How to Make a sonarqube project analysis Public while running a project

sahanamk · June 30, 2023, 11:26am

Hi team,

As per documentation Project existence , By default a project analysis will be public and anyone will be able to access it.

But In our project we did analysis using 1 users token and others are not able to access it since the project is created as private.

We know a procedure where we can go to project settings and change it to public.

But we have multiple projects and different projects will be created for different branches. So each time its not possible for us to go to a project and make it public.

So while running sonarqube task / using sonar-project.properties file, is it possible to make a project public ?

Is there any flag / option we can mention ?

Rebse · June 30, 2023, 1:07pm

Hi,

you didn’t provide details as Sonarqube version, build tool, build server …
If your Sonarqube analysis runs with a user that has admin rights on a Sonarqube project,
you may use the Sonarqube web api POST api/projects/update_visibility

Usually the Sonarqube analysis runs on a CI/CD server i.e. Jenkins and it’s technical user
has global Sonarqube admin permissions.

see web api documentation http(s)://yoursonarhost//web_api/api/projects

Gilbert

sahanamk · July 3, 2023, 5:20am

Hi Gilbert,

Sonarqube version : community edition version 9.9 , build tool gradle , we are using gitlab for our pipeline. Gitlab and Sonarqube are running in our company internal platform.

For above api command we have not got any access, Is there any way to set it through build.gradle or sonar-project.properties file or any other option ?

For curl command, server hello, client hello happening and cert is also getting verified, but permission is not changed.

Rebse · July 3, 2023, 5:55am

Hi,

AFAIK there’s no way via sonar-project.properties.
To work efficiently with Sonarqube your Gitlab user needs global admin rights.
Then you can use either cURL or some groovy method with a token = type global / no expiration
and basic authentication for your rest calls.
This can also be part of a provisioning workflow (using the rest api).

Basic authentication uses <token>: means just the token plus delimiter with a blank password.
An example for using Groovy, this is one of my Jenkins shared libraries
The CPS stuff is needed for Jenkins, don’t know if Gitlab needs something similar too.

// vars/sqRest.groovy

import groovy.json.*
@NonCPS
def call(url, method, apitoken) {
  // must use def for jsonSlurper and conn otherwise cps errors
  println "sqRest => " + url
  def jsonSlurper = new JsonSlurperClassic()
  bauth = 'Basic ' + (apitoken + ':').bytes.encodeBase64().toString()
  def conn = url.toURL().openConnection()
  conn.setRequestMethod(method)
  conn.setRequestProperty("Authorization", bauth)
  conn.connect()
  httpstatus = conn.responseCode
  println "sqRest ResponseCode = $httpstatus"
  if(method == 'GET') {
    object = jsonSlurper.parseText(conn.content.text)
  }
}

There may also be some automatism via Gitlab integration, but i don’t know much about
Gitlab, see GitLab integration

Gilbert