I have build jenkins piple to do sonarqube analysis of a project. It is analysing code and reporting bugs, vulnerabilities etc to Sonarqube. Is there any way that it can also get reported back to jenkins with status.
I am looking to develop below kind of pipeline:
- Git Clone
- Sonar anaylsis.
- If sonar reports bugs, vulnerabilities etc, then exit. Else build the artifact and deploy it.
There is a good article from @Olivier_Gaudin about this topic and why you should’t use build breaker:
I don’t know what kind of Git product or programming language you are using, but let’s assume you are using .NET Core and Azure DevOps. You can:
- Build feature branches and scan them with SonarCloud
- Report the status back to Azure DevOps
- Prevent Pull Requests to e.g. the master branch from being completed if the quality gate is failed
- Create a release pipeline which automatically deploys your artifact when your master branch build was successful
EDIT: I just noticed you are using Jenkins. But I would assume the same strategy works if you are using e.g. Gitlab and Merge Requests.
Hello I am using Normal Git and Java as language. Since I am using Jenkins,I want to report the status back to Jenkins so the artifact is not build, else it will build the artifact. Eg. Sonarqube anslsysi should not have bugs, vulnerabilities, codesmells, etc (means count to be 0).
So with Java you’re using the Maven- or Gradle-plugin? I guess this link could help you:
I am using basic sonar scanner. Analysis is performed and sonarqube community is updated with the bugs counts etc.
I implemented waitforqualitygate(), but it always fails with below error
org.sonarqube.ws.client.HttpException: Error 401 on http://10.250.1.229:5757/api/ce/task?id=AW_G44a4vSS5xZnwajky
If i copy this URL and paste it in browser then it works, bt jenkins gives this error.
401 is unauthorized. Sort this out and you’ll probably be good.
The webhook payload includes the values of the measures tested in your Quality Gate, so if your QG includes “bugs, vulnerabilities etc” (which, BTW I don’t recommend but that’s another thread) then you should have what you want.