I am new to Sonar system and I want to do C project analysis. When I want to analyze my project locally, I see the SONAR_TOKEN environment variable configuration. To use SONAR_TOKEN, do I need to place it in the sonar-project.properties file?
It would be great if there is a document, video, or web address you can recommend for easy use.
Hi @codeluyor, and welcome!
To answer your specific question: no, typically you would pass
SONAR_TOKEN value through your environment. You can also pass it as a command-line argument to the Sonar Scanner invocation with
-Dsonar.login=<Sonar token>. You could also put it into your “sonar-project.properties” file, but it is not recommended because in many cases you publish this file together with your source files and this would reveal the secret.
SonarCloud has extensive documentation regarding setting up your analysis. I recommend following our on-boarding tutorial when you set up your project, or read here about SonarScanner.
If you are analyzing C or C++ code you can also check out our directory of simple example projects. In particular, these examples, that show the “manual” shell scripts to run your analysis on different platforms.
Let me know if you manage to set up the analysis.
It was a very descriptive answer, thank you for your interest.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.