Skip to content

cloudbees-io/sonarqube-sast-scan-code

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
CODEOWNERS
CODEOWNERS
 
 
LICENSE.txt
LICENSE.txt
 
 
README.adoc
README.adoc
 
 
action.yml
action.yml
 
 

Repository files navigation

CloudBees action: Scan with SonarQube

If you already are running a centralized SonarQube instance, use this action to scan a Git repository with the SonarQube static analysis scanner. The data collected from the scans is available in your SonarQube reports, and the results are also displayed in the CloudBees platform analytics dashboards.

Note
 If you do not have SonarQube already installed, use the Scan with SonarQube bundled action instead.

Prerequisites

To use the Scan with SonarQube action, you must declare all metadata in the file sonar-project.properties in the base directory of your SonarQube Server instance. You must include the location of the sources to be scanned in this metadata.

In the following sonar-project.properties file example, the location of the sources to be analyzed is src.

sonar.projectKey=example:project
sonar.projectName=My Project
sonar.projectVersion=1.0

sonar.sources=src
sonar.tests=src/tests
sonar.sourceEncoding=UTF-8

For more information, refer to the SonarQube analysis scope documentation.

Inputs

Table 1. Input details
Input name Data type Required? Description

server-url

String

Yes

The SonarQube server URL.

access-token

String

Required if username and password are not specified.

The SonarQube access token.

username

String

Required if access-token is not specified.

The SonarQube username.

password

String

Required if access-token is not specified.

The SonarQube password.

language

String

No

The language of your Git repository code base. Refer to the supported languages below.

Supported languages

Table 2. Supported languages with inputs
Supported language Input format

Go

LANGUAGE_GO

Java

LANGUAGE_JAVA

JavaScript

LANGUAGE_JS

PHP

LANGUAGE_PHP

Python

LANGUAGE_PYTHON

Usage examples

In the following example, a Sonarqube access token is used for authentication:

      - name: Scan with SonarQube with a token
        uses: https://github.com/cloudbees-io/sonarqube-sast-scan-code@v1
        with:
          server-url: ${{ vars.SONARQUBE_SERVER_URL }}
          access-token: ${{ secrets.SONARQUBE_USER_TOKEN }}
          language: "LANGUAGE_JAVA"

In the following example, username and password credentials are used for authentication:

      - name: Scan with SonarQube with a password
        uses: https://github.com/cloudbees-io/sonarqube-sast-scan-code@v1
        with:
          server-url: ${{ vars.SONARQUBE_SERVER_URL }}
          username: ${{ secrets.SONARQUBE_USERNAME }}
          password: ${{ secrets.SONARQUBE_PASSWORD }}
          language: "LANGUAGE_GO"

License

This code is made available under the MIT license.

References

About

No description or website provided.

Topics

cb-actions

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases 9

v1 Latest
Oct 1, 2025
+ 8 releases

Packages

 
 
 

Contributors