How to execute sonarqube scanner using jenkins pipeline?

SonarScanner: Command line

node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('SonarQube analysis') {
    def scannerHome = tool 'SonarScanner 4.0';
    withSonarQubeEnv('My SonarQube Server') { // If you have configured more than one global server connection, you can specify its name
      sh "${scannerHome}/bin/sonar-scanner"
    }
  }
}

SonarScanner for Gradle:

node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('SonarQube analysis') {
    withSonarQubeEnv() { // Will pick the global server connection you have configured
      sh './gradlew sonarqube'
    }
  }
}

SonarScanner for Maven:

node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('SonarQube analysis') {
    withSonarQubeEnv(credentialsId: 'f225455e-ea59-40fa-8af7-08176e86507a', installationName: 'My SonarQube Server') { // You can override the credential to be used
      sh 'mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar'
    }
  }
}

SonarScanner for .NET:

node {
  stage('SCM') {
    git 'https://github.com/foo/bar.git'
  }
  stage('Build + SonarQube analysis') {
    def sqScannerMsBuildHome = tool 'Scanner for MSBuild 4.6'
    withSonarQubeEnv('My SonarQube Server') {
      bat "${sqScannerMsBuildHome}\\SonarQube.Scanner.MSBuild.exe begin /k:myKey"
      bat 'MSBuild.exe /t:Rebuild'
      bat "${sqScannerMsBuildHome}\\SonarQube.Scanner.MSBuild.exe end"
    }
  }
}

pipeline {
  agent any
  stages {
    stage('SonarQube analysis') {
      steps {
        script {
          // requires SonarQube Scanner 2.8+
          scannerHome = tool 'SonarQube Scanner 2.8'
        }
        withSonarQubeEnv('SonarQube Scanner') {
          sh "${scannerHome}/bin/sonar-scanner"
        }
      }
    }
  }
}

The tool name “SonarQube Scanner 2.8” needs to match the “Name” field of a SonarQube Scanner Installation on the Global Tools Configuration page. The name used in the withSonarQubeEnv step needs to match the “Name” field of a SonarQube server defined on the Configure System page.

You're mixing Scripted Pipeline with Declarative Pipeline syntax.

While the snippet you posted from SonarQube documentation would work, you will need to adapt it since you're using Declarative (as indicated by the "Not a valid stage section definition" error).

Normally, you'd define a tools section in your Pipeline, but it looks like the SonarQube plugin doesn't support Declarative, nor does it add itself to the PATH.

Since you can't normally define variables in Declarative Pipeline, the script step has to be used to call the tool step and store the path to the installed tool. For example:

pipeline {
  agent any
  stages {
    stage('SonarQube analysis') {
      steps {
        script {
          // requires SonarQube Scanner 2.8+
          scannerHome = tool 'SonarQube Scanner 2.8'
        }
        withSonarQubeEnv('SonarQube Scanner') {
          sh "${scannerHome}/bin/sonar-scanner"
        }
      }
    }
  }
}
The tool name "SonarQube Scanner 2.8" needs to match the "Name" field of a SonarQube Installation on the Global Tools Configuration page. The name used in the withSonarQubeEnv step needs to match the "Name" field of a SonarQube server defined on the Configure System page.

If the SonarQube plugin did support Declarative, and added itself to PATH, the Pipeline could be a wee bit simpler:

pipeline {
  agent any
  stages {
    stage('SonarQube analysis') {
      tools {
        sonarQube 'SonarQube Scanner 2.8'
      }
      steps {
        withSonarQubeEnv('SonarQube Scanner') {
          sh 'sonar-scanner'
        }
      }
    }
  }
}

Example using declarative pipeline:

      pipeline {
        agent none
        stages {
          stage("build & SonarQube analysis") {
            agent any
            steps {
              withSonarQubeEnv('My SonarQube Server') {
                sh 'mvn clean package sonar:sonar'
              }
            }
          }
          stage("Quality Gate") {
            steps {
              timeout(time: 1, unit: 'HOURS') {
                waitForQualityGate abortPipeline: true
              }
            }
          }
        }
      }

