Gitlab and sonarqube integration

udofia_precawise · July 4, 2024, 2:23pm

Hi
I’m facing our GitLab analysis and pipeline integration on SonarQube. Although the scanning process is running smoothly, the results are not reflecting on the board as expected.

Ok this is what is displayed on my page
https://www.youtube.com/watch?v=XX0ey4rRvms this is the video I am using for the tutorial

stages:
 - test
 - sonarqube-check
 - .post

test:
  stage: test
  image: node:latest
  cache:
    key: "$CI_COMMIT_REF_SLUG"
    paths:
      - node_modules/
      - coverage/
  script:
    - npm test
    - echo $SONAR_TOKEN
    - echo $SONAR_HOST_URL
  rules: 
    - if: $CI_PIPELINE_SOURCE == 'merge_request_even'
    - if: $CI_COMMIT_BRANCH == 'main'
    - if: $CI_COMMIT_BRANCH == 'develop'

sonarqube-check:
  stage: sonarqube-check
  image: 
    name: sonarsource/sonar-scanner-cli:5.0
    entrypoint: [""]
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
    GIT_DEPTH: "0"
    SONAR_SCANNER_OPTS: "-X" # Enables debug output for the scanner
  before_script:
    - mkdir -p .sonar/cache
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script: 
    - sonar-scanner -Dsonar.projectBaseDir=. -Dsonar.projectKey=LuxEVLLC_cplpresuit_e01eb034-0f29-492a-a3b3-6e82cc37c5aa -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=$SONAR_TOKEN
  allow_failure: true
  only:
    - merge_requests
    - main
    - develop

sonarqube-vulnerability-report:
  stage: .post
  script:
    - 'curl -v -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=LuxEVLLC_cplaw-presuit_6536d18a-adc5-4fe5-acbb-3239f7035698&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json || touch gl-sast-sonar-report.json'
  allow_failure: true
  only:
    - merge_requests
    - main
    - develop
  artifacts:
    expire_in: 1 day
    paths:
      - gl-sast-sonar-report.json
  dependencies:
    - sonarqube-check

And this is what I have in my GitLab YAML file. Please, I need help with this as I’ve been struggling with it for months. I’m new to this, and I just want to be able to analyze and integrate this for my team.

Colin · July 5, 2024, 2:55pm

Hey there

How about sharing the full output from this command, when your GitLab Pipeline is ran?

udofia_precawise · July 5, 2024, 4:52pm

$ mkdir -p .sonar/cache

24$ sonar-scanner -Dsonar.projectBaseDir=. -Dsonar.projectKey=LuxEVLLC_cplpresuit_e01eb034-0f29-492a-a3b3-6e82cc37c5aa -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=$SONAR_TOKEN

Hi, I’m not sure, but I think this is the correct output for the entire process.

udofia_precawise · July 5, 2024, 5:09pm

I’m sorry, but I can’t send the entire process. I hope this is what you meant.

Colin · July 8, 2024, 2:06pm

Is the execution successful? Are there any error messages or warnings?

udofia_precawise · July 8, 2024, 2:31pm

Yes it is successful

Colin · July 9, 2024, 11:40am

I’m sorry, but without a copy of the logs from the scanner process, I don’t think anybody can be very helpful here.

udofia_precawise · July 15, 2024, 2:07pm

How can I retrieve the logs from a pipeline that was run on GitLab online, considering it was not executed on my personal computer?

Colin · July 15, 2024, 7:39pm

The job logs on Gitlab should do just fine.

udofia_precawise · July 16, 2024, 8:15am

Hi, this is my job log.

Colin · July 16, 2024, 1:08pm

Okay. Click into a specific job, one that resulted an empty report on SonarQube. The logs should start like this:

colinmueller@colins-macbook-air macosx-universal-64 % sonar-scanner
15:07:45.490 INFO  Scanner configuration file: /users/colinmueller/tools/sonar-scanner-6.1.0.4477-macosx-aarch64/conf/sonar-scanner.properties
15:07:45.493 INFO  Project root configuration file: NONE
15:07:45.506 INFO  SonarScanner CLI 6.1.0.4477
15:07:45.507 INFO  Java 17.0.11 Eclipse Adoptium (64-bit)
15:07:45.507 INFO  Mac OS X 14.5 aarch64
15:07:45.529 INFO  User cache: /Users/colinmueller/.sonar/cache
....

udofia_precawise · July 22, 2024, 11:01am

Hi,

I apologize for the delay; I’ve been sidetracked by another task. Here is the image.

Thank you.

Colin · July 23, 2024, 12:15pm

The logs don’t match the GitLab CI YML you posted earlier.

The logs show soanr-scanner-cli:latest bieng used, while your YAML specified a specific version

Are you sure that you’ve shared the YML file associated with this branch/job? Something seems out of place.

udofia_precawise · July 23, 2024, 1:43pm

Hi, I’m sorry about that. I was following a video tutorial and it wasn’t clear. I ended up using ChatGPT, which might be where things went wrong.

Topic		Replies	Views
Sonar scanner command found on Gitlab CI/CD SonarQube Server / Community Build sonarqube , scanner , coverage	1	3065	August 11, 2022
No analysis results shown and No redirection to the overview page SonarQube Server / Community Build sonarqube , scanner , gitlab , coverage	12	50	November 20, 2024
Error integration between sonarqube and gitlab SonarQube Server / Community Build sonarqube , gitlab	2	796	January 7, 2021
GitLab pipeline is success, but not able to visualize the code result in SonarQube SonarQube Server / Community Build sonarqube , gitlab	1	666	January 30, 2023
Sonarqube Gitlab integration gitlab-ci yaml question SonarQube Server / Community Build	2	983	May 12, 2022

Gitlab and sonarqube integration

Related topics