Solutions Delivery Platform


SonarQube is a tool used for static code analysis. Static code analysis is validating code as-written against industry standard practices. It will help you find best practice violations and potential security vulnerabilities.

Organizations can define Quality Profiles which are custom rule profiles that projects must use. Quality Gates are then rules defining the organizational policies for code quality. SDP will, by default, fail the build if the Quality Gate fails.

Steps Contributed

Table 1. Steps
Step Description


Leverages the sonar-scanner cli to perform static code analysis and sends results to the configured SonarQube server

Library Configuration Options

Table 2. SonarQube Library Configuration Options
Field Description Default Value


The Jenkins credential ID corresponding to a username/password credential to authenticate to the configured SonarQube server



Determine whether the build will fail if the code does not pass the quality gate


Example Configuration Snippet

    credential_id = "sonarqube"

Sonar Scanner Configurations

Extra configuration options are available by leveraging SonarQube’s file. the file should be added to root of the source repositoy.

External Dependencies

  • SonarQube must already be deployed. Reference the deployment script for SDP.

  • Jenkins must have a credential to access SonarQube, this is done by default when using the deployment script.

  • The SonarQube URL must be configured in Manage Jenkins > Configure System