Example using scripted pipeline:

      stage("build & SonarQube analysis") {
          node {
              withSonarQubeEnv('My SonarQube Server') {
                 sh 'mvn clean package sonar:sonar'
              }
          }
      }

      stage("Quality Gate"){
          timeout(time: 1, unit: 'HOURS') {
              def qg = waitForQualityGate()
              if (qg.status != 'OK') {
                  error "Pipeline aborted due to quality gate failure: ${qg.status}"
              }
          }
      }

Please use below code to run the sonar-scanner on windows

node {    
       stage('SonarQube analysis') {
       // requires SonarQube Scanner 2.8+
       def scannerHome = tool 'SONAR_RUNNER';
       withSonarQubeEnv('SonarQube') {
            bat "\"${scannerHome}\\bin\\sonar-scanner.bat\""
       }
}

SonarQube integration with Jenkins Pipeline

node(label:'master') {
  try{  
    stage('Static Analysis') {
      withSonarQubeEnv('SonarQube1') 
      {
        bat 'mvn clean package sonar:sonar
   	echo 'Static Analysis Completed' 
      }
   
    stage("Quality Gate"){
      timeout(time: 1, unit: 'HOURS') 
      {
        waitForQualityGate abortPipeline: true
        def qg= waitForQualityGate()
        if (qg.status!= 'OK'){
          error "Pipeline aborted due to quality gate failure: ${qg.status}"
        }
      }         
      echo 'Quality Gate Passed' 
    }
  } 
}

SonarQube Scans in Jenkins Declarative Pipeline using SonarScanner

stage('SonarCloud') {
  environment {
    SCANNER_HOME = tool 'SonarQubeScanner'
    ORGANIZATION = "igorstojanovski-github"
    PROJECT_NAME = "igorstojanovski_jenkins-pipeline-as-code"
  }
  steps {
    withSonarQubeEnv('SonarCloudOne') {
        sh '''$SCANNER_HOME/bin/sonar-scanner -Dsonar.organization=$ORGANIZATION \
        -Dsonar.java.binaries=build/classes/java/ \
        -Dsonar.projectKey=$PROJECT_NAME \
        -Dsonar.sources=.'''
    }
  }
}
stage("Quality Gate") {
  steps {
    timeout(time: 1, unit: 'MINUTES') {
        waitForQualityGate abortPipeline: true
    }
  }
}

stage('SonarQube') {
  environment {
    SCANNER_HOME = tool 'sonar scanner jenkins'
    ORGANIZATION = "poc.net"
    PROJECT_NAME = "org.sonarqube:poc.net"
  }
  steps {
    withSonarQubeEnv('sonarqube') {
        bat "${SCANNER_HOME}/bin/sonar-scanner -Dsonar.organization=${ORGANIZATION} \
        -Dsonar.java.binaries=compiled \
        -Dsonar.projectKey=${PROJECT_NAME} \
        -Dsonar.sources=POCStudentCrud"
    }
  }
}

stage('SonarCloud') {
  environment {
    SCANNER_HOME = tool 'SonarQubeScanner'
    ORGANIZATION = "igorstojanovski-github"
    PROJECT_NAME = "igorstojanovski_jenkins-pipeline-as-code"
  }
  steps {
    withSonarQubeEnv('SonarCloudOne') {
        sh '''$SCANNER_HOME/bin/sonar-scanner -Dsonar.organization=$ORGANIZATION \
        -Dsonar.java.binaries=build/classes/java/ \
        -Dsonar.projectKey=$PROJECT_NAME \
        -Dsonar.sources=.'''
    }
  }
}

• Author
• Recent Posts

Follow me

Rajesh Kumar

Mentor for DevOps - DevSecOps - SRE - Cloud - Container & Micorservices at Software AG

Join my following certification courses...
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/

My Linkedin - https://www.linkedin.com/in/rajeshkumarin

Follow me

Latest posts by Rajesh Kumar (see all)

• Installing Jupyter: Get up and running on your computer - November 2, 2024
• An Introduction of SymOps by SymOps.com - October 30, 2024
• Introduction to System Operations (SymOps) - October 30, 2024