Is it possible to integrate Sonarqube with AWS codepipeline/codebuild
Hi Sridhar,
Yes, it is possible.
- Your SonarQube instance needs to be accessible from the pipeline environment.
- Minimally, your sonar.login and sonar.host.url need to be fed into your pipeline.
Here’s a dead simple buildspec.yaml that will run a Maven build and scan, then push results to a SQ instance:
version: 0.2
env:
variables:
SONAR_LOGIN: "MY_SONARQUBE_AUTHTOKEN"
SONAR_HOST: "MY_SONARQUBE_URL"
#You should use parameter-store here instead
phases:
build:
commands:
- mvn test
post_build:
commands:
- mvn sonar:sonar -Dsonar.login=$SONAR_LOGIN -Dsonar.host.url=$SONAR_HOST
Cheers.
Brian
I was trying to setting up code build with sonarqube
I was passing the Sonarqube login authtoken and sonar host but it is saying access denied
the Authtoken which i am using have the admin role
Please look into that and help to fix that issue
Authtoken has admin role and have access
Hello,
Does the user running the scan have “Execute Analysis” privilege (either global or on the project)? Note this is separate from “Administer System” privilege…
Brian
Thanks for responding this it was Sonar plugin version problem
Hi Hitesh I also want to setup sonar with Code Pipeline AWS. Can you please help me … I am not able to integrate.
FYI
AWS posted additional information on integrating CodeCommit with SonarQube in their DevOps Blog. Even if you are not using Developer Edition to analyze Pull Requests, there is some good information.
Brian
can anyone please share how to run sonar-scanner for python from aws codebuild?There are examples for js and mvn but none for python.Thanks
Hey guys, Iḿ trying to integrate SonrQube with AWS CodePipeline/CodeBuild, but I’m receiving the following error: Not inside a Git work tree
Any ideas?
Thnx, Felipe
Hi Felipe,
Users have resolved this issue by setting parameters such as:
sonar.projectBaseDir=xxxxxx
sonar.sources=yyyyyyyyy
Please see this documentation page for more details
Brian
Hi Brian,
I’ve already tried this, but without success.
Here a response from AWS people:
CodePipeline downloads the source as a zip from the source provider rather than doing a Git clone, which means the .git folder won’t be retained and git commands like the one you’re running won’t work.
Can you share more details about your use-case? It seems like your goal here is to produce a zip archive of your repository, which you could also achieve using something like the zip command.
If you have other use-cases for retaining the .git folder I’d be interested in hearing more about them as this is a feature request we’ve heard from several customers.
In other words, there isn’t any git information no CodeBuild directory.
I forgot to mention, I’m using Sonar with Maven.
Thnx, Felipe.
BTW, even with SonarScanner, it doesn’t work. The solution was to use the parameter: -Dsonar.scm.disabled=true