List of properties common to all editions

sonar.multi-quality-mode.enabled

SONAR_MULTI_QUALITY_MODE_ENABLED

Enables the Multi-Quality Rule (MQR) Mode¹⁾ in your instance.

Possible values:true or false.

sonar.path.data

SONAR_PATH_DATA

Path to the directory used by SonarQube to store persistent data file. The path can be absolute or relative to the SonarQube home directory²⁾.

sonar.path.temp

SONAR_PATH_TEMP

Path to the directory used by SonarQube to store temporary files. The path can be absolute or relative to the SonarQube home directory²⁾.

sonar.notifications.delay

SONAR_NOTIFICATIONS_DELAY

Delay in seconds between processing of notification queue.

Default value:60

sonar.telemetry.enable

SONAR_TELEMETRY_ENABLE

Enables Telemetry³⁾. By sharing anonymous SonarQube statistics, you help us understand how SonarQube is used so we can improve the product to work even better for you. We don’t collect source code or IP addresses. And we don’t share the data with anyone else.

Default value:true

sonar.jdbc.username

SONAR_JDBC_USERNAME

JDBC user name.

sonar.jdbc.password

SONAR_JDBC_PASSWORD

JDBC user password.

sonar.jdbc.url

SONAR_JDBC_URL

Database connection string.

Oracle:

• Default value: jdbc:oracle:thin:@localhost:1521/XE

PostgreSQL:

• Default value: jdbc:postgresql://localhost/sonarqube

• By default the schema named public is used. It can be overridden with the parameter currentSchema: jdbc:postgresql://localhost/sonarqube?currentSchema=my_schema

Microsoft SQL Server:

• Default value: jdbc:sqlserver://localhost;databaseName=sonar;integratedSecurity=true

• If you’re using the Integrated Security, don’t use the sonar.jdbc.username and sonar.jdbc.password properties.

• If you want to use SQL Auth while connecting to MS SQL Server, use the value jdbc:sqlserver://localhost;databaseName=sonar and set the SONAR_JDBC_USERNAME and SONAR_JDBC_PASSWORD appropriately.

sonar.embeddeddatabase.port

SONAR_EMBEDDEDDATABASE_PORT

H2 embedded database server listening port.

Default value: 9092

sonar.jdbc.maxActive

SONAR_JDBC_MAXACTIVE

The maximum number of active connections that can be allocated at the same time, or negative for no limit. The recommended value is 1.2 * max sizes of HTTP pools. For example, if HTTP ports are enabled with default sizes (50, see property sonar.web.http.maxThreads) then sonar.jdbc.maxActive should be 1.2 * 50 = 60.

Default value: 60

sonar.jdbc.maxIdle

SONAR_JDBC_MAXIDLE

The maximum number of connections that can remain idle in the pool, without extra ones being released, or negative for no limit.

Default value: 5

sonar.jdbc.minIdle

SONAR_JDBC_MINIDLE

The minimum number of connections that can remain idle in the pool, without extra ones being created, or zero to create none.

Default value: 2

sonar.jdbc.maxWait

SONAR_JDBC_MAXWAIT

The maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception, or <= 0 to wait indefinitely.

Default value: 5000

sonar.web.javaOpts

SONAR_WEB_JAVAOPTS

Is used to customize JVM options for the Web server process by overriding all the existing options.

sonar.web.javaAdditionalOpts

SONAR_WEB_JAVAADDITIONALOPTS

Is used to customize JVM options for the Web server process by adding them to the existing options.

Note: If this variable is used with SONAR_WEB_JAVAOPTS, its content is appended to SONAR_WEB_JAVAOPTS.

sonar.web.host

SONAR_WEB_HOST

For servers with more than one IP address, this property specifies which address will be used for listening on the specified ports.

Default value: 0.0.0.0 (ports will be used on all IP addresses associated with the server)

sonar.web.port

SONAR_WEB_PORT

TCP port for incoming HTTP connections.

Default value: 9000

sonar.web.context

SONAR_WEB_CONTEXT

Web context specifying the path at which to serve SonarQube. For example, with sonar.web.port=9000 and sonar.web.context=/sonarqube, you will access the web interface at http://localhost:9000/sonarqube.

