10.5 | Analyzing source code | CI integration | Jenkins integration | Setting up Jenkins

Was this page helpful?

On this page

Start Free

Setting up Jenkins for SonarQube integration

This section explains how to set up Jenkins globally for the integration with SonarQube by using SonarQube extension for Jenkins. This extension is not mandatory but allows a centralized installation and setup of the scanner directly from Jenkins.

Proceed as follows:

  1. Install the SonarQube extension for Jenkins.
  2. Install the SonarScanner from Jenkins.
  3. If you have the Developer Edition of SonarQube or higher:  set up the multi-branch features.

These steps are explained below.

Installing the SonarQube extension for Jenkins

SonarQube extension for Jenkins version 2.11 or later is required.

Proceed as follows:

  1. From the Jenkins Dashboard, navigate to Manage Jenkins > Manage Plugins and install the SonarQube Scanner plugin.
  2. Back at the Jenkins Dashboard, navigate to Credentials > System from the left navigation.
  3. Click the Global credentials (unrestricted) link in the System table.
  4. Click Add credentials in the left navigation and add the following information:
    • Kind: Secret Text
    • Scope: Global
    • Secret: Generate a token at User > My Account > Security in SonarQube, and copy and paste it here.
  5. Click OK.
  6. From the Jenkins Dashboard, navigate to Manage Jenkins > Configure System.
  7. From the SonarQube Servers section, click Add SonarQube. Add the following information:
    • Name: Give a unique name to your SonarQube instance.
    • Server URL: Your SonarQube instance URL.
    • Credentials: Select the credentials created during step 4.
  8. Click Save

Installing the SonarScanner instance(s)

From Jenkins, install and configure the SonarScanner instance(s). This step depends on the project type.

  1. Log into Jenkins as an administrator and go to Manage Jenkins > Configure System.
  2. Scroll to the SonarQube servers section and check Enable injection of SonarQube server configuration as build environment variables.

This step is mandatory if you want to trigger any of your analyses with the SonarScanner for .NET. You can define as many scanner instances as you wish. Then for each Jenkins job, you will be able to choose which launcher to use to run the analysis.

To install and configure the scanner instances:

  1. Log into Jenkins as an administrator and go to Manage Jenkins > Global Tool Configuration.
  2. Click on Add SonarScanner for MSBuild.
  3. Add an installation of the latest available version. Check Install automatically to have the SonarScanner for .NET automatically provisioned on your Jenkins executors.
    If you do not see any available version under Install from GitHub, first go to Manage Jenkins > Manage Plugins > Advanced and click on Check now.

This step is mandatory if you want to trigger any of your SonarQube analyses with the SonarScanner CLI. You can define as many scanner instances as you wish. Then, for each Jenkins job, you will be able to choose which launcher to use to run the analysis.

To install and configure the scanner instances:

  1. Log into Jenkins as an administrator and go to Manage Jenkins > Global Tool Configuration.
  2. Scroll down to the SonarScanner configuration section and click on Add SonarScanner. It is based on the typical Jenkins tool auto-installation. You can either choose to point to an already installed version of SonarScanner CLI (uncheck Install automatically) or tell Jenkins to grab the installer from a remote location (check Install automatically).
    If you don't see a drop-down list with all available SonarScanner CLI versions but instead see an empty text field then this is because Jenkins still hasn't downloaded the required update center file (default period is 1 day). You may force this refresh by clicking the Check Now button in Manage Plugins > Advanced tab.

Setting up the multi-branch features

From SonarQube Developer Edition, you can use multi-branch features.

To be able to analyze Jenkins Multibranch Pipeline jobs, you must:

  1. On your CI host, install the Branch Source plugin for Jenkins corresponding to your DevOps platform.

Bitbucket Branch Source plugin version 2.7 or later is required

From the Jenkins Dashboard, navigate to Manage Jenkins > Manage Plugins and install the Bitbucket Branch Source plugin. Then configure the following:

  1. From the Jenkins Dashboard, navigate to Manage Jenkins > Configure System.
  2. From the Bitbucket Endpoints section, Click the Add drop-down menu and select Bitbucket Server. Add the following information:
    • Name: Give a unique name to your Bitbucket Server instance.
    • Server URL: Your Bitbucket Server instance URL.
  3. Click Save.

Bitbucket Branch Source plugin version 2.7 or later is required

From the Jenkins Dashboard, navigate to Manage Jenkins > Manage Plugins and install the Bitbucket Branch Source plugin.

GitHub Branch Source plugin version 2.7.1 or later is required

  1. From the Jenkins Dashboard, navigate to Manage Jenkins > Manage Plugins and install the GitHub Branch Source plugin.
  2. From the Jenkins Dashboard, navigate to Manage Jenkins > Configure System.
  3. From the GitHub or GitHub Enterprise Servers section, add your GitHub server.
  4. Click Save.

GitLab Branch Source plugin version 1.5.3 or later is required

  1. From the Jenkins Dashboard, navigate to Manage Jenkins > Manage Plugins and install the GitLab Branch Source plugin.
  2. From the Jenkins Dashboard, navigate to Manage Jenkins > Configure System.
  3. From the GitLab section, add your GitLab server. Make sure to check the Manage Web Hooks checkbox.
  4. Click Save.

      2. Check the prerequisites and perform the global setup for Pull request analysis and Branch analysis.

Other settings

If applicable, configure webhook(s) at global level to be used for pipeline jobs to set up an automatic interruption of the pipeline in case the quality gate fails.

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License