If you already are running a centralized SonarQube instance, use this action to scan a Git repository with the SonarQube static analysis scanner. The data collected from the scans is available in your SonarQube reports, and the results are also displayed in the CloudBees platform analytics dashboards. You can also use the action output as a quality gate for the next step or job in your workflow.
|
Note
|
If you do not have SonarQube already installed, use the Scan with SonarQube bundled action instead. |
| Input name | Data type | Required? | Description |
|---|---|---|---|
|
String |
Yes |
The SonarQube server URL. |
|
String |
No |
The |
|
String |
No |
The SonarQube password. |
|
String |
No |
The branch name to be scanned. |
|
String |
No |
The SonarQube access token. |
|
String |
No |
The SonarQube username. |
|
String |
No |
The file path of the code to be scanned. |
| Output name | Data type | Description |
|---|---|---|
|
String |
The number of Critical security findings discovered during the scan. |
|
String |
The number of Very high security findings discovered during the scan. |
|
String |
The number of High security findings discovered during the scan. |
|
String |
The number of Medium security findings discovered during the scan. |
|
String |
The number of Low security findings discovered during the scan. |
|
String |
A JSON value containing the details about the vulnerability scan summary and details. |
The following is a basic example for using the action:
- name: Scan with SonarQube
uses: cloudbees-io/sonarqube-plugin@v1
with:
server-url: https://my-sonarqube-server-urlIn the following example, the cmakeList-path input is specified for a C-family code language scan:
- name: Scan C-family code with SonarQube
uses: cloudbees-io/sonarqube-plugin@v1
with:
server-url: ${{ vars.SONARQUBE_SERVER_URL }}
cmakeList-path: https://path/to/my/CMakeFileList.txtAccess the output values in downstream steps and jobs using the outputs context.
Use the output in your workflow as follows, where <action_step_ID> is the action step ID, and <severity> is an output parameter name, such as critical-count:
${{steps.<action_step_ID>.outputs.<severity>}}The following example uses the action output in a downstream step of the same job:
name: my-workflow
kind: workflow
apiVersion: automation.cloudbees.io/v1alpha1
on:
push:
branches:
- main
permissions:
scm-token-own: read
scm-token-org: read
id-token: write
jobs:
sonarqube-scan-job:
steps:
- name: check out source code
uses: cloudbees-io/checkout@v1
- id: sonarqube-step
name: sonarqube scan
uses: cloudbees-io/sonarqube-plugin@v1
with:
server-url: https://my-sonarqube-server-url
- name: source dir examine
uses: docker://golang:1.20.3-alpine3.17
shell: sh
run: |
ls -latR /cloudbees/workspace
- id: print-outputs-from-sonarqube-step
name: print outputs from upstream sonarqube step
uses: docker://alpine:latest
run: |
#printing all outputs
echo "Outputs from upstream sonarqube step:"
echo "Critical count: ${{steps.sonarqube-step.outputs.critical-count}}"
echo "Very high count: ${{steps.sonarqube-step.outputs.very-high-count}}"
echo "High count: ${{steps.sonarqube-step.outputs.high-count}}"
echo "Medium count: ${{steps.sonarqube-step.outputs.medium-count}}"
echo "Low count: ${{steps.sonarqube-step.outputs.low-count}}"
echo "Policy subject: ${{steps.sonarqube-step.outputs.policy-subject}}"The following example uses the action output in a downstream job:
name: my-workflow
kind: workflow
apiVersion: automation.cloudbees.io/v1alpha1
on:
push:
branches:
- main
permissions:
scm-token-own: read
scm-token-org: read
id-token: write
jobs:
job1:
outputs:
sonarqube-job-output-critical: ${{ steps.sonarqube-step.outputs.critical-count }}
sonarqube-job-output-very-high: ${{ steps.sonarqube-step.outputs.very-high-count }}
sonarqube-job-output-high: ${{ steps.sonarqube-step.outputs.high-count }}
sonarqube-job-output-medium: ${{ steps.sonarqube-step.outputs.medium-count }}
sonarqube-job-output-low: ${{ steps.sonarqube-step.outputs.low-count }}
sonarqube-job-output-policy-subject: ${{ steps.sonarqube-step.outputs.policy-subject }}
steps:
- name: check out source code
uses: cloudbees-io/checkout@v1
with:
repository: my-gh-repo-org/my-repo
ref: main
token: ${{ secrets.GIT_PAT }}
- id: sonarqube-step
name: sonarqube scan
uses: cloudbees-io/sonarqube-plugin@v1
with:
server-url: https://my-sonarqube-server-url
job2:
needs: job1
steps:
- id: print-outputs-from-job1
name: print outputs from upstream job1
uses: docker://alpine:latest
run: |
# Printing all outputs
echo "Outputs from upstream sonarqube job:"
echo "Critical count: ${{ needs.job1.outputs.sonarqube-job-output-critical }}"
echo "Very high count: ${{ needs.job1.outputs.sonarqube-job-output-very-high }}"
echo "High count: ${{ needs.job1.outputs.sonarqube-job-output-high }}"
echo "Medium count: ${{ needs.job1.outputs.sonarqube-job-output-medium }}"
echo "Low count: ${{ needs.job1.outputs.sonarqube-job-output-low }}"
echo "Policy subject: ${{ needs.job1.outputs.sonarqube-job-output-policy-subject }}"This code is made available under the MIT license.
-
Learn more about using actions in CloudBees workflows.
-
Learn about CloudBees platform.