sonar.multi-quality-mode.enabled
SONAR\_MULTI\_QUALITY\_MODE\_ENABLED
|Enables the Multi-Quality Rule (MQR) Mode¹⁾ in your instance.
Possible values:true or false.
sonar.path.data
SONAR\_PATH\_DATA
| Path to the directory used by SonarQube to store persistent data file. The path can be absolute or relative to the SonarQube home directory²⁾. | |sonar.path.temp
SONAR\_PATH\_TEMP
| Path to the directory used by SonarQube to store temporary files. The path can be absolute or relative to the SonarQube home directory²⁾. | |sonar.notifications.delay
SONAR\_NOTIFICATIONS\_DELAY
|Delay in seconds between processing of notification queue.
Default value:60
sonar.telemetry.enable
SONAR\_TELEMETRY\_ENABLE
|Enables Telemetry³⁾. By sharing anonymous SonarQube statistics, you help us understand how SonarQube is used so we can improve the product to work even better for you. We don’t collect source code or IP addresses. And we don’t share the data with anyone else.
Default value:true
Path to the file containing the key used to encrypt4⁾ sensitive system properties in the UI or in sonar.properties.
Warning: The slashes have to be escaped.
Default value: ${user.home}/.sonar/sonar-secret.txt
where user.home refers to the user directory.
For example, if using the default value, sonar-secret.text may be stored in C:\Users\User1.sonar or, if the service is registered and runs as the local system, in C:\Windows\System32\Config\systemprofile.sonar
| System property (sonar property and ENVIRONMENT_VARIABLE) | Description |
|---|---|
sonar.jdbc.username SONAR_JDBC_USERNAME | JDBC user name. |
sonar.jdbc.password SONAR_JDBC_PASSWORD | JDBC user password. |
sonar.jdbc.url SONAR_JDBC_URL | Database connection string. Oracle: • Default value: jdbc:oracle:thin:@localhost:1521/XE PostgreSQL: • Default value: jdbc:postgresql://localhost/sonarqube • By default the schema named public is used. It can be overridden with the parameter currentSchema: jdbc:postgresql://localhost/sonarqube?currentSchema=my_schema Microsoft SQL Server: • Default value: jdbc:sqlserver://localhost;databaseName=sonar;integratedSecurity=true • If you’re using the Integrated Security, don’t use the sonar.jdbc.username and sonar.jdbc.password properties. • If you want to use SQL Auth while connecting to MS SQL Server, use the value jdbc:sqlserver://localhost;databaseName=sonar and set the SONAR_JDBC_USERNAME and SONAR_JDBC_PASSWORD appropriately. |
sonar.embeddeddatabase.port SONAR_EMBEDDEDDATABASE_PORT | H2 embedded database server listening port. Default value: 9092 |
sonar.jdbc.maxActive
SONAR\_JDBC\_MAXACTIVE
|The maximum number of active connections that can be allocated at the same time, or negative for no limit. The recommended value is 1.2 \* max sizes of HTTP pools. For example, if HTTP ports are enabled with default sizes (50, see property sonar.web.http.maxThreads) then sonar.jdbc.maxActive should be 1.2 \* 50 = 60.
Default value: 60
| |sonar.jdbc.maxIdle
SONAR\_JDBC\_MAXIDLE
|The maximum number of connections that can remain idle in the pool, without extra ones being released, or negative for no limit.
Default value: 5
| |sonar.jdbc.minIdle
SONAR\_JDBC\_MINIDLE
|The minimum number of connections that can remain idle in the pool, without extra ones being created, or zero to create none.
Default value: 2
| |sonar.jdbc.maxWait
SONAR\_JDBC\_MAXWAIT
|The maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception, or <= 0 to wait indefinitely.
Default value: 5000
|sonar.web.javaOpts
SONAR\_WEB\_JAVAOPTS
| Is used to customize JVM options for the Web server process by overriding all the existing options. | |sonar.web.javaAdditionalOpts
SONAR\_WEB\_JAVAADDITIONALOPTS
|Is used to customize JVM options for the Web server process by adding them to the existing options.
Note: If this variable is used with SONAR\_WEB\_JAVAOPTS, its content is appended to SONAR\_WEB\_JAVAOPTS.
|sonar.web.host
SONAR\_WEB\_HOST
|For servers with more than one IP address, this property specifies which address will be used for listening on the specified ports.
Default value: 0.0.0.0 (ports will be used on all IP addresses associated with the server)
sonar.web.port
SONAR\_WEB\_PORT
|TCP port for incoming HTTP connections.
