Using SonarQube on Jenkins

Gabzouzer · May 12, 2023, 2:57pm

Hi guys,
I’m sorry if it has already been asked before, I tryed to check but I didn’t see any answer to my question.

I am trying to compile a Java code on Jenkins thanks to a pom.xml file. It does work and now I want to have a report of my code to check how it can be better. That is how I learned about SonarQube. I checked on the internet how to use SonarQube on Jenkins. I learned about SonarQube Scanner plugin, I learned how to generate a key on a Sonar server and then I learned that I had to fill this line on the Jenkins file :

 mvn sonar:sonar -Dsonar.projectKey=MyProject -Dsonar.organization=MyOrganization-Dsonar.host.url=MyHostURL -Dsonar.login=MyLogin'

However, it sounds to me very unsafe especially if the Jenkinsfile is meant to be published in a Github.
Does anyone know if there is an other way to have a SonarQube report by using a JenkinsFile ?
Thank you all
Have a nice day
Gab

ganncamp · May 15, 2023, 5:38pm

Hi Gab,

Welcome to the community! This is a great question!

There’s a plugin for Jenkins that allows you to configure your credentials in Jenkins at the global level and have them inserted as needed when your pipeline runs, without them being checked in.

And BTW, you don’t need to specify sonar.organization when you’re using SonarQube; that’s only for SonarCloud.

HTH,
Ann

Gabzouzer · May 16, 2023, 1:39pm

Alright thank you very much