{"id":44332687,"url":"https://github.com/drone-plugins/sonarqube-scanner","last_synced_at":"2026-02-11T10:30:46.906Z","repository":{"id":41960436,"uuid":"418867256","full_name":"drone-plugins/sonarqube-scanner","owner":"drone-plugins","description":"sonarqube-scanner","archived":false,"fork":false,"pushed_at":"2026-02-05T22:12:11.000Z","size":12627,"stargazers_count":9,"open_issues_count":10,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-02-06T08:30:46.183Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/drone-plugins.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-10-19T10:02:20.000Z","updated_at":"2025-01-15T16:19:20.000Z","dependencies_parsed_at":"2024-05-09T12:46:41.237Z","dependency_job_id":"ff7aca56-fcc5-4905-a01d-3bb727a31842","html_url":"https://github.com/drone-plugins/sonarqube-scanner","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/drone-plugins/sonarqube-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drone-plugins%2Fsonarqube-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drone-plugins%2Fsonarqube-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drone-plugins%2Fsonarqube-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drone-plugins%2Fsonarqube-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/drone-plugins","download_url":"https://codeload.github.com/drone-plugins/sonarqube-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drone-plugins%2Fsonarqube-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29332277,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T06:13:03.264Z","status":"ssl_error","status_checked_at":"2026-02-11T06:12:55.843Z","response_time":97,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-11T10:30:43.725Z","updated_at":"2026-02-11T10:30:46.891Z","avatar_url":"https://github.com/drone-plugins.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Harness Drone/CIE SonarQube Plugin with Quality Gate\n\nThis plugin is designed to run SonarQube scans, handle the results, and convert them to JUnit format. It's written in Go and checks the report results for status OK.\n\n## Main Features - v2.4.2\n\n- **New Parameter: `sonar_config_file`**\n  - **Type**: Boolean\n  - **Description**: If set to true, the plugin will utilize the specified `sonar-project.properties` file for the SonarQube analysis, if it exists. sonar_token param still mandatory.\n  - **Environment Variable**: `PLUGIN_SONAR_CONFIG_FILE`\n  - **Allowed Values**: `\"true\"`, `\"false\"`\n\n- **New Parameter: `sonar_config_file_override`**\n  - **Type**: Boolean\n  - **Description**: If set to true, the plugin will use the `sonar-project.properties` file and allow overriding of project key setting.\n  - **Environment Variable**: `PLUGIN_SONAR_CONFIG_FILE_OVERRIDE`\n  - **Allowed Values**: `\"true\"`, `\"false\"`\n\n- **New Parameter: `quality_gate_error_exit_code`**\n  - **Type**: Integer\n  - **Description**: Specifies the \"exit code\" error when the quality gate fails. Default is `5`.\n  - **Environment Variable**: `PLUGIN_QUALITY_GATE_ERROR_EXIT_CODE`\n  - **Default Value**: `5`\n\n### Example\n\n```yaml\n- step:\n    type: Plugin\n    name: \"Sonar Scan\"\n    identifier: run_sonar\n    spec:\n        connectorRef: account.DockerHubDiego\n        image: plugins/sonarqube-scanner:v2.4.2\n        reports:\n            type: JUnit\n            spec:\n                paths:\n                  - \"sonarResults.xml\"\n        privileged: false\n        settings:\n            sonar_host: https://mysonar.com\n            sonar_token: \u003c+secrets.getValue(\"sonar_diego\")\u003e\n            sonar_config_file: \"true\"\n```\n\n## Main Features - v2.4.1\n\n- Sonar CLI downgraded from 6.0.0.4432 to 5.0.1.3006\n- Execute SonarQube scans and handle the results\n- Generate JUnit reports based on the scan results\n- Quality Gate status reporting + Metrics\n- Skip Scan and only check for Quality Gate status of a specific `analysisId` or last analysis\n- Waiting for Analysis and QualityGate now skips the wait if set to false - thanks @kangguru\n- Added `SONAR_SCANNER_OPTS` as a parameter, transforming into this env var during execution for Sonar JVM params - check the parameter detail section below\n\n**Note**: Use `branch` and `pr_key` parameters for accurate results matching when skipping the scan.\n\n![Results](https://github.com/drone-plugins/sonarqube-scanner/blob/main/sonar-result-v2.png)\n\n\n### Simple Pipeline example\n\n```yaml\n- step:\n    type: Plugin\n    name: \"Check Sonar\"\n    identifier: run_sonar\n    spec:\n        connectorRef: account.DockerHubDiego\n        image: plugins/sonarqube-scanner:v2.4.2\n        reports:\n            type: JUnit\n            spec:\n                paths:\n                  - \"sonarResults.xml\"\n        privileged: false\n        settings:\n            sonar_host: http://34.100.11.50\n            sonar_token: 60878847cea1a31d817f0deee3daa7868c431433\n            sources: \".\"\n            binaries: \".\"\n            sonar_name: sonarqube-scanner\n            sonar_key: sonarqube-scanner\n```\n\n### Full config step Example - (thanks @Ryan Nelson)\n\n```yaml\ntype: Plugin\nspec:\n    connectorRef: \u003c+input\u003e\n    image: plugins/sonarqube-scanner:v2.4.2\n    reports:\n        type: JUnit\n        spec:\n            paths:\n              - \"sonarResults.xml\"\n    settings:\n        sonar_key: \u003c+input\u003e\n        sonar_name: \u003c+input\u003e\n        sonar_host: \u003c+input\u003e\n        sonar_token: \u003c+input\u003e\n        build_number: \u003c+input\u003e\n        branch: \u003c+codebase.branch\u003e\n        timeout: \u003c+input\u003e\n        sources: .\n        inclusions: \u003c+input\u003e\n        exclusions: \u003c+input\u003e\n        level: \u003c+input\u003e\n        showprofiling: \u003c+input\u003e.allowedValues(\"true\",\"false\"\n        branchanalysis: \u003c+input\u003e.allowedValues(\"true\",\"false\")\n        usingproperties: \u003c+input\u003e.allowedValues(\"true\",\"false\")\n        binaries: \u003c+input\u003e\n        sonar_qualitygate: OK\n        sonar_quality_enabled: \u003c+input\u003e.allowedValues(\"true\",\"false\")\n        sonar_qualitygate_timeout: \u003c+input\u003e\n        artifact_file: \u003c+input\u003e\n        javascript_icov_reportpath: \u003c+input\u003e\n        java_coverage_plugin: \u003c+input\u003e\n        jacoco_report_path: \u003c+input\u003e\n        \n```\n\n### Skip Scan - Pipeline example\n```yaml\n- step:\n    type: Plugin\n    name: \"Check Sonar Quality Gate\"\n    identifier: check_sonar\n    spec:\n        connectorRef: account.DockerHubDiego\n        image: plugins/sonarqube-scanner:v2.4.2\n        reports:\n            type: JUnit\n            spec:\n                paths:\n                  - \"sonarResults.xml\"\n        privileged: false\n        settings:\n            sonar_host: https://sonarcloud.io\n            sonar_token: 66778345yourToken817f0deee3daa7868c431433\n            sonar_name: sonar-project-name\n            sonar_key: sonar-project-key\n            skip_scan: true\n```\n\n### DRONE Pipeline example\n```yaml\nkind: pipeline\nname: default\n\nsteps:\n- name: perform-code-analysis\n  image: plugins/sonarqube-scanner:v2.4.2\n  settings:\n    sonar_host: http://34.100.11.50\n    sonar_token:\n      from_secret: sonar_token\n    sources: .