System properties common to all SonarQube editions

• sonar.multi-quality-mode.enabled
• SONAR_MULTI_QUALITY_MODE_ENABLED

Enables the Multi-Quality Rule (MQR) Mode¹⁾ in your instance.

Possible values:true or false.

• sonar.path.data
• SONAR_PATH_DATA

• sonar.path.temp
• SONAR_PATH_TEMP

• sonar.notifications.delay
• SONAR_NOTIFICATIONS_DELAY

Delay in seconds between processing of notification queue. 

Default value:60

• sonar.telemetry.enable
• SONAR_TELEMETRY_ENABLE

Enables Telemetry³⁾. By sharing anonymous SonarQube statistics, you help us understand how SonarQube is used so we can improve the product to work even better for you. We don't collect source code or IP addresses. And we don't share the data with anyone else. 

Default value:true

• sonar.jdbc.username
• SONAR_JDBC_USERNAME

• sonar.jdbc.password
• SONAR_JDBC_PASSWORD

• sonar.jdbc.url
• SONAR_JDBC_URL

Database connection string.

Oracle:

• Default value: jdbc:oracle:thin:@localhost:1521/XE

PostgreSQL:

• Default value: jdbc:postgresql://localhost/sonarqube
• By default the schema named public is used. It can be overridden with the parameter currentSchema: jdbc:postgresql://localhost/sonarqube?currentSchema=my_schema

Microsoft SQL Server:

• Default value: jdbc:sqlserver://localhost;databaseName=sonar;integratedSecurity=true
• If you're using the Integrated Security, don't use the sonar.jdbc.username and sonar.jdbc.password properties.
• If you want to use SQL Auth while connecting to MS SQL Server, use the value jdbc:sqlserver://localhost;databaseName=sonar and set the SONAR_JDBC_USERNAME and SONAR_JDBC_PASSWORD appropriately.

• sonar.embeddeddatabase.port
• SONAR_EMBEDDEDDATABASE_PORT

H2 embedded database server listening port.

Default value: 9092

• sonar.jdbc.maxActive
• SONAR_JDBC_MAXACTIVE

The maximum number of active connections that can be allocated at the same time, or negative for no limit. The recommended value is 1.2 * max sizes of HTTP pools. For example, if HTTP ports are enabled with default sizes (50, see property sonar.web.http.maxThreads) then sonar.jdbc.maxActive should be 1.2 * 50 = 60.

Default value: 60

• sonar.jdbc.maxIdle
• SONAR_JDBC_MAXIDLE

The maximum number of connections that can remain idle in the pool, without extra ones being released, or negative for no limit.

Default value: 5

• sonar.jdbc.minIdle
• SONAR_JDBC_MINIDLE

The minimum number of connections that can remain idle in the pool, without extra ones being created, or zero to create none.

Default value: 2

• sonar.jdbc.maxWait
• SONAR_JDBC_MAXWAIT

The maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception, or <= 0 to wait indefinitely.

Default value: 5000

• sonar.web.javaOpts
• SONAR_WEB_JAVAOPTS

• sonar.web.javaAdditionalOpts
• SONAR_WEB_JAVAADDITIONALOPTS

Is used to customize JVM options for the Web server process by adding them to the existing options.

Note: If this variable is used with SONAR_WEB_JAVAOPTS, its content is appended to SONAR_WEB_JAVAOPTS.

• sonar.web.host
• SONAR_WEB_HOST

For servers with more than one IP address, this property specifies which address will be used for listening on the specified ports. 

Default value: 0.0.0.0 (ports will be used on all IP addresses associated with the server)

• sonar.web.port
• SONAR_WEB_PORT

TCP port for incoming HTTP connections.

Default value: 9000

• sonar.web.context
• SONAR_WEB_CONTEXT

Web context specifying the path at which to serve SonarQube. For example, with sonar.web.port=9000 and sonar.web.context=/sonarqube, you will access the web interface at http://localhost:9000/sonarqube.