Example: /sonarqube (must start with a forward slash)

Default value: empty (root context)

sonar.web.http.maxThreads

SONAR_WEB_HTTP_MAXTHREADS

The maximum number of connections that the server will accept and process at any given time. When this number has been reached, the server will not accept any more connections until the number of connections falls below this value. The operating system may still accept connections based on the sonar.web.connections.acceptCount property.

Default value: 50

sonar.web.http.minThreads

SONAR_WEB_HTTP_MINTHREADS

The minimum number of threads always kept running.

Default value: 5

sonar.web.http.acceptCount

SONAR_WEB_HTTP_ACCEPTCOUNT

The maximum queue length for incoming connection requests when all possible request processing threads are in use. Any requests received when the queue is full will be refused.

Default value: 25

sonar.web.http.keepAliveTimeout

SONAR_WEB_HTTP_KEEPALIVETIMEOUT

The number of milliseconds this Connector will wait for another HTTP request before closing the connection. Use a value of -1 to indicate no (i.e. infinite) timeout.

Default value: 60000 (ms)

sonar.auth.jwtBase64hs256secret

SONAR_AUTH_JWTBASE64HS256SECRET

By default, users are logged out and sessions closed when server is restarted. If you prefer keeping user sessions open, a secret should be defined. Value is HS256 key encoded with base64¹⁾. It must be unique for each installation of SonarQube.

sonar.web.sessionTimeoutInMinutes

SONAR_WEB_SESSIONTIMEOUTINMINUTES

Inactive session timeout (in minutes). The maximum time a user can remain idle (no activity) before the session ends. If the user does not interact with the system within this time, they are logged out.

Default value: 4320 (3 days)

Minimum value: 6

Maximum value: 129 600 (90 days)

sonar.web.activeSessionTimeoutInMinutes

This property is supported starting in SonarQube Server’s Enterprise Edition.

Active session timeout (in minutes). The maximum time a user can remain logged in, regardless of activity. After this time, the session ends automatically even if the user is actively using the system.

Default value: 129 600 (90 days)

Minimum value:15

Maximum value: 129 600 (90 days)

sonar.web.systemPassCode

SONAR_WEB_SYSTEMPASSCODE

A passcode can be defined to access some web services from monitoring tools without having to use the credentials of a system administrator. Check the Web API documentation to know which web services are supporting this authentication mode. The passcode should be provided in HTTP requests with the header "X-Sonar-Passcode"¹⁾. By default, feature is disabled.

• sonar.web.sso.enable

• SONAR_WEB_SSO_ENABLE

Enable authentication using HTTP headers.

Default value: false

• sonar.web.sso.loginheader

• SONAR_WEB_SSO_LOGINHEADER

The name of the header to get the user login. Only alphanumeric, ‘.’ and ‘@’ characters are allowed.

Default value: X-Forwarded-Login

• sonar.web.sso.nameheader

• SONAR_WEB_SSO_NAMEHEADER

The name of the header to get the user name. Default value: X-Forwarded-Name

• sonar.web.sso.emailheader

• SONAR_WEB_SSO_EMAILHEADER

The name of the header to get the user email (optional)

Default value: X-Forwarded-Email

• sonar.web.sso.groupsheader

• SONAR_WEB_SSO_GROUPSHEADER

The name of the header to get the list of user groups, separated by comma (optional). If this property is set, the user will belong to those groups if groups exist in SonarQube. If none of the provided groups exists in SonarQube, the user will only belong to the default group. Note that the default group will always be set.

Default value: X-Forwarded-Groups

• sonar.web.sso.refreshintervalinminutes

• SONAR_WEB_SSO_REFRESHINTERVALINMINUTES

The interval used to know when to refresh name, email, and groups. During this interval, if for instance the name of the user is changed in the header, it will only be updated after X minutes.

Default value: 5

sonar.security.realm

SONAR_SECURITY_REALM

Enables the LDAP feature. If set to LDAP, authentication against the external sytem is performed. If the external system is not reachable or if the user is not defined in the external system, authentication will be performed against SonarQube’s internal database.

Possible value:LDAP

Yes

sonar.authenticator.downcase

SONAR_AUTHENTICATOR_DOWNCASE

Is intended to be set to true when the backend LDAP system is configured for case-insensitivity (user’s input is transformed to lowercase and this value is used as the SonarQube user name).

