Configuring the scanner
The page explains how to set up the analysis parameters for the SonarScanner for NPM.
The analysis parameters are used to set up the project analysis. The following applies:
A few analysis parameters are mandatory.
Many analysis parameters, such as those defining the analysis scope, have a default value and can be adjusted.
Other parameters allow you to include the code and test coverage in your analysis, or to import issues generated by a third-party analyzer, etc.
Introduction to the analysis parameters setup
The SonarScanner for NPM reads or receives parameters from different sources:
It gets analysis parameters through its APIs.
It reads analysis parameters from
package.json
.It reads analysis parameters from environment variables.
It reads parameters from the
sonar-project.properties
file.It gets the parameters that were set in the SonarQube Cloud UI.
Some parameters are assigned a default value.
The table below lists the different configuration methods in the order of priority in which the SonarScanner for NPM processes the corresponding parameters.
Priority (higher to lower)
Method
Description
1
API parameters
Parameters can be provided to the scanner either through the JS code API or through the command line API. This information is on the Introduction page.
2
Environment variables
Some parameters can be stored in environment variables on the CI/CD host.
4
Project configuration file
Parameters can be defined in the sonar-project.properties
file stored in the project root directory.
3
package.json
The scanner reads some analysis parameters from fields of the package.json file.
5
Default values
Some parameters are assigned a default value. The parameters considered here are parameters that cannot be set in the UI.
6
UI
Parameters can be set in the UI for a given project.
Analysis parameters read from package.json
The SonarScanner for NPM parses the package.json
file of the project to be analyzed and reads the value of the parameters below from the corresponding package.json field. For information about the listed analysis parameters, see Analysis parameters.
Analysis parameter
package.json field
sonar.projectName
name
sonar.projectVersion
version
sonar.projectDescription
description
sonar.links.homepage
homepage
sonar.links.issue
bugs.url
sonar.links.scm
repository.url
In addition, specific values may be added to the parameters listed below if particular conditions are fulfilled.
Analysis parameter
Value(s) added to
Conditions
sonar.exclusions
(see the Analysis parameters page)
sonar.javascript.lcov.reportPaths (see Test coverage parameters)
nyc.report-dir
and jest.converageDirectory
directories
If an lcov.info
file is specified in the package.json
fields nyc.report-dir
and jest.converageDirectory
sonar.testExecutionReportPaths
(see the Test execution parameters page)
Xunit.xml
file
If the package.json
has declared the dependency mocha-sonarqube-reporter
and the file xunit.xml
exists in the project directory.
Preparing the analysis parameters setup
Depending on your tool environment and strategy, and on the analysis parameter (global or not, must be securely passed or not), you may choose one or the other setup method.
All mandatory analysis parameters and some optional analysis parameters can only be set on the CI/CD host (i.e. they cannot be set in the UI). The Analysis parameters page lists these parameters and provides relevant information about each one.
Providing analysis parameters through the scanner API
See Adding the analysis step to your build files or Starting the scanner from the command line with npx articles.
Setting analysis parameters in environment variables
You can use environment variables on the CI/CD host to define analysis parameters:
Some parameters can be defined through a dedicated environment variable. For example, the
sonar.host.url
property value can be defined through theSONAR_HOST_URL
environment variable. See the parameter lists on the Analysis parameters page to know which parameters can be set as environment variables.The
SONAR_SCANNER_JSON_PARAMS
environment variable allows you to pass multiple analysis parameters in a single variable, encoded as JSON.
Example:
SONAR_SCANNER_JSON_PARAMS = { "sonar.host.url":"http://my.server", "sonar.verbose:"true"}
Setting analysis parameters in sonar-project.properties
See the Use article on the SonarScanner CLI page.
Setting analysis parameters in the SonarQube Cloud UI
You can set analysis parameters in the SonarQube Cloud UI for your project provided you have Administer permission for this project.
To set analysis parameters at the project level:
Open the project in the SonarQube Cloud UI.
In the left navigation bar of the project page, navigate to Administration > General Settings.
Last updated
Was this helpful?