What can I do with the output of sonarqube in jenkins?

So, I have sonarscanner for jenkins up and running and it successfully starts when I want (every time jenkins notices change in the github repo) and shows the results in the jenkins main page for the project. And, I can drill down from there, which takes me to the sonarqube install. So far so good. Now I want to use that to create github tickets. I did noticed you can integrate sonarqube directly with git but I would rather let jenkins do the deed.

For that to happen I would like to filter when it is a, say, security hotspot vs a crtiical code smell and then proceed accordingly. How does jenkins detect that? Does it just parses the output (so I need to format it before looking for patterns) or is sonarqube formatting its messages (yaml for instance) already in a way it can look at the right fields?

Hi @KeinVogel ,

Brief initial note: our integration with git as an SCM tool doesn’t have anything to do with creating tickets in GitHub. Instead its used at analysis time to extract commit & blame info for use in dating and auto-assigning issues within SonarQube.

There is no output from SonarQube analysis on the scanner side that directly gives you issue or hotspot information. To retrieve that from a Jenkins pipeline, you’d need to wait for the quality gate to be calculated and then make calls to our web API to retrieve the issue or hotspot data you want.

1 Like