DescriptionSonarQube is an open-source tool suite to measure and analyze the quality of source code. It focuses on the following code quality areas, which are referred to as the “7 axes of code quality”: comments, architecture and design, duplication, coding rules, potential bugs, unit tests, and complexity. The SonarQube plugin uses webhooks to retrieve data from SonarQube and the results are displayed on HCL Accelerate dashboard.
Uploaded: 31-Mar-2022 06:22
docker pull hclcr.io/accelerate/ucv-ext-sonarqube:1.0.65
Uploaded: 31-Jan-2022 08:26
docker pull hclcr.io/accelerate/ucv-ext-sonarqube:1.0.50
Uploaded: 14-Jun-2021 10:22
docker pull hclcr.io/accelerate/ucv-ext-sonarqube:1.0.42
Uploaded: 08-Feb-2021 07:43
docker pull hclcr.io/accelerate/ucv-ext-sonarqube:1.0.34
HCL Accelerate elevates the value of code quality data by providing a rich context for visibility, analysis, and results. SonarQube metrics used by HCL Accelerate include bugs, code smells, and security vulnerabilities. From an operational perspective, continuous integration often relies on quality gates to keep code quality high. HCL Accelerate is designed for operational value as well.
SonarQube integrates with HCL Accelerate by targeting an integration endpoint URL with a webhook. SonarQube will then notify that endpoint to retrieve data whenever a project analysis finishes. The following diagram shows the flow between SonarQube and HCL Accelerate.
The following table describes the changes made in each plugin version.
|1.0.50||User Access Key Related Changes.|
To use the SonarQube plugin, the plugin must be loaded and an instance created before you can configure the plugin integration. You define configuration properties in the user interface or in a JSON file. To invoke the plugin, you must send an HTTP Post to request the plugin endpoint.
The SonarQube plugin supports endpoint integration which are listed in the following table.
There are two methods to integrate the plugin:
- Using the user interface
- Using a JSON file
Using the user interface
- From the Plugins page, click Settings > Integrations > Plugins.
- Under the Action column for the plugin, click Add Integration.
- On the Add Integration page enter values for the fields used to configure the integration and define communication.
- Click Save.
Using a JSON file
The JSON file contains the information for creating a value stream and integrating with the IBM Engineering WorkFlow Management (EWM) server. The following table describes the information for the creating a HCL Accelerate value stream map.
- Download the value stream map. The value stream map is a JSON file used to define integrations.
- Edit the JSON file to include the plugin configuration properties.
- Save and upload the JSON file. This replaces the current JSON file with the new content.
- View the new integration on the Integrations page.
Creating the SonarQube Webhook
The SonarQube webhook must target the HCL Accelerate integration’s endpoint URL which has two variables:
- the hostName:port for HCL Accelerate, as well as the integration ID. This means that the HCL Accelerate integration
must always be setup first and that the integration ID is known before we can provide the webhook URL. Once the
endpoint URL is constructed, it is simply a matter of creating a webhook in SonarQube with that URL. For
information on creating the webhook, see the SonarQube Webhooks documentation. In general, you will need administrative
permissions and can add two types of webhooks within SonarQube:
- Project scoped webhooks
- Globally scoped webhooks
What you have available will depend on your version of SonarQube but it is good to be aware that a global webhook
will send data for all projects, while a project scoped webhook will only send data for the specific project to
which it belongs. Also, in general, SonarQube limits its number of webhooks at both the project and global levels.
For proper functioning of SonarQube Webhook using SSL, you must add the SSL of SonarQube and JKD to the JDK keystore.
The following is the sample command to add the SSL:
sudo keytool -import -v -trustcacerts -alias sonarqube -file ~user/STAR_hcldevops_com.crt -keystore /usr/lib/jvm/jdk-11/lib/security/cacerts -noprompt -storepass changeit
Run the command in the system where SonarQube and JDK is installed
The following tables describe the properties used to configure the integration. Each table contains the field name when using the user interface and the property name when using a JSON file.
- The General Configuration Properties table describes configuration properties used by all plugin integrations.
- The SonarQube Configuration Properties table describes the configuration properties that define the connection and communications with the SonarQube server. When using the JSON method to integrate the plugin these properties are coded within the
Not all configuration properties are initially displayed in the user interface, to see all properties enable the Hidden field.
|NA||The version of the plugin that you want to use. To view available versions, click the Version History tab. If a value is not specified, the version named latest is used.||No||image|
|Integration Name||An assigned name to the value stream.||Yes||name|
|Logging Level||The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace.||No||loggingLevel|
|NA||List of plugin configuration properties used to connect and communicate with the SonarQube server. Enclose the properties within braces.||Yes||properties|
|The name of the tenant.||Yes||tenant_id|
|NA||Unique identifier assigned to the plugin. The value for the SonarQube plugin is
|HCL Accelerate Hostname||String||The HCL Accelerate hostname including the port if applicable. For example: AccelerateHost:9000.||API only|
|HCL Accelerate Access Key||Secure||The access key used to authenticate to HCL Accelerate. You can use a previously generated key or generate a new key.||Yes|
|Integration Name||String||A name used to reference the integration.||Yes|
|SonarQube Auth Token||Secure||The SonarQube authentication token. You can use a previously generated token or generate a new token in SonarQube.||Yes|
|SonarQube URL||String||The base URL of the SonarQube server including the port number. For example: https://sonarQubeHost:9000.||Yes|