Is there an option to set a custom value to a SonarQube project?

I am currently using 9.9 LTA. I am looking for an option to set/associate the pipeline job URL which was used to perform the sonar analysis for the projects. Are there any options?

In our org, we have configured some set of guidelines. If any project is created without following the guideline, the project will be deleted via an automation, which runs once in an hour. While deleting the project, we want to notify the user / team who created the SonarQube project via GitLab pipeline. If I can have the pipeline job url (or any other specific value that is associated to the repo from where the pipeline was triggered) associated to a project (and can get updated every time when it runs), it will be easy to fetch the value and take the action.

I tried project tags api. However, setting the tag is project specific. But, the GET api is not.
I also tried setting the pipeline url via “api/project_links/create”. However, every time when this API was hit, I could see the data is getting appended, resulting I could see more pipeline urls / links are listed in the project information tab.

Appreciate your guidance!

I think what you’re looking for is a sonar.links.* parameter. Luckily Gitlab as variables like CI_REPOSITORY_URL available that you can reference.

One caveat: this must be set in the context of analysis (you or your developers will have to update the pipeline to include the sonar.links.* analysis parameter(s)). It can’t be done using the Web API.

Thank you @Colin for your recommendation.

I thought of using both the sonar.links.scm and sonar.links.ci parameters. I tried setting up as below.

sonar-scanner -Dsonar.branch.name=$CI_SONAR_BRANCH -Dsonar.projectName=${SONAR_PROJECT} -Dsonar.projectKey=${SONAR_PROJECT} -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_API_TOKEN -Dsonar.links.ci=$CI_JOB_URL -Dsonar.links.scm=$CI_PROJECT_URL

However, I am getting an empty array as the response to the https://sonarqube.org.net/api/project_links/search?projectKey=grp:grp-0x:validation:python-with-sonar-experiment call after a pipeline execution (tried from postman).

{
    "links": []
}

Does these properties applicable only for maven projects?

Thanks.

Another thing to mention, is that the link will only update for the project when the main branch is analyzed.

Yes. I just merged the changes to the main branch and I could see the details.

In general, the developers first commit their code in a feature branch (main branch is a protected branch; developers should not commit directly at protected branches - a rule we setup at our org) and the scan will happen for the feature branch. The sonar project will be created for the feature branch and we will do the validations to enable entitlement. During this activity, if we find the standards were not followed, we will delete the project itself.

In this case, I hope setting up the scm or ci links will not be available. Hence, we cannot use them to identify the source repository and the individual who triggered the pipeline - to communicate for following the standards we defined.

Are there any other options available?

Not really. I guess you can use the project_links domains of web services, but you’ll need to do some logic like

  • delete existing links (POST api/project_links/delete) before creating new ones, so you don’t end up with infinite links
  • check for the presence of any link (GET api/project_links/search) and assume that if one exists (or exists in a certain form, like with a certain URL format), you don’t need to create another
1 Like

Thank you @Colin . Much appreciated! I am planning to use only for the newly created projects. Let me try to set the link upon creation for a feature branch.

Hi,

never used it, but maybe you could use a sonar.analysis.<key> property
see Analysis parameters

This property stub allows you to insert custom key/value pairs into the analysis context, which will also be passed forward to webhooks.

Example: sonar.analysis.buildNumber=12345

Note: Depending on the environment, using this property in the command line may not work.

Gilbert

all this is particularly good for is having the info available in the webhook later