Default value: 9000
sonar.web.context
SONAR\_WEB\_CONTEXT
|Web context specifying the path at which to serve SonarQube. For example, with sonar.web.port=9000 and sonar.web.context=/sonarqube, you will access the web interface at
Example: /sonarqube (must start with a forward slash)
Default value: empty (root context)
|sonar.web.http.maxThreads
SONAR\_WEB\_HTTP\_MAXTHREADS
|The maximum number of connections that the server will accept and process at any given time. When this number has been reached, the server will not accept any more connections until the number of connections falls below this value. The operating system may still accept connections based on the sonar.web.connections.acceptCount property.
Default value: 50
| |sonar.web.http.minThreads
SONAR\_WEB\_HTTP\_MINTHREADS
|The minimum number of threads always kept running.
Default value: 5
| |sonar.web.http.acceptCount
SONAR\_WEB\_HTTP\_ACCEPTCOUNT
|The maximum queue length for incoming connection requests when all possible request processing threads are in use. Any requests received when the queue is full will be refused.
Default value: 25
| |sonar.web.http.keepAliveTimeout
SONAR\_WEB\_HTTP\_KEEPALIVETIMEOUT
|The number of milliseconds this Connector will wait for another HTTP request before closing the connection. Use a value of -1 to indicate no (i.e. infinite) timeout.
Default value: 60000 (ms)
|sonar.auth.jwtBase64hs256secret
SONAR\_AUTH\_JWTBASE64HS256SECRET
| By default, users are logged out and sessions closed when server is restarted. If you prefer keeping user sessions open, a secret should be defined. Value is HS256 key encoded with base64¹⁾. It must be unique for each installation of SonarQube. | |sonar.web.sessionTimeoutInMinutes
SONAR\_WEB\_SESSIONTIMEOUTINMINUTES
|Inactive session timeout (in minutes). The maximum time a user can remain idle (no activity) before the session ends. If the user does not interact with the system within this time, they are logged out.
Default value: 4320 (3 days)
Minimum value: 6
Maximum value: 129 600 (90 days)
sonar.web.activeSessionTimeoutInMinutes
This property is supported starting in SonarQube Server’s Enterprise dition.
Active session timeout (in minutes). The maximum time a user can remain logged in, regardless of activity. After this time, the session ends automatically even if the user is actively using the system.
Default value: 129 600 (90 days)
Minimum value:15
Maximum value: 129 600 (90 days)
sonar.web.systemPassCode
SONAR\_WEB\_SYSTEMPASSCODE
|A passcode can be defined to access some web services from monitoring tools without having to use the credentials of a system administrator. Check the Web API documentation to know which web services are supporting this authentication mode. The passcode should be provided in HTTP requests with the header "X-Sonar-Passcode"¹⁾.
By default, feature is disabled.
sonar.web.sso.enable
SONAR\_WEB\_SSO\_ENABLE
|Enable authentication using HTTP headers.
Default value: false
sonar.web.sso.loginheader
SONAR\_WEB\_SSO\_LOGINHEADER
|The name of the header to get the user login. Only alphanumeric, ‘.’ and ‘@’ characters are allowed.
Default value: X-Forwarded-Login
sonar.web.sso.nameheader
SONAR\_WEB\_SSO\_NAMEHEADER
|The name of the header to get the user name.
Default value: X-Forwarded-Name
sonar.web.sso.emailheader
SONAR\_WEB\_SSO\_EMAILHEADER
|The name of the header to get the user email (optional)
Default value: X-Forwarded-Email
sonar.web.sso.groupsheader
SONAR\_WEB\_SSO\_GROUPSHEADER
|The name of the header to get the list of user groups, separated by comma (optional). If this property is set, the user will belong to those groups if groups exist in SonarQube. If none of the provided groups exists in SonarQube, the user will only belong to the default group. Note that the default group will always be set.
Default value: X-Forwarded-Groups
sonar.web.sso.refreshintervalinminutes
SONAR\_WEB\_SSO\_REFRESHINTERVALINMINUTES
|The interval used to know when to refresh name, email, and groups. During this interval, if for instance the name of the user is changed in the header, it will only be updated after X minutes.
