SonarQube is the leading "Continuous Code Quality" platform for software development. In conjunction with Continuum, this powerful platform provides key insights into code quality, health, bugs, and security among other areas. SonarQube supports analysis of multiple projects and enables you to centralize and scale a single vision of code quality.
While SonarQube can run manual code analysis on existing projects, it is especially powerful when used in combination with a continuous integration platform (jenkins, teamcity, etc). Running SonarQube analysis at build time is the recommended way to use this integration, as it will provide scoped feedback related to the specific release (version) you are working on and will allow you to identify issues before promoting to production.
Enabling the SonarQube Plugin in Continuum
- Click the main menu , select "Administration", then "Manage Plugins"
- Select "SonarQube" from the plugin list on the left hand side of the screen.
- Fill your instance's information. Ensure to tick the "Is Default?" checkbox.
Getting SonarQube Metrics for a Continuum Package
Because SonarQube metrics are provided in the context of a Continuum package (and package revision), they must be requested within that context. In order to do so, the function that requests said metrics must be executed within a package's "activities" (see package activities and controls).
Executing the request to obtain SonarQube metrics at build time will allow SonarQube to query only those files that have changed and provide metrics around those files, thus providing the complexity for the specific version as well as for the entire SonarQube project.
- In your build pipeline, add a step after the build step using the SonarQube plugin's function called "Get Metrics"
- Enter the SonarQube project key and optionally the SonarQube Instance Name (you may leave blank to use the default instance)
In order for data to return the following conditions must be met:
- The SonarQube project key provided in the "Get Metrics" step exists in the configured SonarQube instance
- The build being processed contains commits for files that exist in the specified SonarQube project
Getting Unit Test Coverage Data for a SonarQube Project
In order to obtain "coverage" metrics for a SonarQube project, the relevant language plugin must be installed on your SonarQube instance. Once the plugin is installed, the instructions for that specific language plugin must be followed in order to properly obtain unit test coverage for your SonarQube project. A complete list of plugin can be found on the SonarSource Plugins Page.
Viewing SonarQube Metrics for a Package Version
Once a package revision containing SonarQube data makes it into your progression, you can view its relevant metrics by visiting the "Risk" dashboard:
- From the Continuum homepage select "Progression Dashboards"
- In the "Progression" drop-down, select the relevant progression that contains information about the desired package
- Click the "Metrics" tab
- From the "Dashboard" drop-down, select the "Risk" dashboard
- From the "Package" drop-down, select the desired package for which you want to see SonarQube metrics.
- From the "Version" drop-down, select the desired version for which you want to see SonarQube Metrics. A new tile titled "SonarQube" will appear at the bottom of the dashboard providing all the relevant data.
The following data points are shown in the SonarQube tile:
- SonarQube Project: SonarQube project "name".
- Complexity: complexity of the entire project, including changes for current version.
- Version Complexity: complexity of the files that have been changed for this version only.
- Blocker Issues: total number of bugs and/or vulnerabilities with severity "blocker".
- Critical Issues: total number of bugs and/or vulnerabilities with severity "critical".
- Coverage: Unit test coverage for the entire SonarQube project.