JS, TS, Go, Python, PHP, etc. project

Adding the SonarQube Cloud analysis to your Azure build pipeline for JavaScript, TypeScript, Go, Python, PHP, and other projects.

The setup is different depending on whether you use YAML or the Azure Classic interface.

The use of the Classic editor is not always possible (e.g. if your code is stored on GitHub).
If you use YAML, SonarSource can provide you with YAML templates or code examples.

Before you start

Before you begin, read Azure Pipelines integration overview.

The prerequisites are:

The Azure DevOps Extension is installed in your Azure DevOps organization: see Azure DevOps Extension.
Your project is created in SonarQube Server (see Creating and configuring your Azure DevOps project) and configured for Azure Pipelines (see Setting up Azure integration for your project).
The pull request and branch analysis are enabled in your pipeline.

If you need to use a specific scanner version, see Using various features.

Using YAML

Add the following SonarQube tasks to your YAML pipeline:

Before your build task, add a Prepare Analysis Configuration task.
After your build task, add a Run Code Analysis task.
After the Run Code Analysis task, add a Publish Quality Gate Result task.

See the YAML file example below. See also our YAML pipeline templates. For information about the SonarQube task inputs, see SonarQube tasks for Azure Pipelines.

Make sure the SonarQube task version used in your YAML file is the correct one. For example, in SonarQubePrepare@7, 7 should correspond to the version of the Azure DevOps Extension you’re using.

YAML file example

trigger:
- main # or another name representing your main branch
- feature/*

steps:
 # Checkout the repository
 - checkout: self
 
 # Disable shallow fetch
   fetchDepth: 0

# Prepare Analysis Configuration task
- task: SonarQubePrepare@8
  inputs:
    SonarQube: '<YourSonarqubeServerEndpoint>'
    scannerMode: 'cli'
    configMode: 'manual'
    cliProjectKey: '<YourProjectKey>'

# Add your build task(s) here

# Run Code Analysis task
- task: SonarQubeAnalyze@8
  inputs:
    jdkversion: 'JAVA_HOME_17_X64'

# Publish Quality Gate Result task
- task: SonarQubePublish@8
  inputs:
    pollingTimeoutSec: '300'

Using the Classic editor

In the procedure below, the manual configuration mode is used to define analysis parameters at the pipeline level. You may use the sonar-project.properties file instead (or another specified configuration file). For more information, see the Using various features page.

Proceed as follows:

In the Azure DevOps’ Classic editor, create or edit your build pipeline.
Add a Prepare Analysis Configuration task before your build task:
- In SonarQube Server Service Endpoint, select the SonarQube service connection you created during setup. See the Setting up Azure integration for your project page for more information about adding a connection.
- Under Choose a way to run the analysis, select Use Standalone SonarScanner CLI.
- Select the Manually provide configuration mode.
- In the Project key field, enter your project key.
Add a new Run Code Analysis task after your build task.
Add a new Publish quality gate Result on your build pipeline summary.
Ensure that the pipeline runs automatically for all the branches you want:
- Under the Triggers tab of your pipeline, select Enable continuous integration and select all the branches for which you want SonarQube Server analysis to run automatically.
Save your pipeline.

PreviousC family project NextMonorepo projects

Last updated 6 hours ago

Was this helpful?

Good afternoon

hashtagBefore you start

hashtagUsing YAML

hashtagUsing the Classic editor

hashtagRelated pages

Before you start

Using YAML

Using the Classic editor

Related pages