{"id":18694065,"url":"https://github.com/kitabisa/sonarqube-action","last_synced_at":"2025-05-16T04:03:53.491Z","repository":{"id":37827296,"uuid":"237171559","full_name":"kitabisa/sonarqube-action","owner":"kitabisa","description":"Integrate SonarQube scanner to GitHub Actions","archived":false,"fork":false,"pushed_at":"2024-12-29T15:47:56.000Z","size":28,"stargazers_count":152,"open_issues_count":8,"forks_count":106,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-26T16:46:04.507Z","etag":null,"topics":["code-quality","code-review","devsecops","github-actions","security","sonar-scanner","sonarqube","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kitabisa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-30T08:40:05.000Z","updated_at":"2025-03-05T08:02:41.000Z","dependencies_parsed_at":"2024-06-18T13:55:26.790Z","dependency_job_id":"e055eebc-6396-45bf-aae2-c186c0f5e890","html_url":"https://github.com/kitabisa/sonarqube-action","commit_stats":{"total_commits":44,"total_committers":8,"mean_commits":5.5,"dds":"0.31818181818181823","last_synced_commit":"616b2df627ff42c04eb4fcaf491029aa57861daf"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kitabisa%2Fsonarqube-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kitabisa%2Fsonarqube-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kitabisa%2Fsonarqube-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kitabisa%2Fsonarqube-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kitabisa","download_url":"https://codeload.github.com/kitabisa/sonarqube-action/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254464891,"owners_count":22075570,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-quality","code-review","devsecops","github-actions","security","sonar-scanner","sonarqube","static-analysis"],"created_at":"2024-11-07T11:07:58.182Z","updated_at":"2025-05-16T04:03:53.469Z","avatar_url":"https://github.com/kitabisa.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SonarQube GitHub Action\n\nUsing this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!\n\n\u003cimg src=\"https://assets-eu-01.kc-usercontent.com/d1e40bf0-65fc-01ef-5235-9aeaedac229b/12e3974b-220d-4cde-8f17-2ff9fa9d9c27/SonarQube_Logo.svg\" width=\"320px\"\u003e\n\nSonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.\n\n## Requirements\n\n* [SonarQube server](https://docs.sonarqube.org/latest/setup/install-server/).\n* That's all!\n\n## Usage\n\nThe workflow, usually declared in `.github/workflows/build.yaml`, looks like:\n\n```yaml\non:\n  # Trigger analysis when pushing in master or pull requests, and when creating\n  # a pull request. \n  push:\n    branches:\n      - master\n  pull_request:\n      types: [opened, synchronize, reopened]\n\nname: SonarQube Scan\njobs:\n  sonarqube:\n    name: SonarQube Trigger\n    runs-on: ubuntu-latest\n    steps:\n    - name: Checking out\n      uses: actions/checkout@master\n      with:\n        # Disabling shallow clone is recommended for improving relevancy of reporting\n        fetch-depth: 0\n    - name: SonarQube Scan\n      uses: kitabisa/sonarqube-action@v1.2.0\n      with:\n        host: ${{ secrets.SONARQUBE_HOST }}\n        login: ${{ secrets.SONARQUBE_TOKEN }}\n```\n\nYou can change the analysis base directory and/or project key by using the optional input like this:\n\n```yaml\nuses: kitabisa/sonarqube-action@master\nwith:\n  host: ${{ secrets.SONARQUBE_HOST }}\n  login: ${{ secrets.SONARQUBE_TOKEN }}\n  projectBaseDir: \"src/\"\n  projectKey: \"my-custom-project\"\n```\n\n### Inputs\n\nThese are some of the supported input parameters of action.\n\n| **Parameter**        | **Description**                                   | **Required?** | **Default** | **Note**                                                                                      |\n|----------------------|---------------------------------------------------|---------------|-------------|-----------------------------------------------------------------------------------------------|\n| **`host`**           | SonarQube server URL                              | 🟢            |             |                                                                                               |\n| **`login`**          | Login or authentication token of a SonarQube user | 🟢            |             | `Execute Analysis` permission required.                                                       |\n| **`password`**       | The password that goes with the `login` username  | 🔴            |             | This should be left blank if an `login` are authentication token.                             |\n| **`projectBaseDir`** | Set custom project base directory analysis        | 🔴            | `.`         |                                                                                               |\n| **`projectKey`**     | The project's unique key                          | 🔴            |             | Allowed characters are: letters, numbers, `-`, `_`, `.` and `:`, with at least one non-digit. |\n| **`projectName`**    | Name of the project                               | 🔴            |             | It will be displayed on the SonarQube web interface.                                          |\n| **`projectVersion`** | The project version                               | 🔴            |             |                                                                                               |\n| **`encoding`**       | Encoding of the source code                       | 🔴            | `UTF-8`     |                                                                                               |\n\n\n\u003e [!NOTE]\n\u003e If you opt to configure the project metadata and other related settings in a **`sonar-project.properties`** file (must be placed within the base directory, `projectBaseDir`) instead of using input parameters, this action is compatible with that approach!\n\n## License\n\nThe Dockerfile and associated scripts and documentation in this project are released under the MIT License.\n\nContainer images built with this project include third party materials.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkitabisa%2Fsonarqube-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkitabisa%2Fsonarqube-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkitabisa%2Fsonarqube-action/lists"}