Resolving Common SonarQube Platform Issues: Data Instability, Rule Configuration, and Project Authorization
This article explains how to address three common SonarQube challenges—data instability across branches, difficulty assigning quality profiles, and project permission management—by creating per‑branch projects, using Jenkins pipeline scripts with Sonar REST APIs, and applying permission templates to streamline large‑scale code‑quality scanning.
Author Zeyang, a DevOps engineer with 4‑5 years of experience, shares practical solutions for common SonarQube problems encountered in large‑scale code scanning.
Problem 1 – Data instability: The open‑source edition does not support multiple branches per project, causing data fluctuations when all branches share a single Sonar project. The author proposes creating a separate Sonar project for each feature branch (e.g., serviceName_featureBranch), which isolates data but introduces management overhead.
Problem 2 – Rule configuration: New projects need specific quality profiles, but the default “-Dsonar.xxxx” parameters cannot set a profile per branch. The solution is to add a Jenkins pipeline step that checks project existence, creates the project via the Sonar REST API, and assigns the desired quality profile before scanning. The following Groovy script (intended for a Jenkins Shared Library) implements the required API calls:
package com.devops
// Http request helper
def HttpReq(reqType, reqUrl, reqBody) {
result = httpRequest authentication: 'my-credential-id',
httpMode: reqType,
contentType: "APPLICATION_JSON",
consoleLogResponseBody: true,
ignoreSslErrors: true,
requestBody: reqBody,
//responseHandle: 'NONE',
url: reqUrl
return result
}
// Search project
def SearchProject(projectName){
apiUrl = "http://my-sonar-server/api/projects/search?projects=${projectName}"
resultInfo = HttpReq("GET", apiUrl, '')
def result = readJSON text: "${resultInfo.content}"
if (result["paging"]["total"] == 0 ){
return "false"
} else {
return result
}
}
// Create project
def CreateProject(projectName){
apiUrl = "http://my-sonar-server/api/projects/create?name=${projectName}&project=${projectName}"
resultInfo = HttpReq("POST", apiUrl, '')
}
// Update quality profile
def UpdateQuality(language, qualityProfile, projectName){
apiUrl = "http://my-sonar-server/api/qualityprofiles/add_project?language=${language}&qualityProfile=${qualityProfile}&project=${projectName}"
resultInfo = HttpReq("POST", apiUrl, '')
}
// Apply permission template
def ApplyTemplate(projectKey, templateName){
apiUrl = "http://my-sonar-server/api/permissions/apply_template?projectKey=${projectName}&templateName=${templateName}"
resultInfo = HttpReq("POST", apiUrl, '')
}Problem 3 – Project authorization: After project creation, the new project must have a permission template applied; otherwise team members cannot access it. The author recommends invoking api/permissions/apply_template via the same Jenkins pipeline after the scan.
In summary, the author integrates Jenkins with SonarQube through REST APIs to automate project creation, quality‑profile assignment, and permission‑template application, thereby solving data, rule, and authorization issues for large‑scale SonarQube deployments.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
DevOps Cloud Academy
Exploring industry DevOps practices and technical expertise.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.