SonarCloud | Getting started | GitLab

On this page

Getting Started with GitLab

If your code is on GitLab, go to the SonarCloud product page and choose Set up or Login, then select GitLab from the list of DevOps cloud platforms.

You will be taken to the GitLab login page. Sign in using your GitLab credentials.

Welcome to SonarCloud

Once you have successfully logged in, you will see the SonarCloud welcome screen. Select Analyze your first projects > Import an organization from GitLab.

Set up your organization

About SonarCloud organizations 

SonarCloud is set up to mirror the way that code is organized in GitLab (and other repository providers):

  • Each SonarCloud project corresponds one-to-one with a GitLab project, which resides in its own Git repository.
  • GitLab projects are grouped into GitLab groups or under a personal namespace.
  • Each SonarCloud organization corresponds one-to-one with a GitLab group or personal namespace. 

Connect your GitLab group with SonarCloud

First, select either

  • Import any GitLab group, if you want to import a GitLab group other than your personal one, or
  • Import my personal GitLab group, if you want to import only the repositories that are under your personal namespace.

If you select the first option, you will need your GitLab group key and a personal access token.

If you select the second option, you will just need a personal access token.

Group key

For the group key, you can provide either the ID of the group or the key of the group. The group ID can be found under the group name on the group page. The group key is the last element in the path of the group and is found in the URL. For example, gitlab.com/my-group.

Note that the user that is logged into SonarCloud must be an owner of the GitLab group.

Personal access token

To create the token, go to User settings > Personal Access Tokens in GitLab, or while logged in to GitHub, click the Personal Access Token hyperlink in the SonarCloud Create an organization tutorial.

When creating your access token on the GitLab User settings > Personal Access Tokens page, make sure to select api scope. Then click Create personal access token.

When the personal access token is displayed at the top of the page, copy the token and paste it into the field on the SonarCloud setup page.

Import organization details

In this step, you will create a SonarCloud organization that corresponds to your GitLab group. 

SonarCloud will suggest a key for your SonarCloud organization. This is a name unique across all organizations within SonarCloud. You can accept the suggestion or change it manually. The interface will prevent you from changing it to an already existing key.

Choose a plan

Next, you will be asked to choose a SonarCloud subscription plan. If all the repositories to be analyzed are public on GitLab, you can select the free plan. When using the free plan, your code and analysis results will be publicly accessible at sonarcloud.io/explore/projects.

If you want to analyze one or more private repositories, then you need to select a paid plan. All paid plans offer a 14-day free trial period. Once the 14 days have elapsed, the cost is based on the number of lines of code analyzed.

Once you have chosen a plan and clicked Create Organization, your SonarCloud organization will be created!

Set up your analysis

Import repositories

The next step is to import the projects (that is, individual Git repositories) that you want to analyze from your GitLab group into your newly created SonarCloud organization, creating a corresponding SonarCloud project for each.

SonarCloud will present a list of the repositories in your GitLab group. Select those that you want to import and analyze and click Set Up.

Import repositories from GitLab into SonarCloud.

The selected projects will be imported.

Choose your new code definition

The next step is to set the New Code Definition (NCD) for your project(s). The NCD is a mandatory step and it defines which part of your code is considered new code. This helps you to focus your attention on the most recent changes to your code and allows you to follow the Clean as You Code methodology.

Set up your initial new code definition in SonarCloud.

For more information, see the New code definition page. 

Configure analysis

With GitLab projects, the actual analysis is performed in your build environment (for example, on a cloud CI or your local machine). This means you have to configure your build process to perform the analysis on each build and communicate the results up to SonarCloud.

SonarCloud will guide you through a tutorial on how to set up your build environment to run your analysis.

The first step is to select your build environment. SonarCloud will present this page:

Choose Gitlab as analysis method.

If you have no particular preference and are setting up a new project on GitLab, we recommend using GitLab CI/CD as your CI.

Follow the tutorial to set up your analysis.

See your analysis results

Once it is complete, you can view the results of your First analysis

In addition, please see the page on GitLab CI to integrate SonarCloud into your GitLab pipelines. 

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, SONARCLOUD, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Creative Commons License