Introduction to analysis parameters of sonar scanning

Time:2022-5-2

Introduction to analysis parameters of sonar scanning

Mandatory parameters

The server

Key describe default
sonar.host.url Server URL http://localhost:9000

Project configuration

Key describe default
sonar.projectKey Unique identification of the item. The allowed characters are: letters, numbers,-_.and:, and at least one non numeric character. For Maven projects, this defaults to:

Optional parameters

Project identification

Key describe default
sonar.projectName The name of the project that will appear on the web interface. For Maven projects, the default is, otherwiseprojectKey。 If it is not provided and the name already exists in the database, it will not be overwritten
sonar.projectVersion Project version. For Maven projects, the default isOtherwise, “not provided”

authentication

By default, user authentication is required to prevent anonymous users from browsing and analyzing items on your instance, so these parameters need to be passed when running analysis. Authentication in global security(/instance-administration/security/)Enforced in configuration.

When authentication or attribution is requiredpseudo-groupWhen “anyone” of does not have permission to perform analysis, you need to provide user credentials with permission to perform analysis in order to run analysis.

Key describe default
sonar.login Of the sonarqube user who has permission to perform analysis on the projectauthentication token Or login.
sonar.password If you use an authentication token, the configuration item remains blank. If you use a login name, this is with yousonar.loginThe password used with the user name.

Web Services

Key describe default
sonar.ws.timeout The maximum time (in seconds) to wait for a response from a web service call. This parameter configuration needs to be modified only when waiting for the server to respond to the web service call timeout during analysis. 60

Project configuration

Key describe default
sonar.projectDescription Project description. For Maven projects, the default is
sonar.links.homepage Project home page. For Maven projects, the default is
sonar.links.ci Continuous integration. For Maven projects, the default is
sonar.links.issue Problem tracker. For Maven projects, the default is
sonar.links.scm Project source code base. For Maven projects, the default is
sonar.sources Directory path containing the primary source files, separated by commas (if there are multiple). Read from the build system of maven, gradle and msbuild projects. When neither is providedsonar.sourceseithersonar.testsWhen provided, it defaults to the project root directory.
sonar.tests The directory path containing the test source files, separated by commas (if there are more than one). Read from the build system of maven, gradle and msbuild projects. Otherwise, it defaults to blank.
sonar.sourceEncoding The encoding of the source file. For example:UTF-8, MacRoman, Shift_JIS。 In Maven project, this attribute can be replaced withproject.build.sourceEncodingStandard properties. The list of available encodings depends on the JVM. System coding
sonar.externalIssuesReportPaths Comma separated list of paths for common problem reports.
sonar.projectBaseDir Use this property when you need to analyze in a directory different from the startup directory. The path can be relative or absolute. Note that instead of specifying the source directory, you specify a parent directory of the source directory. Note that the write permission of this directory is required during the analysis process; This issonar.working.directoryWhere it was created.
sonar.working.directory Set the working directory for analysis triggered using sonarscanner or sonarscanner for ant (versions greater than 2.0). This property is not compatible with the sonarscanner of msbuild. The path must be relative and unique for each project. Note: the directory specified by the configuration will be deleted before each analysis. .scannerwork

Quality gate

key describe default
sonar.qualitygate.wait Force the analysis step to poll the sonarqube instance and wait for the quality gate status. If there are no other options, you can use this configuration to fail the pipeline construction when the quality gate fails. For more information, seeCi integrationPage.
sonar.qualitygate.timeout Set the number of seconds that scanner should wait to process the report. 300

For more parameter configuration instructions, please refer to the reference link.

Reference connection

https://docs.sonarqube.org/latest/analysis/analysis-parameters/