Need Guidance on SonarQube Analysis for Firmware Project for .c files

Hello everyone,

I’m currently working on a firmware project and aiming to perform a comprehensive SonarQube analysis. I’ve completed several initial steps but could use some guidance to proceed further.

Here’s where I’m at:

Cloned the project locally.
Acquired necessary details like Dsonar.projectKey, Dsonar.projectName, Dsonar.login token and
Downloaded ‘’ and extracted the build wrapper
Now, I’m seeking guidance on the subsequent steps to effectively utilize the build wrapper and Sonar Scanner for analysis.

Could anyone provide a step-by-step breakdown or advice on how to configure the build, run the scanner, and interpret the results in SonarQube? I’m specifically dealing with .c files and aiming to ensure a comprehensive analysis of the firmware project.

Your help would be greatly appreciated!

Thank you,
Sisira SonarQube build-wrapper c

Not much goes into effectively utilizing the build wrapper, except for… wrapping your build with it (no further build configuration is usually required).

build-wrapper-win-x86-64.exe --out-dir build_wrapper_output_directory **<your normal build command>**

The documentation on analyzing C/C++/Objective-C is fairly thorough and should walk you through the necessary steps, including what information to pass to the sonar-scanner.

1 Like

Thank you very much Colin , but I have a doubt the build tools I am using to build the projects are:

  1. for one project is STM32 Cube IDE: GCC (GNU 11) Compiler
  2. for another project it is:Simplicity Studio: C (c99) Compiler (arm-none-eabi-gcc)

So, is that possible to setup sonarqube analysis for these projects?

GCC based compilers are generally supported.

Thank you for the prompt response. I’m encountering a roadblock in my project as I lack the CLI commands necessary to proceed with the build. I typically handle the build process using GUI tools. If I obtain the artifacts through the GUI build using the aforementioned tools, would I still be able to perform the analysis?

I’ve noticed in the documentation that it’s mentioned we should set the SonarQube mode like MSBuild. Does this mean that solely using GUI tools for the build might affect or hinder this analysis process?

You will need to trigger the build via the command line. You would typically need this for any build that is triggered in a CI environment. Do you have a CI pipeline for this project already?

Which part of the documentation are you referring to?