
Mandatory | no |
Default | $PIPER_repository (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: github/repository |
script¶
Jenkins-specific: Used for proper environment setup.
The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this
parameter, as in script: this
. This allows the function to access the commonPipelineEnvironment
for retrieving, e.g. configuration parameters.
Scope | Details |
---|---|
Aliases | - |
Type | Jenkins Script |
Mandatory | yes |
Default | |
Secret | no |
Configuration scope |
|
Resource references | none |
serverUrl¶
The URL to the Sonar backend. Jenkins only: The serverUrl parameter requires the instance
parameter to be explicitly set to an empty string, as it will have no effect otherwise.
Scope | Details |
---|---|
Aliases | - host - sonarServerUrl |
Type | string |
Mandatory | no |
Default | $PIPER_serverUrl (if set) |
Secret | no |
Configuration scope |
|
Resource references | none |
sonarScannerDownloadUrl¶
URL to the sonar-scanner-cli archive.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip |
Secret | no |
Configuration scope |
|
Resource references | none |
token¶
Token used to authenticate with the Sonar Server.
Scope | Details |
---|---|
Aliases | sonarToken |
Type | string |
Mandatory | no |
Default | $PIPER_token (if set) |
Secret | yes |
Configuration scope |
|
Resource references | Vault resource: name: sonarVaultSecretName default value: sonar Vault paths:
id: sonarTokenCredentialsId Trust Engine resource: name: sonarTrustengineSecretName value: sonar |
verbose¶
verbose output
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
version¶
The project version that is reported to SonarQube.
Scope | Details |
---|---|
Aliases | projectVersion (deprecated) |
Type | string |
Mandatory | no |
Default | $PIPER_version (if set) |
Secret | no |
Configuration scope |
|
Resource references | commonPipelineEnvironment: reference to: artifactVersion |
versioningModel¶
The versioning model used for the version when reporting the results for the project.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Mandatory | no |
Default | major |
Possible values | - major - major-minor - semantic - full |
Secret | no |
Configuration scope |
|
Resource references | none |
waitForQualityGate¶
Whether the scan should wait for and consider the result of the quality gate.
Scope | Details |
---|---|
Aliases | - |
Type | bool |
Mandatory | no |
Default | false |
Possible values | - true - false |
Secret | no |
Configuration scope |
|
Resource references | none |
sonarTokenCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Sonar Server.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Configuration scope |
|
githubTokenCredentialsId¶
Jenkins-specific: Used for proper environment setup. See using credentials for details.
Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Github Server.
Scope | Details |
---|---|
Aliases | - |
Type | string |
Configuration scope |
|
Exceptions¶
none