Sonar Badges in GitLab

SonarQube
,
1

Hi,

We are using SonarQube 7.9.6. We would like to promote sonar analysis in CI tools like GitLab using Sonar project Badges.

We have followed steps to configure sonar project badges in GitLab and ensured that we are using token for secure communication between SonarQube and GitLab.

It is observed that we are not seeing sonar badges in GitLab as expected and getting results as below:

Screenshot 2021-12-07 at 5.51.43 PM
Screenshot 2021-12-07 at 5.51.43 PM852×96 7.35 KB

However, Badges are getting appeared only when you logged in to SonarQube in same browser.

Screenshot 2021-12-07 at 5.55.07 PM
Screenshot 2021-12-07 at 5.55.07 PM754×86 10.4 KB

Please note that we have enabled enforced user authentication in SonarQube(Administration > General Settings > Security).
The sonar project in question is public one.

Thanks,
Vaibhav Jariwala

1 Like
2

Hi, project badges don’t work with force authentication enabled in 7.9.6.

This has been improved with SonarQube 9.2 & SONAR-13426. Starting with SonarQube 9.2, project badge links are generated with a dedicated token in the URL that allows access only to this badge.

3

Thanks letting us know the feature incompatibility with SonarQube 7.9.6.

4

Is there a way to configure Sonar badges on Group level in GitLab for it appear in all sub-projects?

I can easily be done with the normal badges (e.g. pipeline). See: Badges · Project · User · Help · GitLab

And by setting Link and Badge image URL as follows:

  • Link , enter the following URL: https://gitlab.com/%{project_path}/-/commits/%{default_branch}
  • Badge image URL , enter the following URL: https://gitlab.com/%{project_path}/badges/%{default_branch}/pipeline.svg

However, SonarQube badges use the format with project key and project token:

https://sonarqube.somehost/api/project_badges/measure?project=<project key >&metric=code_smells&token=<project token>

Hence, it can’t be set at Group Level and using Placeholders on project level (available placerholders are %{project_path}, %{project_id}, %{default_branch} and %{commit_sha}). If one could set manual placeholder (as with environment variables) then it would work.

Another option is of course to use the Markdown version instead.

Any suggestion that scale over multiple (40+) projects would be highly appreciated.

BR,
Jimisola

5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.