Hi
I’m facing our GitLab analysis and pipeline integration on SonarQube. Although the scanning process is running smoothly, the results are not reflecting on the board as expected.
Ok this is what is displayed on my page
https://www.youtube.com/watch?v=XX0ey4rRvms this is the video I am using for the tutorial
stages:
- test
- sonarqube-check
- .post
test:
stage: test
image: node:latest
cache:
key: "$CI_COMMIT_REF_SLUG"
paths:
- node_modules/
- coverage/
script:
- npm test
- echo $SONAR_TOKEN
- echo $SONAR_HOST_URL
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_even'
- if: $CI_COMMIT_BRANCH == 'main'
- if: $CI_COMMIT_BRANCH == 'develop'
sonarqube-check:
stage: sonarqube-check
image:
name: sonarsource/sonar-scanner-cli:5.0
entrypoint: [""]
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0"
SONAR_SCANNER_OPTS: "-X" # Enables debug output for the scanner
before_script:
- mkdir -p .sonar/cache
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner -Dsonar.projectBaseDir=. -Dsonar.projectKey=LuxEVLLC_cplpresuit_e01eb034-0f29-492a-a3b3-6e82cc37c5aa -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=$SONAR_TOKEN
allow_failure: true
only:
- merge_requests
- main
- develop
sonarqube-vulnerability-report:
stage: .post
script:
- 'curl -v -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?projectKey=LuxEVLLC_cplaw-presuit_6536d18a-adc5-4fe5-acbb-3239f7035698&branch=${CI_COMMIT_BRANCH}&pullRequest=${CI_MERGE_REQUEST_IID}" -o gl-sast-sonar-report.json || touch gl-sast-sonar-report.json'
allow_failure: true
only:
- merge_requests
- main
- develop
artifacts:
expire_in: 1 day
paths:
- gl-sast-sonar-report.json
dependencies:
- sonarqube-check
And this is what I have in my GitLab YAML file. Please, I need help with this as I’ve been struggling with it for months. I’m new to this, and I just want to be able to analyze and integrate this for my team.
Colin
(Colin)
July 5, 2024, 2:55pm
2
Hey there
udofia precawise:
script:
sonar-scanner -Dsonar.projectBaseDir=. -Dsonar.projectKey=LuxEVLLC_cplpresuit_e01eb034-0f29-492a-a3b3-6e82cc37c5aa -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=$SONAR_TOKEN
How about sharing the full output from this command, when your GitLab Pipeline is ran?
$ mkdir -p .sonar/cache
24 $ sonar-scanner -Dsonar.projectBaseDir=. -Dsonar.projectKey=LuxEVLLC_cplpresuit_e01eb034-0f29-492a-a3b3-6e82cc37c5aa -Dsonar.sources=. -Dsonar.host.url=http://localhost:9000 -Dsonar.login=$SONAR_TOKEN
Hi, I’m not sure, but I think this is the correct output for the entire process.
I’m sorry, but I can’t send the entire process. I hope this is what you meant.
Colin
(Colin)
July 8, 2024, 2:06pm
5
Is the execution successful? Are there any error messages or warnings?
Colin
(Colin)
July 9, 2024, 11:40am
7
I’m sorry, but without a copy of the logs from the scanner process, I don’t think anybody can be very helpful here.
How can I retrieve the logs from a pipeline that was run on GitLab online, considering it was not executed on my personal computer?
Colin
(Colin)
July 15, 2024, 7:39pm
9
The job logs on Gitlab should do just fine.
Colin
(Colin)
July 16, 2024, 1:08pm
11
Okay. Click into a specific job, one that resulted an empty report on SonarQube. The logs should start like this:
colinmueller@colins-macbook-air macosx-universal-64 % sonar-scanner
15:07:45.490 INFO Scanner configuration file: /users/colinmueller/tools/sonar-scanner-6.1.0.4477-macosx-aarch64/conf/sonar-scanner.properties
15:07:45.493 INFO Project root configuration file: NONE
15:07:45.506 INFO SonarScanner CLI 6.1.0.4477
15:07:45.507 INFO Java 17.0.11 Eclipse Adoptium (64-bit)
15:07:45.507 INFO Mac OS X 14.5 aarch64
15:07:45.529 INFO User cache: /Users/colinmueller/.sonar/cache
....
Hi,
I apologize for the delay; I’ve been sidetracked by another task. Here is the image.
Thank you.
Colin
(Colin)
July 23, 2024, 12:15pm
13
The logs don’t match the GitLab CI YML you posted earlier.
The logs show soanr-scanner-cli:latest
bieng used, while your YAML specified a specific version
Are you sure that you’ve shared the YML file associated with this branch/job? Something seems out of place.
Hi, I’m sorry about that. I was following a video tutorial and it wasn’t clear. I ended up using ChatGPT, which might be where things went wrong.