Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kitabisa/sonarqube-action
Integrate SonarQube scanner to GitHub Actions
https://github.com/kitabisa/sonarqube-action
code-quality code-review devsecops github-actions security sonar-scanner sonarqube static-analysis
Last synced: 7 days ago
JSON representation
Integrate SonarQube scanner to GitHub Actions
- Host: GitHub
- URL: https://github.com/kitabisa/sonarqube-action
- Owner: kitabisa
- License: mit
- Created: 2020-01-30T08:40:05.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-12-29T15:47:56.000Z (about 1 month ago)
- Last Synced: 2025-01-19T05:36:11.495Z (14 days ago)
- Topics: code-quality, code-review, devsecops, github-actions, security, sonar-scanner, sonarqube, static-analysis
- Language: Shell
- Homepage:
- Size: 27.3 KB
- Stars: 149
- Watchers: 9
- Forks: 104
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: CODEOWNERS
Awesome Lists containing this project
README
# SonarQube GitHub Action
Using this GitHub Action, scan your code with SonarQube scanner to detects bugs, vulnerabilities and code smells in more than 20 programming languages!
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
## Requirements
* [SonarQube server](https://docs.sonarqube.org/latest/setup/install-server/).
* That's all!
## Usage
The workflow, usually declared in `.github/workflows/build.yaml`, looks like:
```yaml
on:
# Trigger analysis when pushing in master or pull requests, and when creating
# a pull request.
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
name: SonarQube Scan
jobs:
sonarqube:
name: SonarQube Trigger
runs-on: ubuntu-latest
steps:
- name: Checking out
uses: actions/checkout@master
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarQube Scan
uses: kitabisa/[email protected]
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
```
You can change the analysis base directory and/or project key by using the optional input like this:
```yaml
uses: kitabisa/sonarqube-action@master
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
projectBaseDir: "src/"
projectKey: "my-custom-project"
```
### Inputs
These are some of the supported input parameters of action.
| **Parameter** | **Description** | **Required?** | **Default** | **Note** |
|----------------------|---------------------------------------------------|---------------|-------------|-----------------------------------------------------------------------------------------------|
| **`host`** | SonarQube server URL | 🟢 | | |
| **`login`** | Login or authentication token of a SonarQube user | 🟢 | | `Execute Analysis` permission required. |
| **`password`** | The password that goes with the `login` username | 🔴 | | This should be left blank if an `login` are authentication token. |
| **`projectBaseDir`** | Set custom project base directory analysis | 🔴 | `.` | |
| **`projectKey`** | The project's unique key | 🔴 | | Allowed characters are: letters, numbers, `-`, `_`, `.` and `:`, with at least one non-digit. |
| **`projectName`** | Name of the project | 🔴 | | It will be displayed on the SonarQube web interface. |
| **`projectVersion`** | The project version | 🔴 | | |
| **`encoding`** | Encoding of the source code | 🔴 | `UTF-8` | |
> [!NOTE]
> If you opt to configure the project metadata and other related settings in a **`sonar-project.properties`** file (must be placed within the base directory, `projectBaseDir`) instead of using input parameters, this action is compatible with that approach!
## License
The Dockerfile and associated scripts and documentation in this project are released under the MIT License.
Container images built with this project include third party materials.