Default value: false

No

ldap.url

LDAP_URL

URL of the LDAP server. If you are using ldaps, you should install the server certificate into the Java truststore.

Example: ldap://localhost:10389

Yes

ldap.bindDn

LDAP_BINDDN

The username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory.

Example: cn=sonar,ou=users,o=mycompany

No

ldap.bindPassword

LDAP_BINDPASSWORD

The password of the user to connect with. Leave this blank for anonymous access to the LDAP directory.

Example: secret

No

ldap.authentication

LDAP_AUTHENTICATION

Possible values: simple, CRAM-MD5, DIGEST-MD5, GSSAPI. See the tutorial on authentication mechanisms

Possible values: simple (default), CRAM-MD5, DIGEST-MD5, GSSAPI

No

ldap.realm

LDAP_REALM

See Digest-MD5 Authentication, CRAM-MD5 Authentication

Example: example.org

No

ldap.contextFactoryClass

LDAP_CONTEXTFACTORYCLASS

Context factory class.

Default value: com.sun.jndi.ldap.LdapCtxFactory

No

ldap.StartTLS

LDAP_STARTTLS

Enables the use of StartTLS.

Default value: false

No

ldap.followReferrals

LDAP_FOLLOWREFERRALS

Follow referrals or not. See Referrals in the JNDI

Default value: true

ldap.saslQop

Quality of protection request.

Example: auth

No

ldap.saslStrength

Cryptographic protection request.

Example: medium

No

ldap.saslMaxbuf

Maximum receive buffer size.

No

ldap.user.baseDn

LDAP_USER_BASEDN

Distinguished Name (DN) of the root node in LDAP from which to search for users.

Example for Active Directory: cn=users,dc=example,dc=org

Yes

ldap.user.request

LDAP_USER_REQUEST

LDAP user request.

Default value:(&(objectClass=inetOrgPerson)(uid={login}))

Example for Active Directory: (&(objectClass=user)(sAMAccountName={login}))

No

ldap.user.realNameAttribute

LDAP_USER_REALNAMEATTRIBUTE

Attribute in LDAP defining the user’s real name.

Default value: cn

No

ldap.user.emailAttribute

LDAP_USER_EMAILATTRIBUTE

Attribute in LDAP defining the user’s email.

Default value: mail

No

ldap.group.baseDn

LDAP_GROUP_BASEDN

Distinguished Name (DN) of the root node in LDAP from which to search for groups.

Example for Active Directory: cn=groups,dc=example,dc=org

No

ldap.group.request

LDAP_GROUP_REQUEST

LDAP group request.

Default value:(&(objectClass=groupOfUniqueNames)(uniqueMember={dn}))

Example for Active Directory: (&(objectClass=group)(member={dn}))

No

ldap.group.idAttribute

LDAP_GROUP_IDATTRIBUTE

Property used to specifiy the attribute to be used for returning the list of user groups in the compatibility mode.

Default value: cn

No

sonar.ce.javaOpts

SONAR_CE_JAVAOPTS

Is used to customize JVM options for the Compute Engine process by overriding all the existing options.

sonar.ce.javaAdditionalOpts

SONAR_CE_JAVAADDITIONALOPTS

Is used to customize JVM options for the Compute Engine process by adding them to the existing options.

Note: If this variable is used with SONAR_CE_JAVAOPTS, its content is appended to SONAR_CE_JAVAOPTS.

sonar.search.javaOpts

SONAR_SEARCH_JAVAOPTS

Is used to customize JVM options for the Elasticsearch process by overriding all the existing options.

sonar.search.javaAdditionalOpts

SONAR_SEARCH_JAVAADDITIONALOPTS

Is used to customize JVM options for the Elasticsearch process by adding them to the existing options.

Note: If this variable is used with SONAR_SEARCH_JAVAOPTS, its content is appended to SONAR_SEARCH_JAVAOPTS.

sonar.search.port

SONAR_SEARCH_PORT

Elasticsearch port. Use 0 to get a free port. As a security precaution, should be blocked by a firewall and not exposed to the Internet.

Default value: 9001

sonar.search.host

SONAR_SEARCH_HOST

Elasticsearch host. The search server will bind this address and the search client will connect to it. Default is loopback address. As a security precaution, should NOT be set to a publicly available address.

sonar.updatecenter.activate

SONAR_UPDATECENTER_ACTIVATE

Specifies whether the SonarQube’s Marketplace automatically searches for plugin updates.