\n    binaries: .\n    sonar_name: sonarqube-scanner\n    sonar_key: sonarqube-scanner\n```\n\n\n\n### Configuration Parameters\n\n- `key`: The project key in SonarQube.\n  - Example: `\"key\": \"your-project-key\"`\n- `name`: The project name in SonarQube.\n  - Example: `\"name\": \"your-project-name\"`\n- `host`: The URL of the SonarQube server.\n  - Example: `\"host\": \"https://sonarqube.example.com\"`\n- `token`: The token for authenticating with the SonarQube server.\n  - Example: `\"token\": \"your-sonarqube-token\"`\n- `build_number`: The version of the project.\n  - Example: `\"build_number\": \"1.0.0\"`\n- `workspace`: The workspace folder that will be passed to SonarQube CLI in case you are not cloning or scaning the /harness folder directly.\n  - Example: `\"workspace\": \"/harness/subfolder\"`\n- `branch`: The branch of the project. This parameter is used to specify the branch of your codebase that the results should be matched with. If you're working on multiple branches, it's important to specify the correct branch to ensure that you're looking at the correct set of results.\n  - Example: `\"branch\": \"master\"`\n- `timeout`: The timeout for the Sonar scanner.\n  - Example: `\"timeout\": \"300\"`\n- `sources`: The paths for the source directories, separated by commas.\n  - Example: `\"sources\": \"src\"`\n- `inclusions`: The files to be included in the analysis.\n  - Example: `\"inclusions\": \"*.go, *.java\"`\n- `exclusions`: The files to be excluded from the analysis.\n  - Example: `\"exclusions\": \"**/test/**/*.*,**/*.test.go\"`\n- `level`: The logging level.\n  - Example: `\"level\": \"INFO\"`\n- `showProfiling`: Enable profiling during analysis.\n  - Example: `\"showProfiling\": \"true\"`\n- `branchAnalysis`: Execute branch analysis.\n  - Example: `\"branchAnalysis\": \"true\"`\n- `usingProperties`: Use `sonar-project.properties`.\n  - Example: `\"usingProperties\": \"true\"`\n- `binaries`: Java binaries.\n  - Example: `\"binaries\": \"/path/to/binaries\"`\n- `quality`: Quality Gate.\n  - Example: `\"quality\": \"OK\"`\n- `quality_gate_enabled`: Stop pipeline if Sonar quality gate conditions are not met.\n  - Example: `\"quality_gate_enabled\": \"true\"`\n- `qualitygate_timeout`: Number in seconds for timeout.\n  - Example: `\"qualitygate_timeout\": \"300\"`\n- `artifact_file`: Artifact file location that will be generated by the plugin. This file will include information of Docker images that are uploaded by the plugin.\n  - Example: `\"artifact_file\": \"artifact.json\"`\n- `output-file`: Output file location that will be generated by the plugin. This file will include information that is exported by the plugin.\n  - Example: `\"output-file\": \"/path/to/output/file\"`\n- `javascript_icov_reportPath`: Sonar JavaScript Icov Report Path parameter.\n  - Example: `\"javascript_icov_reportPath\": \"/path/to/icov/report\"`\n- `java_coverage_plugin`: Sonar Java Plugin parameter.\n  - Example: `\"java_coverage_plugin\": \"jacoco\"`\n- `jacoco_report_path`: Sonar Jacoco Report Path parameter.\n  - Example: `\"jacoco_report_path\": \"/path/to/jacoco/report\"`\n- `ssl_keystore_pwd`: Java Keystore Password.\n  - Example: `\"ssl_keystore_pwd\": \"your-keystore-password\"`\n- `cacerts_location`: Java Truststore Location (cacerts).\n  - Example: `\"cacerts_location\": \"/path/to/cacerts\"`\n- `junit_reportpaths`: JUnit Report Paths.\n  - Example: `\"junit_reportpaths\": \"/path/to/junit/reports\"`\n- `source_encoding`: Source Encoding.\n  - Example: `\"source_encoding\": \"UTF-8\"`\n- `tests`: Sonar Tests.