Example: /sonarqube (must start with a forward slash)

Default value: empty (root context)

• sonar.web.http.maxThreads
• SONAR_WEB_HTTP_MAXTHREADS

The maximum number of connections that the server will accept and process at any given time. When this number has been reached, the server will not accept any more connections until the number of connections falls below this value. The operating system may still accept connections based on the sonar.web.connections.acceptCount property. 

Default value: 50

• sonar.web.http.minThreads
• SONAR_WEB_HTTP_MINTHREADS

The minimum number of threads always kept running. 

Default value: 5

• sonar.web.http.acceptCount
• SONAR_WEB_HTTP_ACCEPTCOUNT

The maximum queue length for incoming connection requests when all possible request processing threads are in use. Any requests received when the queue is full will be refused. 

Default value: 25

• sonar.web.http.keepAliveTimeout
• SONAR_WEB_HTTP_KEEPALIVETIMEOUT

The number of milliseconds this Connector will wait for another HTTP request before closing the connection. Use a value of -1 to indicate no (i.e. infinite) timeout. 

Default value: 60000 (ms)

• sonar.auth.jwtBase64hs256secret
• SONAR_AUTH_JWTBASE64HS256SECRET

• sonar.web.sessionTimeoutInMinutes
• SONAR_WEB_SESSIONTIMEOUTINMINUTES

Inactive session timeout (in minutes). The maximum time a user can remain idle (no activity) before the session ends. If the user does not interact with the system within this time, they are logged out.

Default value: 4320 (3 days)

Minimum value: 6

Maximum value: 129 600 (90 days)

• sonar.web.activeSessionTimeoutInMinutes

This property is supported starting in SonarQube Server's Enterprise Edition.

Active session timeout (in minutes). The maximum time a user can remain logged in, regardless of activity. After this time, the session ends automatically even if the user is actively using the system.

Default value: 129 600 (90 days)

Minimum value:15

Maximum value: 129 600 (90 days)

sonar.web.systemPassCode

SONAR_WEB_SYSTEMPASSCODE

• sonar.web.sso.enable
• SONAR_WEB_SSO_ENABLE

Enable authentication using HTTP headers.

Default value: false

• sonar.web.sso.loginheader
• SONAR_WEB_SSO_LOGINHEADER

The name of the header to get the user login. Only alphanumeric, '.' and '@' characters are allowed.

Default value: X-Forwarded-Login

• sonar.web.sso.nameheader
• SONAR_WEB_SSO_NAMEHEADER

• sonar.web.sso.emailheader
• SONAR_WEB_SSO_EMAILHEADER

The name of the header to get the user email (optional)

Default value: X-Forwarded-Email

• sonar.web.sso.groupsheader
• SONAR_WEB_SSO_GROUPSHEADER

The name of the header to get the list of user groups, separated by comma (optional). If this property is set, the user will belong to those groups if groups exist in SonarQube. If none of the provided groups exists in SonarQube, the user will only belong to the default group. Note that the default group will always be set.

Default value: X-Forwarded-Groups

• sonar.web.sso.refreshintervalinminutes
• SONAR_WEB_SSO_REFRESHINTERVALINMINUTES

The interval used to know when to refresh name, email, and groups. During this interval, if for instance the name of the user is changed in the header, it will only be updated after X minutes.

Default value: 5

• sonar.security.realm
• SONAR_SECURITY_REALM

Enables the LDAP feature. If set to LDAP, authentication against the external sytem is performed. If the external system is not reachable or if the user is not defined in the external system, authentication will be performed against SonarQube's internal database.

Possible value:LDAP

• sonar.authenticator.downcase
• SONAR_AUTHENTICATOR_DOWNCASE

Is intended to be set to true when the backend LDAP system is configured for case-insensitivity (user's input is transformed to lowercase and this value is used as the SonarQube user name). 

Default value: false

• ldap.url
• LDAP_URL

URL of the LDAP server. If you are using ldaps, you should install the server certificate into the Java truststore.

