Analyze Your Repository With Bitbucket Pipelines for SonarCloud

Once your project is created and initiated from the repository you selected, you can follow the tutorial to configure your analysis with Bitbucket Pipelines.

Launch your analysis and check your Quality Gate

Launch analyses with the SonarCloud Scan pipe and check the quality gate with the SonarCloud Quality Gate check pipe.

Unsupported build technologies

These pipes cannot be used for projects built with Maven, Gradle, .NET, and C/C++.

More information:

Analyzing branches

In order to trigger a SonarCloud analysis on each push on a branch, you have to supply the same command in the pull-requests section of bitbucket-pipelines.yml (check Configure bitbucket-pipelines.yml for more details about that section). Here is a sample configuration:

pipelines:
  ...
  branches:
    master:
      - step:
          script:
            - mvn sonar:sonar
  ...

Make sure that your bitbucket-pipelines.yml is up to date in the branch you want to analyze.

Analyzing pull requests

In order to trigger a SonarCloud analysis on each pull request update, you have to supply the same command in the pull-requests section of bitbucket-pipelines.yml (check Configure bitbucket-pipelines.yml for more details about that section). Here is a sample configuration:

pipelines:
  ...
  pull-requests:
    feature/*:
      - step:
          script:
            - mvn sonar:sonar
  ...

Make sure that your bitbucket-pipelines.yml is up to date in the pull request you want to analyze.

Analyzing Monorepo Projects with Bitbucket Cloud: Pipeline Configuration

If you want to analyze a monorepo that contains more than one project, you need to ensure that you specify the paths to each project for analysis in your bitbucket-pipelines.yml file.

A typical yml file for a monorepo analysis should look something like this:

definitions:
  caches:
    sonar: ~/.sonar/cache  # Caching SonarCloud artifacts will speed up your build
  steps:
    - step: &build-test-sonarcloud
        name: Build, test and analyze on SonarCloud
        caches:
          - sonar
        script:
          - pipe: sonarsource/sonarcloud-scan:1.4.0
            variables:
              SONAR_TOKEN: ${SONAR_TOKEN}
              EXTRA_ARGS: '-Dsonar.projectKey=neil.hannonbbc4_monorepotest_proj1 -Dsonar.organization=neil.hannonbbc4 -Dsonar.projectBaseDir=proj1'
          - pipe: sonarsource/sonarcloud-scan:1.4.0
            variables:
              SONAR_TOKEN: ${SONAR_TOKEN}
              EXTRA_ARGS: '-Dsonar.projectKey=neil.hannonbbc4_monorepotest_proj2 -Dsonar.organization=neil.hannonbbc4 -Dsonar.projectBaseDir=proj2'

Note that you need to build each project in the monorepo separately with a unique project key for each one.

Sample projects

You can see our multiple sample projects to see how it works :

If you target a .NET application, see a sample .NET project built with Azure Pipelines.