Overview of integrated CIs
SonarCloud supports integration with the following continuous integration (CI) systems:
In SonarCloud terminology, a scanner is the piece of software that performs the actual analysis on your code.
Typically, a scanner is configured to work as part of your build pipeline. SonarSource provides different versions of the SonarScanner tool for different set-ups.
If your build process takes place on an on-premises machine (your own or some central build machine in your organization) you will need to download the appropriate scanner from SonarSource, install it and configure it.
If your build process is cloud-based (using CircleCI or similar) SonarSource provides SonarScanner plugins that can be installed in those services.
SonarCloud supports the following scanners, adapted to different setups:
- SonarScanner for Maven: For use with Java Maven projects.
- SonarScanner for Gradle: For use with Java Gradle projects.
- SonarScanner for Ant: For use with Java Ant projects.
- SonarScanner for .NET: For use with .NET projects.
- SonarScanner for Azure DevOps: For use with Azure DevOps projects.
- SonarScanner for Jenkins: For use with Jenkins projects.
- SonarScanner CLI: Generic command-line tool for setups where no specialized scanner is available.
Prerequisites for scanners
The scanners for Maven, Gradle, Ant, and the SonarScanner CLI are all Java executables and therefore require a JRE to be installed and available in the environment that is running the scanner. Java 11 is the minimum required version. The latest version is recommended. This is independent of the target language that you are analyzing. For example, if you are setting up analysis for a C++ project, you will still need to install a JRE to run the SonarScanner CLI to analyze your C++ code.
The SonarScanner for .NET is a .NET executable and therefore requires .NET to be installed.
SonarScanner for Jenkins is a plugin that allows you to integrate SonarCloud with Jenkins. It still requires a specific scanner for your project (that is, one of the others, like the SonarScanner CLI or the SonarScanner for Maven, etc.) to perform the actual analysis.
SonarScanner for Azure DevOps is an extension that runs within the Azure DevOps cloud environment.
How the scanners work
All the scanner variants just wrap SonarCloud's powerful set of language analyzers. Since the scanner is installed as part of your build process, we don't want you to have to re-install it every time a SonarCloud language analyzer is added or improved. To ensure this SonarScanner always checks for updates to its analyzer set from SonarCloud and downloads any recent additions or changes, thus always staying up-to-date.
When the scanner is invoked it executes the analysis on the code and sends the results back up to SonarCloud, where they are processed, stored, and displayed in the SonarCloud interface.
Comparison with automatic analysis
SonarCloud's automatic analysis can be thought of as a scanner that is integrated into the cloud service. It can be used without installing any additional software or integrating anything into your build pipeline.
Conflict between CI-based and automatic analysis
CI-based analysis (i.e., using SonarScanner as part of your build process) is not meant to run concurrently with automatic analysis. If automatic analysis is enabled on a project, any attempt to run a SonarScanner on the same project will fail, failing the build pipeline as it does so.
For this reason, it is important to select one or the other method when using SonarCloud: Either use automatic analysis or use a CI-based analysis with SonarScanner, but not both!