circle-exclamation
We've updated our static IP addresses. GitHub Enterprise users should update their allowlists.
chevron-right
search
Start FreeLogin

Configuring the scanner

The page explains how to set up the analysis parameters for the SonarScanner for NPM.

The analysis parameters are used to set up the project analysis. For more information, see General configuration guidelines.

Depending on your tool environment and strategy, and on the analysis parameter (global or not, must be securely passed or not), you may choose one or the other setup method described on this page.

hashtag
Introduction to the analysis parameters setup

The SonarScanner for NPM reads or receives parameters from different sources:

  • It gets analysis parameters through its APIs.

  • It reads analysis parameters from package.json.

  • It reads analysis parameters from environment variables.

  • It reads parameters from the sonar-project.propertiesfile.

  • It gets the parameters that were set in the SonarQube Cloud UI.

  • Some parameters are assigned a default value.

The table below lists the different configuration methods in the order of priority in which the SonarScanner for NPM processes the corresponding parameters.

Priority (higher to lower)
Method
Description

1

API parameters

Parameters can be provided to the scanner either through the JS code API or through the command line API.

2

Environment variables

Some parameters can be stored in environment variables on the CI/CD host.

4

Project configuration file

Parameters can be defined in the sonar-project.properties file stored in the project root directory.

3

package.json

The scanner reads some analysis parameters from fields of the package.json file.

5

Default values

Some parameters are assigned a default value. The parameters considered here are parameters that cannot be set in the UI.

6

UI

Parameters can be set in the UI for a given project.

hashtag
Analysis parameters read from package.json

The SonarScanner for NPM parses the package.json file of the project to be analyzed and reads the value of the parameters below from the corresponding package.json field. For information about the listed analysis parameters, see Parameters not settable in the UI.

Analysis parameter
package.json field

sonar.projectName

name

sonar.projectVersion

version

sonar.projectDescription

description

sonar.links.homepage

homepage

sonar.links.issue

bugs.url

sonar.links.scm

repository.url

In addition, specific values may be added to the parameters listed below if particular conditions are fulfilled.

Analysis parameter
Value(s) added to
Conditions

sonar.exclusions sonar.javascript.lcov.reportPaths

nyc.report-dir and jest.converageDirectory directories

If an lcov.info file is specified in the package.json fields nyc.report-dir and jest.converageDirectory

sonar.testExecutionReportPath

Xunit.xml file

If the package.json has declared the dependency mocha-sonarqube-reporter and the file xunit.xml exists in the project directory.

hashtag
Providing analysis parameters through the scanner API

See Adding the analysis step to your build files or Starting the scanner from the command line with npx articles.

hashtag
Setting analysis parameters in environment variables

You can use environment variables on the CI/CD host to define analysis parameters:

  • Some parameters can be defined through a dedicated environment variable. For example, the sonar.region property value can be defined through the SONAR_REGION environment variable. See Parameters not settable in the UIto know which parameters can be set as environment variables.

  • The SONAR_SCANNER_JSON_PARAMS environment variable allows you to pass multiple analysis parameters in a single variable, encoded as JSON.

Example:

circle-info

Parameters set through their respective environment variable (e.g. SONAR_REGION) have precedence over parameters set through SONAR_SCANNER_JSON_PARAMS.

hashtag
Setting analysis parameters in sonar-project.properties

See the Use article on the SonarScanner CLI page.

hashtag
Setting analysis parameters in the SonarQube Cloud UI

You can set analysis parameters in the SonarQube Cloud UI for your project provided you have Administer permission for this project.

To set analysis parameters at the project level:

  1. Open the project in the SonarQube Cloud UI.

  2. In the left navigation bar of the project page, navigate to Administration > General Settings.

hashtag
Related pages

PreviousUsing the scannerNextSonarScanner for Python

Last updated

Was this helpful?