Example: ldap://localhost:10389

• ldap.bindDn
• LDAP_BINDDN

The username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory.

Example: cn=sonar,ou=users,o=mycompany

• ldap.bindPassword
• LDAP_BINDPASSWORD

The password of the user to connect with. Leave this blank for anonymous access to the LDAP directory.

Example: secret

• ldap.authentication
• LDAP_AUTHENTICATION

Possible values: simple, CRAM-MD5, DIGEST-MD5, GSSAPI. See the tutorial on authentication mechanisms

Possible values: simple (default), CRAM-MD5, DIGEST-MD5, GSSAPI

• ldap.realm
• LDAP_REALM

See Digest-MD5 Authentication, CRAM-MD5 Authentication

Example: example.org

• ldap.contextFactoryClass
• LDAP_CONTEXTFACTORYCLASS

Context factory class.

Default value: com.sun.jndi.ldap.LdapCtxFactory

• ldap.StartTLS
• LDAP_STARTTLS

Enables the use of StartTLS.

Default value: false

• ldap.followReferrals
• LDAP_FOLLOWREFERRALS

Follow referrals or not. See Referrals in the JNDI

Default value: true

• ldap.saslQop

Quality of protection request.

Example: auth

• ldap.saslStrength

Cryptographic protection request.

Example: medium

• ldap.saslMaxbuf

• ldap.user.baseDn
• LDAP_USER_BASEDN

Distinguished Name (DN) of the root node in LDAP from which to search for users.

Example for Active Directory: cn=users,dc=example,dc=org

• ldap.user.request
• LDAP_USER_REQUEST

LDAP user request.

Default value:(&(objectClass=inetOrgPerson)(uid={login}))

Example for Active Directory: (&(objectClass=user)(sAMAccountName={login}))

• ldap.user.realNameAttribute
• LDAP_USER_REALNAMEATTRIBUTE

Attribute in LDAP defining the user’s real name.

Default value: cn

• ldap.user.emailAttribute
• LDAP_USER_EMAILATTRIBUTE

Attribute in LDAP defining the user’s email.

Default value: mail

• ldap.group.baseDn
• LDAP_GROUP_BASEDN

Distinguished Name (DN) of the root node in LDAP from which to search for groups.

Example for Active Directory: cn=groups,dc=example,dc=org

• ldap.group.request
• LDAP_GROUP_REQUEST

LDAP group request.

Default value:(&(objectClass=groupOfUniqueNames)(uniqueMember={dn}))

Example for Active Directory: (&(objectClass=group)(member={dn}))

• ldap.group.idAttribute
• LDAP_GROUP_IDATTRIBUTE

Property used to specifiy the attribute to be used for returning the list of user groups in the compatibility mode.

Default value: cn

• sonar.ce.javaOpts
• SONAR_CE_JAVAOPTS

• sonar.ce.javaAdditionalOpts
• SONAR_CE_JAVAADDITIONALOPTS

Is used to customize JVM options for the Compute Engine process by adding them to the existing options.

Note: If this variable is used with SONAR_CE_JAVAOPTS, its content is appended to SONAR_CE_JAVAOPTS.

• sonar.search.javaOpts
• SONAR_SEARCH_JAVAOPTS

• sonar.search.javaAdditionalOpts
• SONAR_SEARCH_JAVAADDITIONALOPTS

Is used to customize JVM options for the Elasticsearch process by adding them to the existing options.

Note: If this variable is used with SONAR_SEARCH_JAVAOPTS, its content is appended to SONAR_SEARCH_JAVAOPTS.

• sonar.search.port
• SONAR_SEARCH_PORT

Elasticsearch port. Use 0 to get a free port. As a security precaution, should be blocked by a firewall and not exposed to the Internet.

Default value: 9001

• sonar.search.host
• SONAR_SEARCH_HOST

• sonar.updatecenter.activate
• SONAR_UPDATECENTER_ACTIVATE

Specifies whether the SonarQube's Marketplace automatically searches for plugin updates. 

