Skip to main content
Version: 3.13-dev

Integrate SonarQube

It is essential for KubeRocketCI to have SonarQube integrated with the platform as all the pipelines include the sonar step.

SonarQube is a powerful tool used in build and code review pipelines to enhance code quality by identifying and reporting issues, as well as providing recommendations for improvement. SonarCloud, the SaaS solution offered by SonarQube, serves this purpose.

This guide will walk you through the configuration process of SonarCloud for your project.

note

An alternative option is to use an independent SonarQube instance.

Integrate SonarCloud​

To integrate SonarCloud with the platform, follow the steps below:

  1. Sign in to SonarCloud with your GitHub account.

  2. In the top right corner of the screen, click + and select Create new organization, select GitHub, and continue with your GitHub account/organization:

    Create organization (current UI)

    note

    SonarCloud UI has changed: the flow is now Create organization -> GitHub instead of the old "import from GitHub" screen.

  3. In the Create an organization menu, choose the free plan and click Create organization:

    note

    Organization key must be unique.

    Choose plan

  4. For each SonarCloud project that KubeRocketCI analyzes with Tekton (sonar-scanner in the build or review pipeline), turn off Automatic Analysis in SonarCloud so only CI runs the scan. If you have not created those projects yet, do this after you add each repository in SonarCloud (for example while following Create Application):

    1. In SonarCloud, open the project.
    2. Go to Administration -> Analysis Method.
    3. Disable Automatic Analysis:

    Disable automatic scans

    warning

    If Automatic Analysis stays enabled while the pipeline runs sonar-scanner, SonarCloud returns an error such as You are running manual analysis while Automatic Analysis is enabled and the sonar task fails. KubeRocketCI expects a single analysis path: CI-driven scans with the token configured in the portal.

  5. In the create project page on the SonarCloud site, add new project to analyze it:

    note

    Project name in the Sonar cloud must be the same as codebase name.

    Add new project

    Set the Previous version option and click Create project:

    Add new project

  6. On the project menu, navigate to Branches menu, select master branch and rename it to main. You can skip this step if the default branch is already main:

    Change default branch

  7. Click your profile icon, open My account -> Security, enter a token name, and click Generate Token:

    warning

    Copy the generated token right away. SonarCloud shows token value only once.

    Generate token (current UI)

  8. In the KubeRocketCI portal, navigate to Configuration -> Code Quality -> SonarQube. Define the following values and click Save:

    • Quick Link URL: https://sonarcloud.io
    • URL: https://sonarcloud.io
    • Token: account token generated in SonarCloud

    SonarQube integration

After completing the SonarQube integration, proceed to integrate the platform with GitHub. Navigate to the Integrate GitHub page for further instructions.

Edit this page
Last updated on by Oleksandr_Stepanov@epam.com
Visit Main Site