SonarQube
General non-ODJ questions and support can be found here.
This tool add the value sonarqube_saas to the parameter odj_devenv_static_code_analysis.
odj_devenv_static_code_analysis: sonarqube_saas
Managed elements
The managed elements table shows when the elements are created. Some will be on product provisioning level, some on component provisioning level. The selected product pattern affects also how the elements will be provisioned.
| Element / Pattern | Product (basic) | Product (advanced) | Component (basic) | Component (advanced) |
|---|---|---|---|---|
| SonarQube Portfolio | ✅ | ✅ | ||
| Permission | ✅ | ✅ 1 | ||
| SonarQube Project | ✅ | ✅ |
Remarks:
1 Passes the credentials from the technical user to the pipeline category for automatic tasks
Documentation
Check the SonarQube User guide for more details of the managed objects.
Provisioning setup and configuration
Describes the provisioning of this tool and how it can be configured afterwards.
Product level
Provisioning
No configuration required.
Configuration
Personal Access Token
New Azure DevOps PAT
A PAT from a user can be added to SonarQube to have to possibility to see new SonarQube findings in pull-requests pre-merge builds. The ODJ does not provide technical users for Azure DevOps. You have to request a technical user by your own (via IT4YOU).
There is more configuration required in Azure DevOps and the build pipelines.
Technical user credentials (for basic pattern only)
This option allows you to see the username and token that is generated for the technical user in the background of SonarQube. This credentials are required to start an analysis from your build pipelines.
Products with pattern advanced will get their connection credentials automatically added to their pipeline system. The technical user credentials will not be shown.
Component level
Provisioning
No configuration required. Autoprovisioning is supported here.
Configuration
Quality gate
Select one of the available SonarQube quality gates. Default selection is "Sonar way".
New code period
The New Code Period determines what issues are displayed as new issues. There are some options for this like Previous Version and Days. It can be selected for the whole project (as a default) and also for each branch directly which will then overwrite the project default.
See new code period documentation of SonarQube.