Sonar Integration

JFrog Pipelines Documentation

Products
JFrog Pipelines
Content Type
User Guide
ft:sourceType
Paligo

The Sonar Integration connects the JFrog Pipelines platform to Sonar for code analysis and write clean code.

This integration is explained using GitHub Integration (to connect pipelines.yml and Source Code to scan for code analysis) and Artifactory Integration or JFrog Platform Access Token Integration (will be deprecated soon) to use custom Docker image with SonarScanner CLI. They are optional and you can use alternative mechanisms that suit your project needs.

The following diagram illustrates the high-level overview of Integrations, Source and Pipeline.

SonarIntegration_WorkFlow.png

Resources

The Sonar Integration must be used with CodeAnalysis Resource as mentioned in the example below.

The Code Analysis helps in:

  • Capturing Sonar Scan report.

  • Capturing Sonar Metrics

  • Linking Sonar Metrics with a Git Commit via Run, if used with a Git Resource.

  - name: maven_app_sonar_report                              # name of the resource
    type: CodeAnalysis                                        # codeAnalysis resource to capture sonar scan report
    configuration:
      integration: SonarIntegration                           # name of the Sonar Integration

Creating Sonar Integration

You can add this integration by following the Managing Pipelines Integrations  page steps.

Prerequisites

Sonar Token with the privileges to Browse the project of specified components.

The following table shows the fields to be filled with the appropriate information to complete the Sonar Integration:

Field

Description

Name

Enter a friendly name for the integration

Integration Type

Select Sonar from the drop-down.

Provider

In the Sonar Integration, Pipelines supports the following providers:

Select the provider from the drop-down as per your choice.

URL

Enter the URL based on the selection of the provider.

Note

If you chose SonarCloud as a Provider, the URL is auto-populated. For Enterprise and Community editions provide the appropriate URL.

SonarCloud Provider

Sonarqube Enterprise / Community Edition