Gitlab and sonarqube integration

Hi
I’m facing our GitLab analysis and pipeline integration on SonarQube. Although the scanning process is running smoothly, the results are not reflecting on the board as expected.


Ok this is what is displayed on my page
https://www.youtube.com/watch?v=XX0ey4rRvms this is the video I am using for the tutorial

stages:
 - test
 - sonarqube-check
 - .post

test:
  stage: test
  image: node:latest
  cache:
    key: "$CI_COMMIT_REF_SLUG"
    paths:
      - node_modules/
      - coverage/
  script:
    - npm test
    - echo $SONAR_TOKEN
    - echo $SONAR_HOST_URL
  rules: 
    - if: $CI_PIPELINE_SOURCE == 'merge_request_even'
    - if: $CI_COMMIT_BRANCH == 'main'
    - if: $CI_COMMIT_BRANCH == 'develop'

sonarqube-check:
  stage: sonarqube-check
  image: 
    name: sonarsource/sonar-scanner-cli:5.0
    entrypoint: [""]
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
    GIT_DEPTH: "0"
    SONAR_SCANNER_OPTS: "-X" # Enables debug output for the scanner
  before_script:
    - mkdir -p .sonar/cache
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script: 
    - sonar-scanner -Dsonar.projectBaseDir=. -Dsonar.projectKey=LuxEVLLC_cplpresuit_e01eb034-0f29-492a-a3b3-6e82cc37c5aa -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=$SONAR_TOKEN
  allow_failure: true
  only:
    - merge_requests
    - main
    - develop

sonarqube-vulnerability-report:
  stage: .post
  script:
    - 'curl -v -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=LuxEVLLC_cplaw-presuit_6536d18a-adc5-4fe5-acbb-3239f7035698&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json || touch gl-sast-sonar-report.json'
  allow_failure: true
  only:
    - merge_requests
    - main
    - develop
  artifacts:
    expire_in: 1 day
    paths:
      - gl-sast-sonar-report.json
  dependencies:
    - sonarqube-check

And this is what I have in my GitLab YAML file. Please, I need help with this as I’ve been struggling with it for months. I’m new to this, and I just want to be able to analyze and integrate this for my team.

Hey there

How about sharing the full output from this command, when your GitLab Pipeline is ran?

$ mkdir -p .sonar/cache

24$ sonar-scanner -Dsonar.projectBaseDir=. -Dsonar.projectKey=LuxEVLLC_cplpresuit_e01eb034-0f29-492a-a3b3-6e82cc37c5aa -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=$SONAR_TOKEN

Hi, I’m not sure, but I think this is the correct output for the entire process.

I’m sorry, but I can’t send the entire process. I hope this is what you meant.

Is the execution successful? Are there any error messages or warnings?

Yes it is successful

I’m sorry, but without a copy of the logs from the scanner process, I don’t think anybody can be very helpful here.

How can I retrieve the logs from a pipeline that was run on GitLab online, considering it was not executed on my personal computer?

The job logs on Gitlab should do just fine.

Hi, this is my job log.

Okay. Click into a specific job, one that resulted an empty report on SonarQube. The logs should start like this:

colinmueller@colins-macbook-air macosx-universal-64 % sonar-scanner
15:07:45.490 INFO  Scanner configuration file: /users/colinmueller/tools/sonar-scanner-6.1.0.4477-macosx-aarch64/conf/sonar-scanner.properties
15:07:45.493 INFO  Project root configuration file: NONE
15:07:45.506 INFO  SonarScanner CLI 6.1.0.4477
15:07:45.507 INFO  Java 17.0.11 Eclipse Adoptium (64-bit)
15:07:45.507 INFO  Mac OS X 14.5 aarch64
15:07:45.529 INFO  User cache: /Users/colinmueller/.sonar/cache
....

Hi,

I apologize for the delay; I’ve been sidetracked by another task. Here is the image.

Thank you.

The logs don’t match the GitLab CI YML you posted earlier.

The logs show soanr-scanner-cli:latest bieng used, while your YAML specified a specific version

Are you sure that you’ve shared the YML file associated with this branch/job? Something seems out of place.

Hi, I’m sorry about that. I was following a video tutorial and it wasn’t clear. I ended up using ChatGPT, which might be where things went wrong.