Default value:true

sonar.http.proxyhost

HTTP_PROXYHOST

HTTP proxy host.

sonar.http.proxyport

HTTP_PROXYPORT

HTTP proxy port number.

sonar.https.proxyhost

HTTPS_PROXYHOST

HTTPS proxy host.

Default value: sonar.http.proxyhost or HTTP_PROXYHOST value, respectively.

sonar.https.proxyport

HTTPS_PROXYPORT

HTTPS proxy port number.

Default value: sonar.http.proxyport or HTTP_PROXYPORT value, respectively.

http.auth.ntlm.domain

HTTP_AUTH_NTLM_DOMAIN

NT domain name if NTLM proxy is used.

socksProxyHost

SOCKSPROXYHOST

SOCKS proxy port number.

socksProxyPort

SOCKSPROXYPORT

SOCKS proxy host.

sonar.http.proxyuser

HTTP_PROXYPASSWORD

Proxy authentication (used for HTTP, HTTPS and SOCKS proxies).

sonar.http.nonproxyhosts

HTTP_NONPROXYHOSTS

List of hosts that can be accessed without going through the proxy.

The list items are separated by the ‘|’ character. The wildcard character ‘*’ can be used for pattern matching used for HTTP and HTTPS.

Note: Localhost and its literal notations (e.g. 127.0.0.1) are always excluded.

sonar.log.level

SONAR_LOG_LEVEL

Global level of logs (applies to all 4 processes).

Possible values:INFO (default), DEBUG, and TRACE.

sonar.log.level.<process>

SONAR_LOG_LEVEL_<PROCESS>

where <process> can be:

• app: main process

• web: Web server process

• ce: Compute Engine process

• es: Elasticsearch process

Level of logs for each process. When specified, they overwrite the level defined at the global level.

Possible values: INFO, DEBUG, and TRACE

sonar.path.logs

SONAR_PATH_LOGS

Path to log files. Can be absolute or relative to the SonarQube home directory¹⁾.

Default value:/logs

sonar.log.rollingPolicy

SONAR_LOG_ROLLINGPOLICY

Rolling policy of log files (including the access log).

Possible values:

• time:<value>: the rolling policy is based on time. Example: by day (time:yyyy-MM-dd) or by month (time:yyyy-MM).

• size:<value>: the rolling policy is based on size. Example: size:10MB

• none: the rolling policy is disabled. Typically this would be used when logs are handled by an external system like logrotate.

Default value:time:yyyy-MM-dd

sonar.log.maxFiles

SONAR_LOG_MAXFILES

Maximum number of files to keep if a rolling policy is enabled.

The maximum value is:

• For a size rolling policy: 20.

• For a time rolling poilicy: unlimited.

Set to zero to disable old file purging.

sonar.log.jsonOutput

SONAR_LOG_JSONOUTPUT

Converts the log output to JSON.

Possible values: true or false.

sonar.web.accessLogs.enable

SONAR_WEB_ACCESSLOGS_ENABLE

Specifies whether the access log is enabled, i.e. whether HTTP requests received by the server are logged. If enabled, the list of requests is stored in the access.log file.

sonar.web.accessLogs.pattern

SONAR_WEB_ACCESSLOGS_PATTERN

If the access log is enabled, format of the access log.

Possible values:

• common : The Common Log Format, shortcut to: %h %l %u %user %date "%r" %s %b

• combined : Another format widely recognized, shortcut to: %h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}"

• custom pattern: see http://logback.qos.ch/manual/layouts.html#AccessPatternLayout.

Default value:%h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}" "%reqAttribute{ID}"

Notes:

• The login of an authenticated user is implemented with %reqAttribute{LOGIN}.

• The token name used for requests will be added to the access log if the %reqAttribute{TOKEN_NAME} is added.

• The SonarQube’s HTTP request ID is implemented with %reqAttribute{ID}.

sonar.aid.codefix.hidden

SONAR_AI_CODEFIX_HIDDEN

Disables the AI CodeFix feature¹⁾ completely in SonarQube Server and hides the feature from all users, including System Adminstrators.

Default value: false