Overview of integrated CIs

CI integrations

SonarCloud supports integration with the following continuous integration (CI) systems:

Scanners

In SonarCloud terminology, a scanner is the piece of software that performs the actual analysis on your code.

Typically, a scanner is configured to work as part of your build pipeline. SonarSource provides different versions of the SonarScanner tool for different set-ups.

If your build process takes place on an on-premises machine (your own or some central build machine in your organization) you will need to download the appropriate scanner from SonarSource, install it and configure it.

If your build process is cloud-based (using CircleCI or similar) SonarSource provides SonarScanner plugins that can be installed in those services.

SonarCloud supports the following scanners, adapted to different setups:

Prerequisites for scanners

The scanners for Maven, Gradle, Ant, and the SonarScanner CLI are all Java executables and therefore require a JRE to be installed and available in the environment that is running the scanner. Java 11 is the minimum required version. The latest version is recommended. This is independent of the target language that you are analyzing. For example, if you are setting up analysis for a C++ project, you will still need to install a JRE to run the SonarScanner CLI to analyze your C++ code.

The SonarScanner for .NET is a .NET executable and therefore requires .NET to be installed.

SonarScanner for Jenkins is a plugin that allows you to integrate SonarCloud with Jenkins. It still requires a specific scanner for your project (that is, one of the others, like the SonarScanner CLI or the SonarScanner for Maven, etc.) to perform the actual analysis.

SonarScanner for Azure DevOps is an extension that runs within the Azure DevOps cloud environment.

How the scanners work

All the scanner variants just wrap SonarCloud's powerful set of language analyzers. Since the scanner is installed as part of your build process, we don't want you to have to re-install it every time a SonarCloud language analyzer is added or improved. To ensure this SonarScanner always checks for updates to its analyzer set from SonarCloud and downloads any recent additions or changes, thus always staying up-to-date.

When the scanner is invoked it executes the analysis on the code and sends the results back up to SonarCloud, where they are processed, stored, and displayed in the SonarCloud interface.

Comparison with automatic analysis

SonarCloud's automatic analysis can be thought of as a scanner that is integrated into the cloud service. It can be used without installing any additional software or integrating anything into your build pipeline.

Conflict between CI-based and automatic analysis

CI-based analysis (i.e., using SonarScanner as part of your build process) is not meant to run concurrently with automatic analysis. If automatic analysis is enabled on a project, any attempt to run a SonarScanner on the same project will fail, failing the build pipeline as it does so.

For this reason, it is important to select one or the other method when using SonarCloud: Either use automatic analysis or use a CI-based analysis with SonarScanner, but not both!

On this page

Scanners

© 2008-2022, SonarCloud by SonarSource SA. All rights reserved.