Currently, Sonarqube has removed the multi-branch analysis support from the CE, so after Sonarqube >7.7 this functionality is only available in the developer edition.
However, by using the sonarqube-community-branch-plugin + the sonarqube API we can be able to mimic a similar behavior.
🛠 Systemd
- Copy the plugin JAR file to the
extensions/plugins/
directory of your SonarQube instance
wget -P <Path to extensions/plugins/> https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/1.14.0/sonarqube-community-branch-plugin-1.14.0.jar
- Add
-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-${version}.jar=web
to thesonar.web.javaAdditionalOpts
property in your Sonarqube installation'sconf/sonar.properties
file, e.g.sonar.web.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=web
- Add
-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-${version}.jar=ce
to thesonar.ce.javaAdditionalOpts
property in your Sonarqube installation'sconf/sonar.properties
file, e.g.sonar.ce.javaAdditionalOpts=-javaagent:./extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=ce
- Restart your Sonarqube server.
🐳 Docker Compose
- Download community branch plugin
cd /opt/application
wget https://github.com/mc1arke/sonarqube-community-branch-plugin/releases/download/1.14.0/sonarqube-community-branch-plugin-1.14.0.jar
- Copy .jar file to sonarqube volume folder
ls /var/lib/docker/volumes/ | grep extension
# sonarqube_sonarqube_extensions
cp sonarqube-community-branch-plugin-1.14.0.jar /var/lib/docker/volumes/sonarqube_sonarqube_extensions/_data/plugins/
- Final Docker Compose
version: "3"
services:
sonarqube:
image: sonarqube:lts-community
depends_on:
- sonar_db
environment:
SONAR_JDBC_URL: jdbc:postgresql://sonar_db:5432/sonar_db
SONAR_JDBC_USERNAME: sonar_user
SONAR_JDBC_PASSWORD: StR0N9p@S5WORD!
### Add below line
SONAR_WEB_JAVAADDITIONALOPTS: -javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=web
SONAR_CE_JAVAADDITIONALOPTS: -javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.14.0.jar=ce
### End of line
ports:
- "9000:9000"
volumes:
- sonarqube_conf:/opt/sonarqube/conf
- sonarqube_data:/opt/sonarqube/data
- sonarqube_extensions:/opt/sonarqube/extensions
- sonarqube_logs:/opt/sonarqube/logs
- sonarqube_temp:/opt/sonarqube/temp
sonar_db:
image: postgres:alpine
environment:
POSTGRES_USER: sonar_user
POSTGRES_PASSWORD: StR0N9p@S5WORD!
POSTGRES_DB: sonar_db
volumes:
- sonar_db:/var/lib/postgresql
- sonar_db_data:/var/lib/postgresql/data
volumes:
sonarqube_conf:
sonarqube_data:
sonarqube_extensions:
sonarqube_logs:
sonarqube_temp:
sonar_db:
sonar_db_data:
docker compose up -d
Operational Test
- Open Sonarqube, Understand Risk
- Create Sonarqube Project
- Create .gitlab-ci.yml
stages:
- SAST
sonarqube:
stage: SAST
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [""]
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
script:
- |
if [ "$CI_COMMIT_REF_NAME" == "stg" ]; then
SONAR_BRANCH="stg"
elif [ "$CI_COMMIT_REF_NAME" == "dev" ]; then
SONAR_BRANCH="dev"
else
SONAR_BRANCH="$CI_COMMIT_REF_NAME"
fi
sonar-scanner
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
rules:
- if: '$CI_COMMIT_BRANCH == "stg" && $CI_COMMIT_TAG == null'
when: always
- if: '$CI_COMMIT_BRANCH == "dev" && $CI_COMMIT_TAG == null'
when: always
tags:
- docker
allow_failure: true
- Create sonar-project.properties
sonar.projectKey=Dummy-Project
sonar.qualitygate.wait=true
- Create variable on Repository
SONAR_HOST_URL: https://sonarqube.example.com
SONAR_TOKEN: <Your Token>
- Run Pipeline on dev branch
- Run Pipeline on stg branch. After pipeline success, there will be a new branch on sonarqube