Is it possible to integrate Sonarqube with AWS codepipeline/codebuild

Is it possible to integrate Sonarqube with AWS codepipeline/codebuild

Hi Sridhar,

Yes, it is possible.

  1. Your SonarQube instance needs to be accessible from the pipeline environment.
  2. Minimally, your sonar.login and sonar.host.url need to be fed into your pipeline.

Here’s a dead simple buildspec.yaml that will run a Maven build and scan, then push results to a SQ instance:

version: 0.2

env:
  variables:
    SONAR_LOGIN: "MY_SONARQUBE_AUTHTOKEN"
    SONAR_HOST: "MY_SONARQUBE_URL"
    #You should use parameter-store here instead

phases:
  build:
    commands:
      - mvn test
  post_build:
    commands:
      - mvn sonar:sonar -Dsonar.login=$SONAR_LOGIN -Dsonar.host.url=$SONAR_HOST

Cheers.

Brian

1 Like

I was trying to setting up code build with sonarqube
I was passing the Sonarqube login authtoken and sonar host but it is saying access denied
the Authtoken which i am using have the admin role

Please look into that and help to fix that issue
Authtoken has admin role and have access

Hello,

Does the user running the scan have “Execute Analysis” privilege (either global or on the project)? Note this is separate from “Administer System” privilege…

Brian

Thanks for responding this it was Sonar plugin version problem

Hi Hitesh I also want to setup sonar with Code Pipeline AWS. Can you please help me … I am not able to integrate.

FYI

AWS posted additional information on integrating CodeCommit with SonarQube in their DevOps Blog. Even if you are not using Developer Edition to analyze Pull Requests, there is some good information.

Brian

can anyone please share how to run sonar-scanner for python from aws codebuild?There are examples for js and mvn but none for python.Thanks

Hey guys, Iḿ trying to integrate SonrQube with AWS CodePipeline/CodeBuild, but I’m receiving the following error: Not inside a Git work tree

Any ideas?

Thnx, Felipe

Hi Felipe,

Users have resolved this issue by setting parameters such as:

sonar.projectBaseDir=xxxxxx
sonar.sources=yyyyyyyyy

Please see this documentation page for more details

Brian

Hi Brian,

I’ve already tried this, but without success.

Here a response from AWS people:

CodePipeline downloads the source as a zip from the source provider rather than doing a Git clone, which means the .git folder won’t be retained and git commands like the one you’re running won’t work.

Can you share more details about your use-case? It seems like your goal here is to produce a zip archive of your repository, which you could also achieve using something like the zip command.

If you have other use-cases for retaining the .git folder I’d be interested in hearing more about them as this is a feature request we’ve heard from several customers.

In other words, there isn’t any git information no CodeBuild directory.

I forgot to mention, I’m using Sonar with Maven.

Thnx, Felipe.

BTW, even with SonarScanner, it doesn’t work. The solution was to use the parameter: -Dsonar.scm.disabled=true