Default value: 5
| System property (sonar property and ENVIRONMENT_VARIABLE) | Description | Required |
|---|---|---|
sonar.security.realm SONAR_SECURITY_REALM | Enables the LDAP feature. If set to Possible value: | Yes |
sonar.authenticator.downcase SONAR_AUTHENTICATOR_DOWNCASE | Is intended to be set to Default value: | No |
ldap.url LDAP_URL | URL of the LDAP server. If you are using ldaps, you should install the server certificate into the Java truststore. Example: | Yes |
ldap.bindDn LDAP_BINDDN | The username of an LDAP user to connect (or bind) with. Leave this blank for anonymous access to the LDAP directory. Example: | No |
ldap.bindPassword LDAP_BINDPASSWORD | The password of the user to connect with. Leave this blank for anonymous access to the LDAP directory. Example: | No |
ldap.authentication LDAP_AUTHENTICATION | Possible values: Possible values: | No |
ldap.realm LDAP_REALM | See Digest-MD5 Authentication, CRAM-MD5 Authentication Example: | No |
ldap.contextFactoryClass LDAP_CONTEXTFACTORYCLASS | Context factory class. Default value: | No |
ldap.StartTLS LDAP_STARTTLS | Enables the use of Default value: | No |
ldap.followReferrals LDAP_FOLLOWREFERRALS | Follow referrals or not. See Referrals in the JNDI Default value: | |
| ldap.saslQop | Quality of protection request. Example: | No |
| ldap.saslStrength | Cryptographic protection request. Example: | No |
| ldap.saslMaxbuf | Maximum receive buffer size. | No |
| System property (sonar property and ENVIRONMENT_VARIABLE) | Description | Required |
|---|---|---|
ldap.user.baseDn LDAP_USER_BASEDN | Distinguished Name (DN) of the root node in LDAP from which to search for users. Example for Active Directory: | Yes |
ldap.user.request LDAP_USER_REQUEST | LDAP user request. Default value: Example for Active Directory: | No |
ldap.user.realNameAttribute LDAP_USER_REALNAMEATTRIBUTE | Attribute in LDAP defining the user’s real name. Default value: | No |
ldap.user.emailAttribute LDAP_USER_EMAILATTRIBUTE | Attribute in LDAP defining the user’s email. Default value: | No |
| System property (sonar property and ENVIRONMENT_VARIABLE) | Description | Required |
|---|---|---|
ldap.group.baseDn LDAP_GROUP_BASEDN | Distinguished Name (DN) of the root node in LDAP from which to search for groups. Example for Active Directory: | No |
ldap.group.request LDAP_GROUP_REQUEST | LDAP group request. Default value: Example for Active Directory: | No |
ldap.group.idAttribute LDAP_GROUP_IDATTRIBUTE | Property used to specifiy the attribute to be used for returning the list of user groups in the compatibility mode. Default value: | No |
| System property (sonar property and ENVIRONMENT_VARIABLE) | Description |
|---|---|
sonar.ce.javaOpts SONAR_CE_JAVAOPTS | Is used to customize JVM options for the Compute Engine process by overriding all the existing options. |
sonar.ce.javaAdditionalOpts SONAR_CE_JAVAADDITIONALOPTS | Is used to customize JVM options for the Compute Engine process by adding them to the existing options. Note: If this variable is used with SONAR_CE_JAVAOPTS, its content is appended to SONAR_CE_JAVAOPTS. |
| System property (sonar property and ENVIRONMENT_VARIABLE) | Description |
|---|---|
sonar.search.javaOpts SONAR_SEARCH_JAVAOPTS | Is used to customize JVM options for the Elasticsearch process by overriding all the existing options. |
sonar.search.javaAdditionalOpts SONAR_SEARCH_JAVAADDITIONALOPTS | Is used to customize JVM options for the Elasticsearch process by adding them to the existing options. Note: If this variable is used with SONAR_SEARCH_JAVAOPTS, its content is appended to SONAR_SEARCH_JAVAOPTS. |
sonar.search.port SONAR_SEARCH_PORT | Elasticsearch port. Use 0 to get a free port. As a security precaution, should be blocked by a firewall and not exposed to the Internet. Default value: 9001 |
sonar.search.host SONAR_SEARCH_HOST | Elasticsearch host. The search server will bind this address and the search client will connect to it. Default is loopback address. As a security precaution, should NOT be set to a publicly available address. |
| System property (sonar property and ENVIRONMENT_VARIABLE) | Description |
|---|---|
sonar.updatecenter.activate SONAR_UPDATECENTER_ACTIVATE | Specifies whether the SonarQube’s Marketplace automatically searches for plugin updates. Default value: |
http.proxyHost HTTP_PROXYHOST | HTTP proxy host. |
http.proxyPort HTTP_PROXYPORT | HTTP proxy port number. |
https.proxyHost HTTPS_PROXYHOST | HTTPS proxy host. Default value: sonar.http.proxyhost or HTTP_PROXYHOST value, respectively. |
https.proxyPort HTTPS_PROXYPORT | HTTPS proxy port number. Default value: sonar.http.proxyport or HTTP_PROXYPORT value, respectively. |
http.auth.ntlm.domain HTTP_AUTH_NTLM_DOMAIN | NT domain name if NTLM proxy is used. |
socksProxyHost SOCKSPROXYHOST | SOCKS proxy port number. |
socksProxyPort SOCKSPROXYPORT | SOCKS proxy host. |
sonar.http.proxyUser HTTP_PROXYUSER | Proxy authentication (used for HTTP, HTTPS and SOCKS proxies). |
sonar.http.proxyPassword HTTP_PROXYPASSWORD | Proxy authentication (used for HTTP, HTTPS and SOCKS proxies). |
sonar.http.nonProxyHosts HTTP_NONPROXYHOSTS | List of hosts that can be accessed without going through the proxy. The list items are separated by the ‘|’ character. The wildcard character ‘*’ can be used for pattern matching used for HTTP and HTTPS. Note: Localhost and its literal notations (e.g. |
sonar.log.level
SONAR\_LOG\_LEVEL
|Global level of logs (applies to all 4 processes).
