Sonar Integration

JFrog Pipelines Documentation

JFrog Pipelines
Content Type
User Guide

The Sonar Integration connects the JFrog Pipelines platform to Sonar for code analysis and write clean code.

This integration is explained using GitHub Integration (to connect pipelines.yml and Source Code to scan for code analysis) and Artifactory Integration or JFrog Platform Access Token Integration (will be deprecated soon) to use custom Docker image with SonarScanner CLI. They are optional and you can use alternative mechanisms that suit your project needs.

The following diagram illustrates the high-level overview of Integrations, Source and Pipeline.



The Sonar Integration must be used with CodeAnalysis Resource as mentioned in the example below.

The Code Analysis helps in:

  • Capturing Sonar Scan report.

  • Capturing Sonar Metrics

  • Linking Sonar Metrics with a Git Commit via Run, if used with a Git Resource.

  - name: maven_app_sonar_report                              # name of the resource
    type: CodeAnalysis                                        # codeAnalysis resource to capture sonar scan report
      integration: SonarIntegration                           # name of the Sonar Integration

Creating Sonar Integration

You can add this integration by following the Managing Pipelines Integrations  page steps.


Sonar Token with the privileges to Browse the project of specified components.

The following table shows the fields to be filled with the appropriate information to complete the Sonar Integration:




Enter a friendly name for the integration

Integration Type

Select Sonar from the drop-down.


In the Sonar Integration, Pipelines supports the following providers:

Select the provider from the drop-down as per your choice.


Enter the URL based on the selection of the provider.


If you chose SonarCloud as a Provider, the URL is auto-populated. For Enterprise and Community editions provide the appropriate URL.

SonarCloud Provider

Sonarqube Enterprise / Community Edition