Member-only story
Before you jump in I want to notate that this is specific to SonarQube as SonarCloud works out of the box with very little adjustments.
Create SonarQube Project
First step would be to create a project for your repository in SonarQube. It’s a very simple process and there is a wizard that will walk you through it. Currently there are a few integration options for Azure DevOps, Bitbucket, GitHub, GitLab or manually. During this process you should also be taken to a screen to authenticate into your SCM of choice. Keep track of any tokens you create as you will need that later in the process.
Prerequisites
- Admin access to SonarQube or the project
- Admin access on your GitHub repository
Configuration
While it is easier to configure your project through the SonarQube UI, I recommend doing it through a configuration file included within your repo so that you’re able to have it version controlled.
The configuration file for SonarQube should live in the root directory and be named sonar-project.properties. I had a hard time finding a sample of what it should look like so I included one below. Please read through it and update all configurations to meet your projects needs. The configurations that I left uncommented are required in order to work.
Something worth mentioning here is each of these properties below are noted in the SonarSource documentation and the UI itself. If you aren’t sure what they are being used for, or what format they expect the data I suggest starting there.
Sample Config File
# suppress inspection "UnusedProperty" for whole file## Project Configuration
sonar.organization=[YOUR ORG HERE]
sonar.projectKey=[YOUR PROJECT KEY HERE]# If true, the quality gate is not checked. By default the build will break if the project does not pass the quality gate.
# sonar.buildbreaker.skip=true# Encoding of the source files.
sonar.sourceEncoding=UTF-8# Control the quantity/level of logs produced during an analysis
# sonar.log.level=DEBUG
