Filters

CLEAR ALL

Search Results ()

Filter Icon

Search Results ()

    All Plugins (171)

    Filter Icon

    Quick Info

    Product icon
    Product
    DevOps Velocity (HCL Accelerate)
    Plugin type icon
    Type
    plugin
    Compatibility icon
    Compatibility
    HCL Accelerate version 2.0 or later
    created by icon
    Created by
    HCL Software
    Website icon
    Website
    Published Date
    March 9th, 2021
    Last Updated
    May 18th, 2023

    Description

    SonarQube is an open-source tool suite to measure and analyze the quality of source code. It focuses on the following code quality areas, which are referred to as the “7 axes of code quality”: comments, architecture and design, duplication, coding rules, potential bugs, unit tests, and complexity. The SonarQube plugin uses webhooks to retrieve data from SonarQube and the results are displayed on HCL Accelerate dashboard.

    Quick Info

    Product icon
    Product
    DevOps Velocity (HCL Accelerate)
    Plugin type icon
    Type
    plugin
    Compatibility icon
    Compatibility
    HCL Accelerate version 2.0 or later
    created by icon
    Created by
    HCL Software
    Website icon
    Website
    Published Date
    March 9th, 2021
    Last Updated
    May 18th, 2023

    ucv-ext-sonarqube:1.0.65.tar

    Uploaded: 31-Mar-2022 06:22

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-sonarqube:1.0.65

    Release Notes

  • Reduced Vulnerabilities
  • ucv-ext-sonarqube:1.0.50.tar

    Uploaded: 31-Jan-2022 08:26

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-sonarqube:1.0.50

    Release Notes

  • User Access Key Related Changes
  • ucv-ext-sonarqube:1.0.42.tar

    Uploaded: 14-Jun-2021 10:22

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-sonarqube:1.0.42

    Release Notes

  • Removed IBM related keywords
  • ucv-ext-sonarqube:1.0.34.tar

    Uploaded: 08-Feb-2021 07:43

    Pull Command

    docker pull hclcr.io/accelerate/ucv-ext-sonarqube:1.0.34

    Release Notes

  • Enhance security for property value
  • Summary

    HCL Accelerate elevates the value of code quality data by providing a rich context for visibility, analysis, and results. SonarQube metrics used by HCL Accelerate include bugs, code smells, and security vulnerabilities. From an operational perspective, continuous integration often relies on quality gates to keep code quality high. HCL Accelerate is designed for operational value as well.

    SonarQube integrates with HCL Accelerate by targeting an integration endpoint URL with a webhook. SonarQube will then notify that endpoint to retrieve data whenever a project analysis finishes. The following diagram shows the flow between SonarQube and HCL Accelerate.

    History

    The following table describes the changes made in each plugin version.

    Plugin history details
    Version Description
    1.0.65 Reduced Vulnerabilities.
    1.0.50 User Access Key Related Changes.
    1.0.42 Minor enhancements
    1.0.34 Minor enhancements

    Usage

    To use the SonarQube plugin, the plugin must be loaded and an instance created before you can configure the plugin integration. You define configuration properties in the user interface or in a JSON file. To invoke the plugin, you must send an HTTP Post to request the plugin endpoint.

    Integration Type

    The SonarQube plugin supports endpoint integration which are listed in the following table.

    Endpoints
    Name Path Method
    SonarQube Callback https://accelerate_hostname/reporting-consumer/pluginEndpoint/integration_id/sonarqube/callback Post

    Integration

    There are two methods to integrate the plugin:

    • Using the user interface
    • Using a JSON file

    Using the user interface

    1. From the Plugins page, click Settings > Integrations > Plugins.
    2. Under the Action column for the plugin, click Add Integration.
    3. On the Add Integration page enter values for the fields used to configure the integration and define communication.
    4. Click Save.

    Using a JSON file

    The JSON file contains the information for creating a value stream and integrating with the IBM Engineering WorkFlow Management (EWM) server. The following table describes the information for the creating a HCL Accelerate value stream map.

    1. Download the value stream map. The value stream map is a JSON file used to define integrations.
    2. Edit the JSON file to include the plugin configuration properties.
    3. Save and upload the JSON file. This replaces the current JSON file with the new content.
    4. View the new integration on the Integrations page.

    Creating the SonarQube Webhook

    The SonarQube webhook must target the HCL Accelerate integration’s endpoint URL which has two variables:

    • the hostName:port for HCL Accelerate, as well as the integration ID. This means that the HCL Accelerate integration
      must always be setup first and that the integration ID is known before we can provide the webhook URL. Once the
      endpoint URL is constructed, it is simply a matter of creating a webhook in SonarQube with that URL. For
      information on creating the webhook, see the SonarQube Webhooks documentation. In general, you will need administrative
      permissions and can add two types of webhooks within SonarQube:

      1. Project scoped webhooks
      2. Globally scoped webhooks

      What you have available will depend on your version of SonarQube but it is good to be aware that a global webhook
      will send data for all projects, while a project scoped webhook will only send data for the specific project to
      which it belongs. Also, in general, SonarQube limits its number of webhooks at both the project and global levels.

    For proper functioning of SonarQube Webhook using SSL, you must add the SSL of SonarQube and JKD to the JDK keystore.
    The following is the sample command to add the SSL:

    sudo keytool -import -v -trustcacerts -alias sonarqube -file ~user/STAR_hcldevops_com.crt -keystore /usr/lib/jvm/jdk-11/lib/security/cacerts -noprompt -storepass changeit

    Run the command in the system where SonarQube and JDK is installed

    Configuration Properties

    The following tables describe the properties used to configure the integration. Each table contains the field name when using the user interface and the property name when using a JSON file.

    • The General Configuration Properties table describes configuration properties used by all plugin integrations.
    • The SonarQube Configuration Properties table describes the configuration properties that define the connection and communications with the SonarQube server. When using the JSON method to integrate the plugin these properties are coded within the properties configuration property.

    Not all configuration properties are initially displayed in the user interface, to see all properties enable the Hidden field.

    General Configuration properties
    Name Description Required Property Name
    NA The version of the plugin that you want to use. To view available versions, click the Version History tab. If a value is not specified, the version named latest is used. No image
    Integration Name An assigned name to the value stream. Yes name
    Logging Level The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. No loggingLevel
    NA List of plugin configuration properties used to connect and communicate with the SonarQube server. Enclose the properties within braces. Yes properties
    The name of the tenant. Yes tenant_id
    NA Unique identifier assigned to the plugin. The value for the SonarQube plugin is ucv-ext-sonarqube. Yes type
    SonarQube Configuration Properties
    Name Type Description Required
    HCL Accelerate Hostname String The HCL Accelerate hostname including the port if applicable. For example: AccelerateHost:9000. API only
    HCL Accelerate Access Key Secure The access key used to authenticate to HCL Accelerate. You can use a previously generated key or generate a new key. Yes
    Integration Name String A name used to reference the integration. Yes
    SonarQube Auth Token Secure The SonarQube authentication token. You can use a previously generated token or generate a new token in SonarQube. Yes
    SonarQube URL String The base URL of the SonarQube server including the port number. For example: https://sonarQubeHost:9000. Yes