I am working on a script that should check and tell whether SonarQube is actively used as a part of Conitinious Integration for different application projects. The task of the script is to search for certain files or certain keywords in those files that guarantees that SonarQube is being actively used as a part of CI. Could anyone suggest me the name of any file that must be present in the repo if SonarQ is actively used in the pipeline or any keywords in the pipeline yml file that tells for sure that SonarQube actively used as past of CI. Please help. Thank you so much inadvance.
Welcome to the community!
The presence of a
sonar-project.properties file or ‘sonar’ in a pipeline would be a good indicator.
if a Sonarqube scan really took place inside the pipeline, then a /sonar subfolder with a report-task.txt file is present in the workspace.
In addition to the
sonar.projectKey, this file also contains the
You may use these properties to get more details using the Sonarqube web api.