SonarQube Integration with Jenkins

Jenkins is one of the most widely used CI/CD automation servers. Integrating SonarQube with Jenkins means every code commit automatically triggers a scan and the pipeline fails if the Quality Gate is not met. This topic explains the setup and pipeline configuration step by step.

What the Integration Achieves

DEVELOPER COMMITS CODE
        |
        v
JENKINS PIPELINE STARTS
        |
        v
STEP 1: Checkout code from Git
        |
        v
STEP 2: Build the project
        |
        v
STEP 3: Run tests and generate coverage
        |
        v
STEP 4: Run SonarScanner
        |
        v
STEP 5: Wait for Quality Gate result
        |
        +-- PASSED --> Deploy to staging
        |
        +-- FAILED --> Notify team, block deploy

Prerequisites

  • Jenkins is installed and running
  • SonarQube server is running and accessible from Jenkins
  • A SonarQube token has been generated (see Topic 7)

Step 1: Install the SonarQube Scanner Plugin in Jenkins

  1. In Jenkins, go to Manage Jenkins > Plugins > Available Plugins
  2. Search for SonarQube Scanner
  3. Install the plugin and restart Jenkins

Step 2: Add SonarQube Server in Jenkins Global Config

  1. Go to Manage Jenkins > System
  2. Scroll to the SonarQube servers section
  3. Click Add SonarQube
  4. Enter the server name (e.g., My SonarQube) and server URL
  5. Add the authentication token as a Jenkins credential
JENKINS: SONARQUBE SERVER CONFIGURATION
+----------------------------------------------+
| Name:           My SonarQube                 |
| Server URL:     http://sonarqube:9000        |
| Server version: SonarQube 9.x or above       |
| Authentication: [Token: sonar-token ▼]       |
+----------------------------------------------+

Step 3: Add SonarScanner Tool in Jenkins

  1. Go to Manage Jenkins > Tools
  2. Find the SonarQube Scanner section
  3. Click Add SonarQube Scanner
  4. Name it (e.g., SonarScanner) and let Jenkins auto-install it

Jenkinsfile: Declarative Pipeline

Add a SonarQube stage to your Jenkinsfile:

pipeline {
    agent any

    tools {
        maven 'Maven 3.9'
        jdk   'Java 17'
    }

    stages {

        stage('Checkout') {
            steps {
                git branch: 'main',
                    url: 'https://github.com/acme/customer-portal.git'
            }
        }

        stage('Build and Test') {
            steps {
                sh 'mvn clean verify'
            }
        }

        stage('SonarQube Analysis') {
            steps {
                withSonarQubeEnv('My SonarQube') {
                    sh '''
                        mvn sonar:sonar \
                          -Dsonar.projectKey=com.acme:customer-portal \
                          -Dsonar.projectName="Customer Portal"
                    '''
                }
            }
        }

        stage('Quality Gate') {
            steps {
                timeout(time: 5, unit: 'MINUTES') {
                    waitForQualityGate abortPipeline: true
                }
            }
        }

        stage('Deploy') {
            steps {
                echo 'Deploying to staging...'
            }
        }
    }
}

Understanding the Key Parts

withSonarQubeEnv

This block automatically injects the server URL and authentication token as environment variables. You do not need to hardcode the token in your Jenkinsfile — Jenkins reads it from the stored credential.

waitForQualityGate

This step pauses the pipeline and waits for SonarQube to finish its server-side analysis. The server sends a webhook callback to Jenkins when the analysis is complete. If the Quality Gate fails, abortPipeline: true stops the pipeline immediately.

Configuring the Webhook in SonarQube

The waitForQualityGate step requires a webhook so SonarQube can notify Jenkins when analysis finishes. Set this up in SonarQube:

  1. Go to Administration > Configuration > Webhooks
  2. Click Create
  3. Name: Jenkins
  4. URL: http://your-jenkins:8080/sonarqube-webhook/
  5. Save
WEBHOOK FLOW
SonarQube finishes analysis
        |
        v
SonarQube sends POST to Jenkins webhook URL
        |
        v
Jenkins receives notification
        |
        v
waitForQualityGate step gets the gate result
        |
        v
Pipeline continues or aborts

Pipeline for a Generic CLI Project

If your project does not use Maven or Gradle, use the SonarScanner CLI tool configured in Jenkins:

stage('SonarQube Analysis') {
    steps {
        withSonarQubeEnv('My SonarQube') {
            script {
                def scannerHome = tool 'SonarScanner'
                sh "${scannerHome}/bin/sonar-scanner \
                    -Dsonar.projectKey=my-project \
                    -Dsonar.sources=src"
            }
        }
    }
}

Viewing Results in Jenkins

After a successful scan, the Jenkins build page shows a SonarQube link in the sidebar. Clicking it opens the project dashboard in SonarQube directly. The build summary also displays the Quality Gate status — Passed or Failed.

JENKINS BUILD PAGE
+------------------------------------------+
| Build #42                                |
| Status: SUCCESS (Quality Gate: Passed)   |
|                                          |
| Sidebar:                                 |
|   [SonarQube] → opens project dashboard  |
+------------------------------------------+

Handling Failures Gracefully

When a Quality Gate fails, Jenkins marks the build as Failed (shown in red). The failed build sends notifications to the team via email, Slack, or any notification plugin you have configured in Jenkins. Developers know immediately which commit caused the failure and can check the SonarQube dashboard to see exactly which conditions were not met.

Previous lessons
Back to courses
Next lessons

Leave a Comment

Your email address will not be published. Required fields are marked *