Integrating SonarQube Scanner with Jenkins for Automated Code Analysis
This guide explains how to install and configure SonarQube Scanner, set up project analysis parameters, and automate code quality checks within Jenkins pipelines using shared libraries and Groovy scripts, enabling continuous inspection of Java projects.
The chapter introduces the integration of the SonarQube quality management platform with a project, targeting developers interested in DevOps.
1. Project Analysis – Installing SonarScanner
Download the SonarScanner from the official documentation URL and extract it: tar zxf sonar-scanner-xxxx.tar.gz -C /usr/local Update /etc/profile to set the scanner home and add it to PATH:
export SCANNER_HOME=/usr/local/sonar-scannerxxx
export PATH=$PATH:$SCANNER_HOME/bin
source /etc/profileScanning Parameters
Key properties include sonar.projectKey, sonar.host.url, projectName, projectVersion, login, password, projectDescription, links.homepage, sources, sourceEncoding, java.binaries, java.test.binaries, and java.surefire.report. These define the project identity, source locations, and report paths.
Run the scanner with the desired options:
sonar-scanner \
-Dsonar.host.url=http://192.168.1.200:9000 \
-Dsonar.projectKey=demo-maven-service \
-Dsonar.projectName=demo-maven-service \
-Dsonar.projectVersion=1.0 \
-Dsonar.login=admin \
-Dsonar.password=admin \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription="my first project!" \
-Dsonar.links.homepage=http://www.baidu.com \
-Dsonar.sources=src \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports2. Automated Analysis in Jenkins
Install the SonarQube Scanner plugin in Jenkins and configure the SonarQube server credentials under “Manage Jenkins → Configure System”. Add the server URL and authentication token as a secret text credential.
Create a shared library file src/org/devops/sonarqube.groovy that defines a SonarScan function. The function selects a SonarQube server from a predefined map, builds a timestamp for the version, and executes the scanner with all required parameters, including branch name.
package org.devops
//scan
def SonarScan(sonarServer, projectName, projectDesc, projectPath, branchName){
def servers = ["test":"sonarqube-test", "prod":"sonarqube-prod"]
withSonarQubeEnv("${servers[sonarServer]}"){
def scannerHome = "/home/jenkins/buildtools/sonar-scanner-3.2.0.1227-linux/"
def sonarDate = sh returnStdout: true, script: 'date +%Y%m%d%H%M%S'
sonarDate = sonarDate - "
"
sh """
${scannerHome}/bin/sonar-scanner \
-Dsonar.projectKey=${projectName} \
-Dsonar.projectName=${projectName} \
-Dsonar.projectVersion=${sonarDate} \
-Dsonar.ws.timeout=30 \
-Dsonar.projectDescription=${projectDesc} \
-Dsonar.links.homepage=http://www.baidu.com \
-Dsonar.sources=${projectPath} \
-Dsonar.sourceEncoding=UTF-8 \
-Dsonar.java.binaries=target/classes \
-Dsonar.java.test.binaries=target/test-classes \
-Dsonar.java.surefire.report=target/surefire-reports \
-Dsonar.branch.name=${branchName} -X
"""
}
}In the Jenkinsfile, load the shared library and invoke the scan:
@Library('jenkinslibrary@master') _
def sonar = new org.devops.sonarqube()
pipeline {
agent any
stages {
stage('codescan'){
steps{
script{
sonar.SonarScan('test', "${JOB_NAME}", "${JOB_NAME}", 'src')
}
}
}
}
}After the pipeline finishes, a SonarQube link appears in the build results, allowing you to view the analysis dashboard and detailed scan results.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.