Uploading source code directly into SonarQube

I would like to try a trial version of SonarQube Enterprise (Version 7.9.1, build 27448) which is currently not integrated into the CI/CD pipeline, therefore no Jenkins integration.

Is there a way to upload source code to SonarQube without triggering a build process? I would like to scan that source code directly in SonarQube? If so, please let me know how.

Hi,

Welcome to the community!

When you say “build process” the answer is that you must compile for Java, C, C++, Objective-C, and C#. And for all languages you must run an analysis. That’s where metrics are calculated and issues are raised, so there’s no point in “uploading” your code without that.

 
HTH,
Ann

Correct, this applies to languages that require a build.

I am however also referring to languages which do not require a build, and where the code can literally be statically scanned with a SAST tool directly.

I guess the question is: can I create a project locally in SQ, and then upload some code, directly to SonarQube, without Jenkins, and have it analyzed for security flaws using the Commercial version of SQ?

Hi,

You can certainly analyze without Jenkins; Jenkins is just a giant macro runner (to be ultimately reductive) and you can do any or all of the steps yourself.

If you’re trying to find out how to get started, take a look at the SonarScanner docs.

 
Ann