Today, in this post, I’ll walk you through how I created a new SonarQube user, granted all necessary privileges, added the user to groups, assigned admin rights, and integrated them into Jenkins for seamless code scanning.

Create new user on Sonarqube

Go to Administration → Security → Users

Click on add user and fill below details or your details as per your need

The user : sonar-uat got added

Generate a global Token for Sonar User

This token will be globally available for use across any Bitbucket repository when this SonarQube user is utilized for scanning reports.

Click on vertical dots …

Mention some name to Token ( eg : Sonar-uat-token ) → Set expires in as per your need and Generate

After clicking Generate, copy your token (mandatory).

Create global permission for Sonar User

Check all options as per your requirements. In my case, I’ve replicated the same privileges as System Administrators to ensure my newly created user has full admin access.

Before

After

Add User : sonar-uat to Group

Click on edit option of sonar-administrators → All → check user : sonar-uat → Done

Admin and sonar-uat users have the same exact privileges.

Configure SonarQube creds/token in Jenkins → Credentials.

Go to → Jenkins → Manage Jenkins → Credentials → System → Global credentials (unrestricted) → Add credentials → Secret → Sonar User ( sonar-uat ) and Sonar Token : squ_848de3afe574c48aa9045baa3bb7c00fb332c052

Credentials are added and Note the name : Sonar scanning using sonar-uat

Configure Credentails on SonarQube servers

Go to → Jenkins → Manage Jenkins → SonarQube servers → Select : Name : Sonar scanning using sonar-uat

Lets test sonarqube scanning via new Sonar user : sonar-uat

Hope you have a sample Bitbucket repository with code. I used a sample repository with one code file for demonstration.

Create a pipeline script on Jenkins

Jenkins → New Item → test_sonar

Note: Modify the pipeline script as per your requirements (e.g., Bitbucket repository URL, Sonar Project Key, Sonar Project Name, Bitbucket Credentials, Sonar Host URL).

Add pipeline scritp and save it

Pipeline script

pipeline {
  agent any
  stages {
    stage('Clone Repository') {
      steps {
        git(url: 'https://sonarqubescanning-admin@bitbucket.org/sonarqubescanning/test_sonar_scan.git', branch: 'master', credentialsId: 'bb_coding')
      }
    }

    stage('SonarQube Analysis') {
      steps {
        withSonarQubeEnv('SonarQube') {
          script {
            bat """
            "${tool 'sonar-scanner'}\\sonar-scanner.bat" ^
            -Dsonar.host.url=%SONAR_HOST_URL% ^
            -Dsonar.projectKey=%SONAR_PROJECT_KEY% ^
            -Dsonar.projectName=%SONAR_PROJECT_NAME% ^
            -Dsonar.projectVersion=%SONAR_PROJECT_VERSION% ^
            -Dsonar.sourceEncoding=UTF-8 ^
            -Dsonar.sources=. ^
            -Dsonar.verbose=true ^
            -Dsonar.qualitygate.wait=true ^
            -Dsonar.python.version=3.8
            """
          }

        }

      }
    }

    stage('Quality Gate Check') {
      steps {
        script {
          def qualityGate = waitForQualityGate()
          if (qualityGate.status != 'OK') {
            // Fail the build if the Quality Gate fails
            error "Quality Gate failed: ${qualityGate.status}"
          } else {
            echo "Quality Gate passed: ${qualityGate.status}"
          }
        }

      }
    }

  }

  post {

    always {
      echo 'Cleaning up the workspace...'
      cleanWs()
    }

    success {
      echo 'Build completed successfully.'
    }

    failure {
      echo 'Build failed. Workspace cleaned.'
    }
  }


  environment {
    SONAR_HOST_URL = 'http://localhost:9000/'
    SONAR_PROJECT_KEY = 'test_sonar'
    SONAR_PROJECT_NAME = 'test_sonar'
    SONAR_PROJECT_VERSION = '1.0'
  }
}