I am trying to analyze our private bitbucket repo with sonar cloud. Followed the instruction given.
We have private nexus repository where the artifacts are stored and its not exposed to outside world.
We have multiple repo and they add dependency via private nexus.
When I try to analyze one repo. Sonar is trying to fetch the dependency and failing since it is not able to access our nexus.
It’s not clear to me why SonarQube would be trying to fetch dependencies; presumably it’s your build that wants those. Could you share your analysis log?
The analysis / scanner log is what’s output from the analysis command. Hopefully, the log you provide will include that command as well.
You are correct , in my bitbucket pipeline yaml , i have added mvn -B verify sonar:sonar
mvn verify tries to pull dependencies which are stored in our private nexus.