Determining latest SonarScanner CLI version from repo

Hi!
Due to security concerns within our organization all of our CI/CD build systems run in an air-gapped environment, where they can only access pre-approved artifacts through a JFrog Artifactory mirror. We are currently looking to create an RPM-packaging of the SonarScanner CLI tool for internal use, and are able to download the SonarScanner CLI through a mirror we have set up for https://binaries.sonarsource.com/Distribution/

However, we would like to be able to always package new versions when they arrive, and as such need a way to determine what the current latest version is. This is of course specified in the documentation here - SonarScanner CLI - but as this is a documentation page it poses a problem to access it through our mirror.

Other projects, such as Helm/Kubernetes, tend to provide a version.json file or similar in the distributions repository, which contains the current latest version number. This can then be used by the build system in order to know which version to download. This allows the build system to determine the latest version by solely relying on the distribution repository mirror, rather than having to look it up through different means.

I could not find a similar apparoach for the SonarScanner CLI. I also tried removing the version number from the download URLs provided here - SonarScanner CLI - hoping that it would result in me receiving the latest version. This was however not the case.

Is there any way to determine version information solely based on information contained in https://binaries.sonarsource.com/Distribution/ ? If not, would it be possible to start adding a version.json or other similar solution in order to better support customer packaging pipelines?

Hi @PM_JoakimGustavsson

I don’t know if this will be enough for your use case, but we have metadata in this file:

Maybe you could use the publicVersions property. Be careful that we don’t guarantee that this file will be maintained forever (this is more an internal tool).
This is what is used to generate the header of the page SonarScanner CLI

Another option I can think of is to use Maven metadata:
https://repo1.maven.org/maven2/org/sonarsource/scanner/cli/sonar-scanner-cli/maven-metadata.xml

Hope that helps.

1 Like

Hi!
Thank you so much, that is exactly what I was looking for :slight_smile:

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.