Use with SonarCloud™

Step 1: Create a SonarQube™ server configuration

Add a SonarQube™ server configuration in the app under Bitbucket Admin → Include Code Quality. 

1. Configure a name for the server.

2. Add https://sonarcloud.io as your SonarQube™ Application URL.

3. Add your SonarCloud™ organization key

4. Add a User Token of the SonarQube™ Service Account.

   • You can use global or project-level permissions (more details here). Please note that only a User with Administer System permission will allow for the use of an automatic webhook as mentioned below.

   • Learn more on how to generate your SonarQube™ User Token here.

5. Choose if you want to enable authentication with personal SonarQube™ accounts instead of a Service User.

   • Using personal accounts can be useful to track user actions like resolving an issue or marking it as a false positive and easily identify who performed which action.

6. Choose between an automatic webhook configuration or a manual webhook configuration if you tick the corresponding checkbox.

   • You may only use an automatic webhook if the User Token used has Administer System permissions. You can read more on webhook configuration here.

Step 2: Configure a SonarQube™ Analysis

Next step is to configure your SonarQube™ scan in your build system.

Go to the dedicated documentation page for more details on how to configure your SonarQube™ Analysis.

Step 3: Connect one or more SonarQube™ projects to a Repository

In Bitbucket, connect one or more SonarQube™ project to a Repository (Repository → Settings → Include Code Quality)

1. Click App Enabled, followed by Add Project.

2. Select the Module Directory of the project. Leave empty for a single SonarQube™ project in the repository. Select a subfolder of the repository if you want to configure multiple SonarQube™ projects for the same repository (for example if you are working with a monorepo strategy).

3. Select the appropriate SonarQube™ server and SonarQube™ project.

4. Configure the Scanner analysis directory to the path where the analysis runs. The path must start with the module directory.

Step 4: Enable Include Code Quality for Bitbucket within your repository

In Bitbucket, Enable Include Code Quality for Bitbucket in the settings page of your repository (Repository → Settings → Include Code Quality)

1. Verify you have one or more SonarQube™ projects linked to the repository.

2. Toggle the App Enabled button.

3. Optional: Configure additional settings in the tabs if required.

   1. enable Merge Checks based on SonarQube™ quality gates to enforce high code quality:
      ☑ Use Quality Gates as Pull Request Merge Checks.

Step 5: Check if the SonarQube™ analysis is included in the main branch

In Bitbucket, go to Repository → Source View of the already analyzed main branch. You should see the issue annotations:

If you cannot see SonarQube™ issues or test coverage in here, please follow our configuration checklist to find out what went wrong.

Step 6: Create pull request and check if the SonarQube™ analysis is included

Create a new branch and add a commit with some issues in it. Create a pull request from that branch.

Your SonarQube™ Analysis Configuration should pick up the new pull request and analyze it correctly.

_{SONAR™, SONARQUBE™ and SONARCLOUD™ are independent and trademarked products and services of SonarSource SA: see http://sonarsource.com , http://sonarqube.org , http://sonarcloud.io .}