Can SonarQube link to build artifacts by ID?

When SonarQube runs a scan, it records the date/time of the scan. We automatically launch these scans as part of our pipeline in AzDO, so we can roughly compare build artifact date/time with SonarQube scan date/time to correlate which scan applied to which artifact.

But this can be fuzzy. For auditing purposes, it would be helpful if SonarQube could track against a build artifact ID, or something else more explicit.


You have the ability to pass in a sonar.buildString. From the docs:

The string passed with this property will be stored with the analysis and available in the results of api/project_analyses/search , thus allowing you to later identify a specific analysis and obtain its ID for use with api/project_analyses/set_baseline .

As you see, the original intent was slightly different than your use case, but I think this is what you’re looking for.