metadata: name: sonarExecuteScan description: Executes the Sonar scanner longDescription: "The step executes the [sonar-scanner](https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner) cli command to scan the defined sources and publish the results to a SonarQube instance." spec: inputs: secrets: - name: sonarTokenCredentialsId type: jenkins description: "Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Sonar Server." - name: githubTokenCredentialsId type: jenkins description: "Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Github Server." params: - name: instance type: string description: "Jenkins only: The name of the SonarQube instance defined in the Jenkins settings. DEPRECATED: use serverUrl parameter instead" scope: - PARAMETERS - STAGES - STEPS - name: serverUrl aliases: - name: host - name: sonarServerUrl type: string description: "The URL to the Sonar backend." scope: - PARAMETERS - STAGES - STEPS - name: token type: string description: "Token used to authenticate with the Sonar Server." scope: - PARAMETERS secret: true resourceRef: - type: vaultSecret name: sonarVaultSecretName default: sonar - name: sonarTokenCredentialsId type: secret aliases: - name: sonarToken - name: organization type: string description: "SonarCloud.io only: Organization that the project will be assigned to in SonarCloud.io." scope: - PARAMETERS - STAGES - STEPS - name: customTlsCertificateLinks type: "[]string" description: "List of download links to custom TLS certificates. This is required to ensure trusted connections to instances with custom certificates." scope: - PARAMETERS - STAGES - STEPS - name: sonarScannerDownloadUrl type: string description: "URL to the sonar-scanner-cli archive." default: "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip" scope: - PARAMETERS - STAGES - STEPS - name: versioningModel type: string description: "The versioning model used for the version when reporting the results for the project." scope: [GENERAL, STAGES, STEPS, PARAMETERS] default: "major" possibleValues: - major - major-minor - semantic - full - name: version aliases: - name: projectVersion deprecated: true type: string description: "The project version that is reported to SonarQube." scope: - PARAMETERS - STAGES - STEPS resourceRef: - name: commonPipelineEnvironment param: artifactVersion - name: customScanVersion type: string description: "A custom version used along with the uploaded scan results." longDescription: |- Defines a custom version for the Sonar scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel). It allows to set non-numeric versions as well and supersedes the value of [`version`](#version) which is calculated automatically. The parameter is also used by other scan steps (e.g. Detect, Fortify, WhiteSource) and thus allows a common custom version across scan tools. scope: [GENERAL, STAGES, STEPS, PARAMETERS] - name: projectKey type: string description: "The project key identifies the project in SonarQube." scope: - PARAMETERS - STAGES - STEPS - name: coverageExclusions type: "[]string" description: "A list of patterns that should be excluded from the coverage scan." scope: - PARAMETERS - STAGES - STEPS - name: inferJavaBinaries type: bool description: "Find the location of generated Java class files in all modules and pass the option `sonar.java.binaries to the sonar tool." scope: - PARAMETERS - STAGES - STEPS - name: inferJavaLibraries type: bool description: "If the parameter `m2Path` is configured for the step `mavenExecute` in the general section of the configuration, pass it as option `sonar.java.libraries` to the sonar tool." scope: - PARAMETERS - STAGES - STEPS - name: options type: "[]string" description: "A list of options which are passed to the sonar-scanner." scope: - PARAMETERS - STAGES - STEPS aliases: - name: sonarProperties deprecated: true - name: waitForQualityGate type: bool description: "Whether the scan should wait for and consider the result of the quality gate." scope: - PARAMETERS - STAGES - STEPS # Parameters for non-PR scans - name: branchName type: string description: "Non-Pull-Request only: Name of the SonarQube branch that should be used to report findings to. Automatically inferred from environment variables on supported orchestrators if `inferBranchName` is set to true." scope: - PARAMETERS - STAGES - STEPS - name: inferBranchName type: bool description: "Whether to infer the `branchName` parameter automatically based on the orchestrator-specific environment variable in runs of the pipeline." scope: - PARAMETERS - STAGES - STEPS # Parameters for PR-Handling - name: changeId type: string description: "Pull-Request only: The id of the pull-request. Automatically inferred from environment variables on supported orchestrators." scope: - PARAMETERS - name: changeBranch type: string description: "Pull-Request only: The name of the pull-request branch. Automatically inferred from environment variables on supported orchestrators." scope: - PARAMETERS - name: changeTarget type: string description: "Pull-Request only: The name of the base branch. Automatically inferred from environment variables on supported orchestrators." scope: - PARAMETERS - name: pullRequestProvider type: string description: "Pull-Request only: The scm provider." default: GitHub possibleValues: - GitHub scope: - PARAMETERS - STAGES - STEPS - name: owner type: string description: "Pull-Request only: The owner of the scm repository." scope: - GENERAL - PARAMETERS - STAGES - STEPS aliases: - name: githubOrg resourceRef: - name: commonPipelineEnvironment param: github/owner - name: repository type: string description: "Pull-Request only: The scm repository." scope: - GENERAL - PARAMETERS - STAGES - STEPS aliases: - name: githubRepo resourceRef: - name: commonPipelineEnvironment param: github/repository # Parameters for legacy PR-Handling - name: githubToken type: string description: "Pull-Request only: Token for Github to set status on the Pull-Request." scope: - PARAMETERS secret: true aliases: - name: access_token resourceRef: - name: githubTokenCredentialsId type: secret - type: vaultSecret name: githubVaultSecretName default: github - name: disableInlineComments type: bool description: "Pull-Request only: Disables the pull-request decoration with inline comments. DEPRECATED: only supported in SonarQube < 7.2" scope: - PARAMETERS - STAGES - STEPS - name: legacyPRHandling type: bool description: "Pull-Request only: Activates the pull-request handling using the [GitHub Plugin](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin). DEPRECATED: only supported in SonarQube < 7.2" scope: - PARAMETERS - STAGES - STEPS - name: githubApiUrl type: string description: "Pull-Request only: The URL to the Github API. See [GitHub plugin docs](https://docs.sonarqube.org/display/PLUG/GitHub+Plugin#GitHubPlugin-Usage) DEPRECATED: only supported in SonarQube < 7.2" scope: - GENERAL - PARAMETERS - STAGES - STEPS default: https://api.github.com # Global maven settings, should be added to all maven steps - name: m2Path type: string description: "Path to the location of the local repository that should be used." scope: - GENERAL - STEPS - STAGES - PARAMETERS aliases: - name: maven/m2Path outputs: resources: - name: reports type: reports params: - filePattern: "**/sonarscan.json" type: sonarqube - filePattern: "**/sonarscan-result.json" type: sonarqube - name: influx type: influx params: - name: step_data fields: - name: sonar type: bool - name: sonarqube_data fields: - name: blocker_issues type: int - name: critical_issues type: int - name: major_issues type: int - name: minor_issues type: int - name: info_issues type: int containers: - name: sonar image: sonarsource/sonar-scanner-cli:4.7 options: - name: -u value: "0"