The Sonar Integration connects the JFrog Pipelines platform to Sonar for code analysis and write clean code.
This integration is explained using GitHub Integration (to connect pipelines.yml and Source Code to scan for code analysis) and Artifactory Integration or JFrog Platform Access Token Integration (will be deprecated soon) to use custom Docker image with SonarScanner CLI. They are optional and you can use alternative mechanisms that suit your project needs.
The following diagram illustrates the high-level overview of Integrations, Source and Pipeline.
Resources
The Sonar Integration must be used with CodeAnalysis Resource as mentioned in the example below.
The Code Analysis helps in:
Capturing Sonar Scan report.
Capturing Sonar Metrics
Linking Sonar Metrics with a Git Commit via Run, if used with a Git Resource.
- name: maven_app_sonar_report # name of the resource type: CodeAnalysis # codeAnalysis resource to capture sonar scan report configuration: integration: SonarIntegration # name of the Sonar Integration
Creating Sonar Integration
You can add this integration by following the Managing Pipelines Integrations page steps.
Prerequisites
Sonar Token with the privileges to Browse the project of specified components.
The following table shows the fields to be filled with the appropriate information to complete the Sonar Integration:
Field | Description | |||
---|---|---|---|---|
Name | Enter a friendly name for the integration | |||
Integration Type | Select Sonar from the drop-down. | |||
Provider | In the Sonar Integration, Pipelines supports the following providers: Select the provider from the drop-down as per your choice. | |||
URL | Enter the URL based on the selection of the provider. NoteIf you chose SonarCloud as a Provider, the URL is auto-populated. For Enterprise and Community editions provide the appropriate URL.
|