Amazon CodeCatalyst
You can integrate SonarQube Cloud analysis into your Amazon CodeCatalyst CI/CD.
Deprecation notice
On October 7th, 2025, AWS announced the retirement of CodeCatalyst. Starting November 7th, 2025, no new spaces can be created, and access is limited to existing customers. As a consequence, this tool won't be maintained anymore starting December 16th, 2025.
Your code is built with Maven: run
org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922:sonarduring the build (more info in the SonarScanner for Maven documentation)Your code is built with Gradle: use the SonarScanner for Gradle during the build
You want to analyze a .NET solution: follow our interactive tutorial for other CI's
You want to analyze C and C++ code: rely on our SonarQube Cloud Scan for C and C++ and look at our sample C and C++ project
Your code uses another language or ecosystem: use SonarScanner CLI
To configure an analysis of your project in Amazon CodeCatalyst CI/CD, follow the SonarQube Cloud in-product tutorial when creating a new project. The tutorial will walk you through the precise steps to set up the analysis. Meanwhile, here's a summary of the basic steps you will follow:
Define the
SONAR_TOKENenvironment variable in your repository by setting up a CodeCatalyst Secret. TheSONAR_TOKENidentifies and authenticates you to SonarQube CloudDefine your main branch on SonarQube Cloud to match the one in your repository (for unbound projects only; see the Binding with the DevOps platform page)
Set the parameters used to connect to the instance and identify the project. See:
The tutorial will be populated with the correct values for your specific account. For more information about the parameter setup, see Configuration overview.
Create the
.codecatalyst/workflows/build.ymlfile that defines the steps of your build. In addition to the usual steps that build your project, you need to invoke the SonarScanner to perform the analysis of your code. This is done differently depending on your project type (detailed below)
Creating a CodeCatalyst Secret
First of all, you need to go to your CodeCatalyst project, navigate to CI/CD → Secrets and create a new secret with the following details:
In the Name field, enter
SONAR_TOKENIn the Value field, enter the token you generated on SonarQube Cloud
Defining your main branch
This step is relevant to manual projects that are not bound to a repository on one of the supported DevOps platforms.
You then need to define your main branch on SonarQube Cloud to match the one in your repository.
To do this, go to the Branches page within your SonarQube Cloud project, and rename it to match the main branch of your repository.
Analyzing a project
Create or update your .codecatalyst/workflows/build.yaml file.
The following example shows a base configuration to run a SonarQube Cloud analysis on all your branches. If you already have existing workflows, you can simply add some of these new steps to an existing one.
Create a configuration file in the root directory of the project and name it sonar-project.properties.
Analyzing a Java project with Maven
Update your pom.xml file with the properties used in the code block below.
The following example assumes the use of a newer SonarScanner and SonarQube Cloud’s EU instance. To use the US instance instead, add the sonar.region property and set it to us. For more details on this parameter, or if you're using an older scanner, see Server connection.
Create or update your .codecatalyst/workflows/build.yaml file.
The following is a base configuration to run a SonarQube Cloud analysis on all your branches. If you already have existing workflows, you can simply add some of these new steps to an existing one.
Analyzing a Java project with Gradle
Update your build.gradle file with the org.sonarqube plugin and its configuration as shown below.
The following example assumes the use of a newer SonarScanner and SonarQube Cloud’s US instance. To use the EU instance instead, remove the row with the sonar.region property. For more details on this parameter, or if you're using an older scanner, see Server connection.
Create or update your .codecatalyst/workflows/build.yaml file.
Here is a base configuration to run a SonarQube Cloud analysis on all your branches. If you already have existing workflows, you might want to just add some of these new steps to an existing one.
Analyzing a .NET solution
Create or update your .codecatalyst/workflows/build.yaml file.
The following is a base configuration to run a SonarQube Cloud analysis on all your branches. If you already have existing workflows, you might want to just add some of these new steps to an existing one.
The following example assumes the use of a newer SonarScanner and SonarQube Cloud’s US instance. To use the EU instance instead, remove the sonar.region property setting from the Run step. For more details on this parameter, or if you're using an older scanner, see Server connection.
Replace <insert_your_clean_build_command> with the actual one.
Failing the workflow when the SonarQube Cloud Quality Gate fails
In order for the workflow to fail in CodeCatalyst when the Quality Gate fails on the SonarQube Cloud side, the SonarScanner needs to wait for the report and Quality Gate status to be processed by SonarQube Cloud. To enable this feature, set the sonar.qualitygate.wait=true parameter in your workflow definition.
You can also set the sonar.qualitygate.timeout property to a maximum amount of time (in seconds) that the SonarScanner should wait for a report to be processed. The default is 300 seconds. Reaching this timeout will count as a failure and stop the CodeCatalyst workflow.
Related pages
Last updated
Was this helpful?