Integrate SonarQube v8.5 with BitBucket v7.2.3

I am very new to SonarQube and have installed the product (v8.5) under Centos 7 running on an Azure VM.
What we do not understand now is how to use our SonarQube server with our BitBucket on-premise server.

We thought we just install an add-on to BitBucket but when we try to add from the marketplace ( SonarQube™ for Bitbucket Server) we get error:
“SonarQube™ for Bitbucket Server cannot be installed by the UPM”

We have also been told now that actually we only need the BitBucket add-on and no need to have a separate SonaQube server.

Any guidance gratefully received.

Kind regards
Jon

Hi Jon,

Welcome to the community!

To be clear, you’re talking about https://marketplace.atlassian.com/apps/1212735/sonar-for-bitbucket-server?hosting=server&tab=overview ?

Ehm… I may sound biased when I say this, but… you need your own server.

First, the marketplace extension appears to be a connector between the two, but

  • it’s not ours, so sorry but we can’t help you with it
  • it talks about decorating your PR in BB Server after PR analysis. If you’re doing PR analysis, that implies SonarQube Developer Edition($), and Developer Edition will do the decoration for you. No 3rd-party add-on necessary.

Second, I have seen scenarios discussed where you “didn’t need” a SonarQube server to get analysis results. In those scenarios what apparently happened in the background:

  • spin up a brand new SQ instance with the for-testing-only, empty DB
  • run an analysis with the default profile
  • use web services to extract the data from the “dummy” SQ and mark up the repo as necessary
  • turn off the dummy SQ, discarding all data

The things you don’t get with this:

  • performance. Okay, spinning up an empty SQ doesn’t take hours, but do you really want to add those couple minutes to every. single. analysis?
  • control. You’re always using the default Quality Profile (rule set), without the option to choose which rules to add or remove, what the rule thresholds should be &etc. If a Quality Gate is used, it’s going to be the default too
  • history. You throw away the data every time, so there’s no way to track how you’re doing across time
  • focus. We’ve worked hard to give you a New Code focus and the ability to Clean as You Code. Not having actually seen this scenario in action, I can only guess, but I suppose the emphasis is diluted if not lost
  • UX. To be entirely immodest, we have a great UX and you loose out on it if you do the spin-up-analyze-spin-down thing. :smiley:

So now! The first question would be: Which edition are you on?

And then we can go from there.

 
:smiley:
Ann

Thank you for your reply to my post, much appreciated.

We have installed a DEV/Test SonarQube server - sonarqube-developer-8.5.0.37579. It is up and running using a PostgresSQL database. Have not applied for trial license yet.

We run our own BitBucket server v7.2.3 and this is where we manage our Java code for various projects and customers. We have installed the BB add-on - “Sonar for Bitbucket Server” by
Mibex Software GmbH, and have got a trial license. It appears to have connected to our current unlicensed SonarQube server ok.

We are initially only targeting code in BitBucket for a couple of specific projects, and currently I have estimated LOC at around 250,000. (waiting for confirmation from our DevOps team).

My main question is then, have we everything in place, and next step to get a SonarQube trial license?

Kind regards
Jon , Malvern UK
Client Solutions.

Hi Jon,

I don’t know anything about the BB add-on. From my perspective you need:

  1. SonarQube server :heavy_check_mark:
  2. database :heavy_check_mark:
  3. SonarQube (trial) license
  4. CI server to do the checkout, build, analysis

For the trial period #4 is optional - you can do all that manually - but you’ll want it for your production setup.

Does this help?

 
Ann

Regarding 4. CI Server - I assume you mean , in our case, a BitBucket server (repositories in GITHub).

Kind regards
Jon

Hi Jon,

I’ve never used BitBucket but my understanding is that you generally pair it with something like Jenkins or CircleCI to configure build/analysis.

 
Ann

Thank you Ann

We are raising a support call with Mibex Software to get instructions on how to use their add-on with a SonarQube server.

Kind regards
Jon