Skip to content

cloudbees-io/sonarqube-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CloudBees action: Scan with SonarQube

If you already are running a centralized SonarQube instance, use this action to scan a Git repository with the SonarQube static analysis scanner. The data collected from the scans is available in your SonarQube reports, and the results are also displayed in the CloudBees platform analytics dashboards. You can also use the action output as a quality gate for the next step or job in your workflow.

Note
If you do not have SonarQube already installed, use the Scan with SonarQube bundled action instead.

Inputs

Table 1. Input details
Input name Data type Required? Description

url

String

Yes

The SonarQube server URL.

cmakeList-path

String

No

The CMakeFileList.txt file path for scanning C-family code languages. For more information, refer to the CMake documentation.

password

String

No

The SonarQube password.

ref

String

No

The branch name to be scanned.

token

String

No

The SonarQube access token.

username

String

No

The SonarQube username.

workspace-dir

String

No

The file path of the code to be scanned.

Outputs

Table 2. Output details
Output name Data type Description

critical-count

String

The number of Critical security findings discovered during the scan.

very-high-count

String

The number of Very high security findings discovered during the scan.

high-count

String

The number of High security findings discovered during the scan.

medium-count

String

The number of Medium security findings discovered during the scan.

low-count

String

The number of Low security findings discovered during the scan.

policy-subject

String

A JSON value containing the details about the vulnerability scan summary and details.

Usage examples

Basic example

The following is a basic example for using the action:

      - name: Scan with SonarQube
        uses: cloudbees-io/sonarqube-plugin@v1
        with:
          server-url: https://my-sonarqube-server-url

Scan C-family code languages

In the following example, the cmakeList-path input is specified for a C-family code language scan:

      - name: Scan C-family code with SonarQube
        uses: cloudbees-io/sonarqube-plugin@v1
        with:
          server-url: ${{ vars.SONARQUBE_SERVER_URL }}
          cmakeList-path: https://path/to/my/CMakeFileList.txt

Using the action output

Access the output values in downstream steps and jobs using the outputs context.

Use the output in your workflow as follows, where <action_step_ID> is the action step ID, and <severity> is an output parameter name, such as critical-count:

${{steps.<action_step_ID>.outputs.<severity>}}

The following example uses the action output in a downstream step of the same job:

name: my-workflow
kind: workflow
apiVersion: automation.cloudbees.io/v1alpha1

on:
  push:
    branches:
      - main

permissions:
  scm-token-own: read
  scm-token-org: read
  id-token: write

jobs:
  sonarqube-scan-job:
    steps:
      - name: check out source code
        uses: cloudbees-io/checkout@v1

      - id: sonarqube-step
        name: sonarqube scan
        uses: cloudbees-io/sonarqube-plugin@v1
        with:
          server-url: https://my-sonarqube-server-url

      - name: source dir examine
        uses: docker://golang:1.20.3-alpine3.17
        shell: sh
        run: |
          ls -latR /cloudbees/workspace

      - id: print-outputs-from-sonarqube-step
        name: print outputs from upstream sonarqube step
        uses: docker://alpine:latest
        run: |
            #printing all outputs
            echo "Outputs from upstream sonarqube step:"
            echo "Critical count: ${{steps.sonarqube-step.outputs.critical-count}}"
            echo "Very high count: ${{steps.sonarqube-step.outputs.very-high-count}}"
            echo "High count: ${{steps.sonarqube-step.outputs.high-count}}"
            echo "Medium count: ${{steps.sonarqube-step.outputs.medium-count}}"
            echo "Low count: ${{steps.sonarqube-step.outputs.low-count}}"
            echo "Policy subject: ${{steps.sonarqube-step.outputs.policy-subject}}"

The following example uses the action output in a downstream job:

name: my-workflow
kind: workflow
apiVersion: automation.cloudbees.io/v1alpha1

on:
  push:
    branches:
      - main

permissions:
  scm-token-own: read
  scm-token-org: read
  id-token: write

jobs:
  job1:
    outputs:
      sonarqube-job-output-critical: ${{ steps.sonarqube-step.outputs.critical-count }}
      sonarqube-job-output-very-high: ${{ steps.sonarqube-step.outputs.very-high-count }}
      sonarqube-job-output-high: ${{ steps.sonarqube-step.outputs.high-count }}
      sonarqube-job-output-medium: ${{ steps.sonarqube-step.outputs.medium-count }}
      sonarqube-job-output-low: ${{ steps.sonarqube-step.outputs.low-count }}
      sonarqube-job-output-policy-subject: ${{ steps.sonarqube-step.outputs.policy-subject }}
    steps:
      - name: check out source code
        uses: cloudbees-io/checkout@v1
        with:
          repository: my-gh-repo-org/my-repo
          ref: main
          token: ${{ secrets.GIT_PAT }}

      - id: sonarqube-step
        name: sonarqube scan
        uses: cloudbees-io/sonarqube-plugin@v1
        with:
          server-url: https://my-sonarqube-server-url

  job2:
    needs: job1
    steps:
      - id: print-outputs-from-job1
        name: print outputs from upstream job1
        uses: docker://alpine:latest
        run: |
          # Printing all outputs
          echo "Outputs from upstream sonarqube job:"
          echo "Critical count: ${{ needs.job1.outputs.sonarqube-job-output-critical }}"
          echo "Very high count: ${{ needs.job1.outputs.sonarqube-job-output-very-high }}"
          echo "High count: ${{ needs.job1.outputs.sonarqube-job-output-high }}"
          echo "Medium count: ${{ needs.job1.outputs.sonarqube-job-output-medium }}"
          echo "Low count: ${{ needs.job1.outputs.sonarqube-job-output-low }}"
          echo "Policy subject: ${{ needs.job1.outputs.sonarqube-job-output-policy-subject }}"

License

This code is made available under the MIT license.

References

About

SonarQube Explicit action

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors