Gitlab and sonarqube integration

Hi
I’m facing our GitLab analysis and pipeline integration on SonarQube. Although the scanning process is running smoothly, the results are not reflecting on the board as expected.


Ok this is what is displayed on my page
https://www.youtube.com/watch?v=XX0ey4rRvms this is the video I am using for the tutorial

stages:

  • test
  • sonarqube-check
  • .post

test:
stage: test
image: node:latest
cache:
key: “$CI_COMMIT_REF_SLUG”
paths:
- node_modules/
- coverage/
script:
- npm test
- echo $SONAR_TOKEN
- echo $SONAR_HOST_URL
rules:
- if: $CI_PIPELINE_SOURCE == ‘merge_request_even’
- if: $CI_COMMIT_BRANCH == ‘main’
- if: $CI_COMMIT_BRANCH == ‘develop’

sonarqube-check:
stage: sonarqube-check
image:
name: sonarsource/sonar-scanner-cli:5.0
entrypoint: [“”]
variables:
SONAR_USER_HOME: “${CI_PROJECT_DIR}/.sonar” # Defines the location of the analysis task cache
GIT_DEPTH: “0”
SONAR_SCANNER_OPTS: “-X” # Enables debug output for the scanner
before_script:
- mkdir -p .sonar/cache
cache:
key: “${CI_JOB_NAME}”
paths:
- .sonar/cache
script:
- sonar-scanner -Dsonar.projectBaseDir=. -Dsonar.projectKey=LuxEVLLC_cplpresuit_e01eb034-0f29-492a-a3b3-6e82cc37c5aa -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=$SONAR_TOKEN
allow_failure: true
only:
- merge_requests
- main
- develop

sonarqube-vulnerability-report:
stage: .post
script:
- ‘curl -v -u “${SONAR_TOKEN}:” “${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=LuxEVLLC_cplaw-presuit_6536d18a-adc5-4fe5-acbb-3239f7035698&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}” -o gl-sast-sonar-report.json || touch gl-sast-sonar-report.json’
allow_failure: true
only:
- merge_requests
- main
- develop
artifacts:
expire_in: 1 day
paths:
- gl-sast-sonar-report.json
dependencies:
- sonarqube-check

And this is what I have in my GitLab YAML file. Please, I need help with this as I’ve been struggling with it for months. I’m new to this, and I just want to be able to analyze and integrate this for my team.

Hey there

How about sharing the full output from this command, when your GitLab Pipeline is ran?

$ mkdir -p .sonar/cache

24$ sonar-scanner -Dsonar.projectBaseDir=. -Dsonar.projectKey=LuxEVLLC_cplpresuit_e01eb034-0f29-492a-a3b3-6e82cc37c5aa -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=$SONAR_TOKEN

Hi, I’m not sure, but I think this is the correct output for the entire process.

I’m sorry, but I can’t send the entire process. I hope this is what you meant.

Is the execution successful? Are there any error messages or warnings?

Yes it is successful

I’m sorry, but without a copy of the logs from the scanner process, I don’t think anybody can be very helpful here.

How can I retrieve the logs from a pipeline that was run on GitLab online, considering it was not executed on my personal computer?

The job logs on Gitlab should do just fine.

Hi, this is my job log.

Okay. Click into a specific job, one that resulted an empty report on SonarQube. The logs should start like this:

colinmueller@colins-macbook-air macosx-universal-64 % sonar-scanner
15:07:45.490 INFO  Scanner configuration file: /users/colinmueller/tools/sonar-scanner-6.1.0.4477-macosx-aarch64/conf/sonar-scanner.properties
15:07:45.493 INFO  Project root configuration file: NONE
15:07:45.506 INFO  SonarScanner CLI 6.1.0.4477
15:07:45.507 INFO  Java 17.0.11 Eclipse Adoptium (64-bit)
15:07:45.507 INFO  Mac OS X 14.5 aarch64
15:07:45.529 INFO  User cache: /Users/colinmueller/.sonar/cache
....