\n  - Example: `\"tests\": \"/path/to/tests\"`\n- `java_test`: Java Test.\n  - Example: `\"java_test\": \"/path/to/java/test\"`\n- `pr_key`: Pull Request Key.\n  - Example: `\"pr_key\": \"123\"`\n- `pr_branch`: PR Branch.\n  - Example: `\"pr_branch\": \"your-pr-branch\"`\n- `pr_base`: PR Base.\n  - Example: `\"pr_base\": \"your-pr-base\"`\n- `coverage_exclusion`: Sonar coverage exclusions.\n  - Example: `\"coverage_exclusion\": \"**/test/**/*.*,**/*.test.go\"`\n- `java_source`: Sonar Java source.\n  - Example: `\"java_source\": \"1.8\"`\n- `java_libraries`: Sonar Java libraries.\n  - Example: `\"java_libraries\": \"/path/to/libraries\"`\n- `surefire_reportsPath`: Sonar surefire reportsPath.\n  - Example: `\"surefire_reportsPath\": \"/path/to/surefire/reports\"`\n- `typescript_lcov_reportPaths`: Sonar TypeScript lcov reportPaths.\n  - Example: `\"typescript_lcov_reportPaths\": \"/path/to/typescript/lcov/reports\"`\n- `verbose`: Sonar verbose.\n  - Example: `\"verbose\": \"true\"`\n- `custom_jvm_params`: JVM parameters. Use comma for multiple parameters.\n  - Example: `\"custom_jvm_params\": \"-Dsonar.java.source='value_you_want'\"`\n- `taskid`: Sonar analysis taskId.\n  - Example: `\"taskid\": \"your-task-id\"`\n- `skip_scan`: Skip Sonar analysis scan - get last analysis automatically.\n  - Example: `\"skip_scan\": true`\n- `SONAR_SCANNER_OPTS`: pass any Sonar JVM param as env var during execution.\n  - Example: `\"SONAR_SCANNER_OPTS\": \"--add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED\"`\n\n- **`sonar_config_file`**:\n  - **Type**: Boolean\n  - **Description**: Use `sonar-project.properties` if available.\n  - **Environment Variable**: `PLUGIN_SONAR_CONFIG_FILE`\n  - **Allowed Values**: `\"true\"`, `\"false\"`\n\n- **`sonar_config_file_override`**:\n  - **Type**: Boolean\n  - **Description**: Use `sonar-project.properties` if available and allow overriding of host, login, and/or project key settings.\n  - **Environment Variable**: `PLUGIN_SONAR_CONFIG_FILE_OVERRIDE`\n  - **Allowed Values**: `\"true\"`, `\"false\"`\n\n- **`quality_gate_error_exit_code`**:\n  - **Type**: Integer\n  - **Description**: Specifies the \"exit code\" error when the quality gate fails. Default is `5`.\n  - **Environment Variable**: `PLUGIN_QUALITY_GATE_ERROR_EXIT_CODE`\n  - **Default Value**: `5` \n\nDetail Informations/tutorials Parameteres: [DOCS.md](DOCS.md).\n\n### Sonar Token\n\nUse Global analysis tokens\n\n\u003cimg src=\"https://github.com/drone-plugins/sonarqube-scanner/blob/main/global-analysis-token.png\" alt=\"Plugin Configuration\" width=\"400\"/\u003e\n\n### Build Process\n\nbuild go binary file: \n```\nGOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o sonarqube-scanner\n```\n\nbuild docker image\n```\ndocker build -t plugins/sonarqube-scanner .\n```\n\n\n### Testing the docker image:\n```commandline\ndocker run --rm \\\n  -e DRONE_REPO=test \\\n  -e PLUGIN_SOURCES=. \\\n  -e SONAR_HOST=http://localhost:9000 \\\n  -e SONAR_TOKEN=60878847cea1a31d817f0deee3daa7868c431433 \\\n  -e PLUGIN_SONAR_KEY=project-sonar \\\n  -e PLUGIN_SONAR_NAME=project-sonar \\\n  plugins/sonarqube-scanner\n```\n\n\u003cimg src=\"https://github.com/drone-plugins/sonarqube-scanner/blob/main/Sonar-CIE.png\" alt=\"Plugin Configuration\" width=\"400\"/\u003e\n\n\u003cimg src=\"https://github.com/drone-plugins/sonarqube-scanner/blob/main/SonarResultConsole.png\" alt=\"Console Results\" width=\"800\"/\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrone-plugins%2Fsonarqube-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdrone-plugins%2Fsonarqube-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrone-plugins%2Fsonarqube-scanner/lists"}