Analyzing Bitbucket Cloud projects

If your code is on Bitbucket Cloud, go to SonarQube Cloud and choose "Try now" or "Login," then select Bitbucket from the list of DevOps cloud platforms.

If your code is on Bitbucket Cloud, go to the SonarQube Cloud product page and choose Set up or Login, then select Bitbucket from the list of DevOps cloud platforms.

Sign up to SonarQube Cloud using Bitbucket.

You will be taken to the Bitbucket login page. Sign in using your Bitbucket credentials.

Welcome to SonarQube Cloud

Once you have successfully logged in, you will see the SonarQube Cloud welcome screen.

Select Import projects from Bitbucket.

Welcome to SonarQube Cloud for the first time.

Set up your organization

Connect your Bitbucket Cloud workspace to SonarQube Cloud

When prompted, grant access to the SonarQube Cloud application to read your Bitbucket Cloud workspace. SonarQube Cloud requests access for:

  • reading your account information.

  • reading your repositories and their pull requests.

  • reading your team membership information.

You must be an administrator of the workspace that contains the repository you want to analyze. You will already be an administrator of your default workspace. For any other workspace, you have to add your Bitbucket account to a user group with the Administer workspace user right enabled.

To avoid exceeding Bitbucket Cloud API rate limits, it is recommended to use a dedicated Bitbucket user for SonarQube Cloud integration.

Create your SonarQube Cloud organization

SonarQube Cloud is set up to mirror the way that code is organized in Bitbucket Cloud (and other repository providers):

  • Each *SonarQube Cloud project *corresponds one-to-one with a Bitbucket project, which resides in its own Git repository.

  • Bitbucket projects are grouped into Bitbucket workspaces.

  • Each SonarQube Cloud organization corresponds one-to-one with a Bitbucket workspace.

In this step, you will create a SonarQube Cloud organization that corresponds to your Bitbucket workspace.

SonarQube Cloud will suggest a key for your SonarQube Cloud organization. This is a name unique across all organizations within SonarQube Cloud. You can accept the suggestion or change it manually. The interface will prevent you from changing it to an already existing key.

Choose a plan

Next, you will be asked to choose a SonarQube Cloud Subscription plans. If all the repositories to be analyzed are public on your DevOps platform, you can select the Free plan. When using the Free plan, your code and analysis results will be publicly accessible at sonarcloud.io/explore/projects.

If you want to analyze more than 50k lines of private code, then you need to select the Team or Enterprise plan. Monthly plans offer a 14-day free trial period. Once the 14 days have elapsed, the cost is based on the number of lines of code analyzed. For more information, see Managing your subscription Introduction page for more information.

A plan is always associated one-to-one with a SonarQube Cloud organization and therefore with a single Bitbucket workspace. If you want to onboard multiple Bitbucket workspaces, you must sign up for a separate plan for each.

Once you have chosen a plan and clicked Create Organization, your SonarQube Cloud organization will be created!

Set up your analysis

Import repositories

The next step is to import the projects (that is, individual Git repositories) that you want to analyze from your Bitbucket workspace into your newly created SonarQube Cloud organization. A corresponding SonarQube Cloud project will be created for each.

SonarQube Cloud will present a list of the repositories in your Bitbucket workspace. The selected projects will be imported.

Choose the Bitbucket repositories you want to import into SonarQube Cloud.

Choose your new code definition

The next step is to set the New Code Definition (NCD) for your project(s). The NCD is a mandatory step and it defines which part of your code is considered new code. This helps you to focus your attention on the most recent changes to your code.

Set up your projects by selecting your New Code Definition.

Note that the new code definition you apply at this stage will apply to all of the projects you have selected for analysis. You can change your new code definition later on a per-project basis.

To do this, go to Your Project > Administration > New Code.

For more information, check out the Quality standards and new code page.

Configure analysis

With Bitbucket Cloud projects, the actual analysis is performed in your build environment (cloud CI, local machine, etc.). This means you have to configure your build process to perform the analysis on each build and communicate the results up to SonarQube Cloud.

We refer to this analysis method as CI-based analysis (though it may take place in a cloud CI or a manually configured build environment) to contrast it with automatic analysis which works by SonarQube Cloud directly accessing your repository and performing the analysis itself. However, Automatic analysis is currently available only for GitHub projects; it is currently not available for Bitbucket Cloud projects.

SonarQube Cloud will guide you through a tutorial on how to set up your build environment to perform analysis.

The first step is to select your build environment. SonarQube Cloud will present this page:

Choose your preferred CI tool as the SonarQube Cloud analysis method.

If you have no particular preference and are setting up a new project on Bitbucket Cloud, we recommend using Bitbucket Pipelines as your CI.

Follow the in-product tutorial to correctly set up your analysis.

See your analysis results

Once it is complete, you can view the results of your first analysis. SonarQube Cloud also displays some result data directly in the Bitbucket cloud interface itself.

In addition, please see the page on Bitbucket Pipelines to integrate SonarQube Cloud into your Bitbucket pipeline.

Sample projects

You can take a look at these various projects: Sample projects analyzed on SonarQube Cloud.

Last updated

Was this helpful?