Possible values:INFO (default), DEBUG, and TRACE.
sonar.log.level.\
SONAR\_LOG\_LEVEL\_\
where \
• app: main process
• web: Web server process
• ce: Compute Engine process
• es: Elasticsearch process
|Level of logs for each process. When specified, they overwrite the level defined at the global level.
Possible values: INFO, DEBUG, and TRACE
sonar.path.logs
SONAR\_PATH\_LOGS
|Path to log files. Can be absolute or relative to the SonarQube home directory¹⁾.
Default value:/logs
sonar.log.rollingPolicy
SONAR\_LOG\_ROLLINGPOLICY
|Rolling policy of log files (including the access log).
Possible values:
• time:\
• size:\
• none: the rolling policy is disabled. Typically this would be used when logs are handled by an external system like logrotate.
Default value:time:yyyy-MM-dd
sonar.log.maxFiles
SONAR\_LOG\_MAXFILES
|Maximum number of files to keep if a rolling policy is enabled.
The maximum value is:
• For a size rolling policy: 20.
• For a time rolling poilicy: unlimited.
Set to zero to disable old file purging.
| |sonar.log.jsonOutput
SONAR\_LOG\_JSONOUTPUT
|Converts the log output to JSON.
Possible values: true or false.
sonar.web.accessLogs.enable
SONAR\_WEB\_ACCESSLOGS\_ENABLE
| Specifies whether the access log is enabled, i.e. whether HTTP requests received by the server are logged. If enabled, the list of requests is stored in the `access.log` file. | |sonar.web.accessLogs.pattern
SONAR\_WEB\_ACCESSLOGS\_PATTERN
|If the access log is enabled, format of the access log.
Possible values:
• common : The Common Log Format, shortcut to: %h %l %u %user %date "%r" %s %b
• combined : Another format widely recognized, shortcut to: %h %l %u \[%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}"
• custom pattern: see
Default value:%h %l %u \[%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}" "%reqAttribute{ID}"
Notes:
• The login of an authenticated user is implemented with %reqAttribute{LOGIN}.
• The token name used for requests will be added to the access log if the %reqAttribute{TOKEN\_NAME} is added.
• The SonarQube’s HTTP request ID is implemented with %reqAttribute{ID}.
| 1\) The SonarQube home directory is: the location where the SonarQbue distribution has been unzipped (for a ZIP installation); the installation directory of SonarQube within your container (for a Docker installation).| System property (sonar property and ENVIRONMENT_VARIABLE) | Description |
|---|---|
sonar.ai.codefix.hidden SONAR_AI_CODEFIX_HIDDEN | Disables the AI CodeFix feature¹ completely in SonarQube Server and hides the feature from all users, including System Adminstrators. Default value: |
sonar.enforceAzureOpenAiDomainValidation SONAR_ENFORCEAZUREOPENAIDOMAINVALIDATION | Ensures that configured Azure OpenAI endpoints strictly end with .openai.azure.com for enhanced security and authenticity. Disabling this setting can expose the instance to security risks by allowing connections to potentially unauthorized services. |
sonar.issues.sandbox.enabled
SONAR\_ISSUES\_SANDBOX\_ENABLED
Enables the feature in the instance.
Default value: false.
sonar.issues.sandbox.software-qualities
SONAR\_ISSUES\_SANDBOX\_SOFTWARE\_QUALITIES
Defines the Sandbox conditions.
Example: \[{"softwareQuality":"MAINTAINABILITY","impactSeverities":\["LOW","INFO"]}]
Note: You must use the parameter's MQR mode format even if your instance is in the Standard Experience mode (SonarQube Server will automatically transpose the value). For more details about the instance modes, see instance-mode.
| |sonar.issues.sandbox.override.enabled
SONAR\_ISSUES\_SANDBOX\_OVERRIDE\_ENABLED
sonar.issues.sandbox.default
SONAR\_ISSUES\_SANDBOX\_DEFAULT
Sets the default status (On or Off) of the Sandbox feature for projects (the project admins can change it):