Default value:true

• sonar.http.proxyhost
• HTTP_PROXYHOST

• sonar.http.proxyport
• HTTP_PROXYPORT

• sonar.https.proxyhost
• HTTPS_PROXYHOST

HTTPS proxy host.

Default value: sonar.http.proxyhost or HTTP_PROXYHOST value, respectively.

• sonar.https.proxyport
• HTTPS_PROXYPORT

HTTPS proxy port number.

Default value: sonar.http.proxyport or HTTP_PROXYPORT value, respectively.

• http.auth.ntlm.domain
• HTTP_AUTH_NTLM_DOMAIN

• socksProxyHost
• SOCKSPROXYHOST

• socksProxyPort
• SOCKSPROXYPORT

• sonar.http.proxyuser
• HTTP_PROXYPASSWORD

• sonar.http.nonproxyhosts
• HTTP_NONPROXYHOSTS

List of hosts that can be accessed without going through the proxy.

The list items are separated by the '|' character. The wildcard character '*' can be used for pattern matching used for HTTP and HTTPS.

Note: Localhost and its literal notations (e.g. 127.0.0.1) are always excluded.

• sonar.log.level
• SONAR_LOG_LEVEL

Global level of logs (applies to all 4 processes).

Possible values:INFO (default), DEBUG, and TRACE.

• sonar.log.level.<process>
• SONAR_LOG_LEVEL_<PROCESS>

where <process> can be:

• app: main process
• web: Web server process
• ce: Compute Engine process
• es: Elasticsearch process

Level of logs for each process. When specified, they overwrite the level defined at the global level. 

Possible values: INFO, DEBUG, and TRACE

• sonar.path.logs
• SONAR_PATH_LOGS

Path to log files. Can be absolute or relative to the SonarQube home directory¹⁾. 

Default value:/logs

• sonar.log.rollingPolicy
• SONAR_LOG_ROLLINGPOLICY

Rolling policy of log files (including the access log).

Possible values: 

• time:<value>: the rolling policy is based on time.
  Example: by day (time:yyyy-MM-dd) or by month (time:yyyy-MM).
• size:<value>: the rolling policy is based on size.
  Example: size:10MB
• none: the rolling policy is disabled. Typically this would be used when logs are handled by an external system like logrotate.

Default value:time:yyyy-MM-dd

• sonar.log.maxFiles
• SONAR_LOG_MAXFILES

Maximum number of files to keep if a rolling policy is enabled.

The maximum value is:

• For a size rolling policy: 20.
• For a time rolling poilicy: unlimited. 

Set to zero to disable old file purging.

• sonar.log.jsonOutput
• SONAR_LOG_JSONOUTPUT

Converts the log output to JSON.

Possible values: true or false.

• sonar.web.accessLogs.enable
• SONAR_WEB_ACCESSLOGS_ENABLE

• sonar.web.accessLogs.pattern
• SONAR_WEB_ACCESSLOGS_PATTERN

If the access log is enabled, format of the access log.

Possible values:

• common : The Common Log Format, shortcut to:  %h %l %u %user %date "%r" %s %b
• combined : Another format widely recognized, shortcut to:  %h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}"
•  custom pattern: see http://logback.qos.ch/manual/layouts.html#AccessPatternLayout.

Default value:%h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}" "%reqAttribute{ID}"

Notes:

• The login of an authenticated user is implemented with %reqAttribute{LOGIN}.
• The token name used for requests will be added to the access log if the %reqAttribute{TOKEN_NAME} is added.
• The SonarQube's HTTP request ID is implemented with %reqAttribute{ID}.

• sonar.aid.codefix.hidden
• SONAR_AI_CODEFIX_HIDDEN

Disables the AI CodeFix feature¹⁾ completely in SonarQube Server and hides the feature from all users, including System Adminstrators. 

Default value: false