Skip to content

Integrate SonarQube scanner to GitHub Actions

License

Notifications You must be signed in to change notification settings

ItsEcholot/sonarqube-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SonarQube GitHub Action

Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

Requirements

  • Have SonarQube on server. Install now if it's not already the case!

Usage

The workflow, usually declared in .github/workflows/build.yml, looks like:

on: push
name: Main Workflow
jobs:
  sonarQubeTrigger:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - name: SonarQube Scan
      uses: kitabisa/sonarqube-action@master
      with:
        host: ${{ secrets.SONARQUBE_HOST }}
        login: ${{ secrets.SONARQUBE_TOKEN }}

You can change the analysis base directory by using the optional input projectBaseDir like this:

uses: kitabisa/sonarqube-action@master
with:
  projectBaseDir: my-custom-directory

Secrets

  • host - (Required) this is the SonarQube server URL.
  • login - (Required) the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See how to generate SonarQube token.
  • password - The password that goes with the login username. This should be left blank if an login are authentication token.

You can set all variable in the "Secrets" settings page of your repository.

License

The Dockerfile and associated scripts and documentation in this project are released under the MIT License.

Container images built with this project include third party materials.

About

Integrate SonarQube scanner to GitHub Actions

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Dockerfile 53.3%
  • Shell 46.7%