Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
check

GitHub Action

SonarQube Scan

v1.2.0

SonarQube Scan

check

SonarQube Scan

Scan your code with SonarQube Scanner to detect bugs, vulnerabilities and code smells in more than 25 programming languages

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: SonarQube Scan

              
  uses: kitabisa/[email protected]
Learn more about this action in kitabisa/sonarqube-action

Choose a version

SonarQube GitHub Action

Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

Requirements

Usage

The workflow, usually declared in .github/workflows/build.yaml, looks like:

on:
  # Trigger analysis when pushing in master or pull requests, and when creating
  # a pull request. 
  push:
    branches:
      - master
  pull_request:
      types: [opened, synchronize, reopened]

name: SonarQube Scan
jobs:
  sonarqube:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
    - name: Checking out
      uses: actions/checkout@master
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting
        fetch-depth: 0
    - name: SonarQube Scan
      uses: kitabisa/[email protected]
      with:
        host: ${{ secrets.SONARQUBE_HOST }}
        login: ${{ secrets.SONARQUBE_TOKEN }}

You can change the analysis base directory and/or project key by using the optional input like this:

uses: kitabisa/sonarqube-action@master
with:
  host: ${{ secrets.SONARQUBE_HOST }}
  login: ${{ secrets.SONARQUBE_TOKEN }}
  projectBaseDir: "src/"
  projectKey: "my-custom-project"

Inputs

These are some of the supported input parameters of action.

  • host - (Required) this is the SonarQube server URL.
  • login - (Required) the login or authentication token of a SonarQube user with Execute Analysis permission on the project. See how to generate SonarQube token.
  • password - The password that goes with the login username. This should be left blank if an login are authentication token.
  • projectBaseDir - Set custom project base directory analysis.
  • projectKey - The project's unique key (allowed characters are: letters, numbers, -, _, . and :, with at least one non-digit).
  • projectName - Name of the project that will be displayed on the SonarQube web interface.
  • projectVersion - The project version.
  • encoding - Encoding of the source code. Default is UTF-8.

Note: If you're thinking of setting project metadata & other related things in a sonar-project.properties configuration file (must be declared in the base directory projectBaseDir) instead of going through the input parameters, this action supports that!

License

The Dockerfile and associated scripts and documentation in this project are released under the MIT License.

Container images built with this project include third party materials.