Skip to content

kitabisa/sonarqube-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits

.github/ISSUE_TEMPLATE

.github/ISSUE_TEMPLATE

 
 

CODEOWNERS

CODEOWNERS

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

PULL_REQUEST_TEMPLATE.md

PULL_REQUEST_TEMPLATE.md

 
 

README.md

README.md

 
 

action.yaml

action.yaml

 
 

entrypoint.sh

entrypoint.sh

 
 

Repository files navigation

SonarQube GitHub Action

Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

Requirements

Usage

The workflow, usually declared in .github/workflows/build.yaml, looks like:

on:
  # Trigger analysis when pushing in master or pull requests, and when creating
  # a pull request. 
  push:
    branches:
      - master
  pull_request:
      types: [opened, synchronize, reopened]

name: SonarQube Scan
jobs:
  sonarqube:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
    - name: Checking out
      uses: actions/checkout@master
      with:
        # Disabling shallow clone is recommended for improving relevancy of reporting
        fetch-depth: 0
    - name: SonarQube Scan
      uses: kitabisa/sonarqube-action@v1.2.0
      with:
        host: ${{ secrets.SONARQUBE_HOST }}
        login: ${{ secrets.SONARQUBE_TOKEN }}

You can change the analysis base directory and/or project key by using the optional input like this:

uses: kitabisa/sonarqube-action@master
with:
  host: ${{ secrets.SONARQUBE_HOST }}
  login: ${{ secrets.SONARQUBE_TOKEN }}
  projectBaseDir: "src/"
  projectKey: "my-custom-project"

Inputs

These are some of the supported input parameters of action.

Parameter Description Required? Default Note
host SonarQube server URL 🟢
login Login or authentication token of a SonarQube user 🟢 Execute Analysis permission required.
password The password that goes with the login username 🔴 This should be left blank if an login are authentication token.
projectBaseDir Set custom project base directory analysis 🔴 .
projectKey The project's unique key 🔴 Allowed characters are: letters, numbers, -, _, . and :, with at least one non-digit.
projectName Name of the project 🔴 It will be displayed on the SonarQube web interface.
projectVersion The project version 🔴
encoding Encoding of the source code 🔴 UTF-8

Note

If you opt to configure the project metadata and other related settings in a sonar-project.properties file (must be placed within the base directory, projectBaseDir) instead of using input parameters, this action is compatible with that approach!

License

The Dockerfile and associated scripts and documentation in this project are released under the MIT License.

Container images built with this project include third party materials.

About

Integrate SonarQube scanner to GitHub Actions

Topics

security static-analysis sonarqube code-review code-quality sonar-scanner devsecops github-actions

Resources

Readme

License

MIT license

Security policy

Security policy
Activity
Custom properties

Stars

144 stars

Watchers

9 watching

Forks

103 forks
Report repository

Releases 10

v1.2.1 Latest
Sep 25, 2023
+ 9 releases

Contributors 6

Languages