LogoLogo
Packmind CloudChangelogGet supportJoin Slack
  • 👋Welcome!
  • 🪐Manage spaces
  • 🔐Security and data
  • 🐞Troubleshooting guides
  • 🚀First steps
    • Enable and configure AI
    • Connect your Git platform
  • 📥Capture your coding practices
    • How to create coding practices
    • Review practices in the Inbox
  • 🔍Enforce practices in your code
    • Setup practices detection with the AI Agent
    • Packmind CLI
      • Run with NPM
      • Run with Docker
      • SonarQube Integration
      • Run in Gitlab CI
      • Usage
  • Coding Assistants Integration
  • 👩‍💻Plugins & Integrations
    • IDE Plugins
      • 🚀Packmind's IDE plugins use cases
      • Visual Studio Code
      • Visual Studio
      • JetBrains IDEs
      • Eclipse
      • Xcode
      • Packmind Tech Coach
    • 🔔Get notifications
  • 📖Best practices management
    • Manage your practices
      • Import, copy and export practices
      • Use categories to organize your practices
      • Manage duplications of practices
      • Move all practices from a space to another space
      • Styling with Markdown
      • Multi-file examples on coding practices
    • 📰Scheduler to push practices
  • ↔️API Reference
    • Authentication
    • Documentation
  • ⚙️Account & Settings
    • 👩‍💼Manage users
    • 💵Subscription and Billing
    • 🔓Single Sign-On (SSO) in Packmind
      • Enable SSO for Packmind Cloud
      • Enable SSO for Packmind Self-Hosted
  • 🏠On-Premise version
    • Release notes - Self-Hosted versions
    • Install the Self-Hosted version
      • Migrate from a legacy setup (Mongo 2.x)
    • Connect a SMTP server
    • Authentication
      • Authentication with OpenLDAP
      • Authentication by SSO
      • Authentication with Active Directory
Powered by GitBook
On this page
  • Integration
  • With the Npm/Docker CLI
  • More suggestions?

Was this helpful?

  1. Enforce practices in your code
  2. Packmind CLI

SonarQube Integration

PreviousRun with DockerNextRun in Gitlab CI

Last updated 4 months ago

Was this helpful?

The SonarQube integration makes it possible to include in the SonarQube dashboard results from the source code analysis by Packmind. We use the feature "" for that, allowing external issues to be integrated into the SonarQube reports.

This page introduces how to use the Packmind CLI to generate a report that SonarQube will ingest.

We didn't develop a classic plugin for SonarQube since this approach is more appropriate with a pre-defined set of coding rules. Packmind does not work like this, as each customer will create its own set of coding standards.

There are some limitations to this mechanism, according to the SonarQube documentation:

  • You can't manage them within SonarQube. For example, you can't mark them as false positives. But you can change the issue type (Bug, Vulnerability, Code Smell) or the severity (Minor, ...).

  • You can't manage the activation of the rules that raise these issues within SonarQube. External rules aren't visible on the Rules page or reflected in quality profiles.

Integration

The key concept is simple: you can use either the Docker/Npm/Maven version of the Packmind CLI to generate one or multiple output files using the sonarqube formatter (check the CLI options).

Then, the Sonar Scanner CLI must ingest the output files using the argument:

-Dsonar.externalIssuesReportPaths=<your_path>

With the Npm/Docker CLI

stages:
    - packmind
    - sonarqube

# Assume PACKMIND_API_KEY is set as CI/CD Variables
packmind-detect:
  stage: packmind
  image:
    name: promyze/packmind-cli:latest
    entrypoint: [""]
  artifacts:
    paths:
      - packmind-scan.json
  script:
    - packmind-scanner scan . --formatters=console,sonarqube --output=packmind-scan.json

# Assume SONAR_HOST_URL and SONAR_LOGIN are set as CI/CD Variables
sonarqube-scan:
  stage: sonarqube
  image:
    name: sonarsource/sonar-scanner-cli:latest
  variables:
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"  # Defines the location of the analysis task cache
    GIT_DEPTH: "0"  
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - packmind-scan.json
  allow_failure: true
  script:
    - sonar-scanner -Dsonar.projectKey=your-key -Dsonar.qualitygate.wait=true -Dsonar.externalIssuesReportPaths=packmind-scan.json
```

More suggestions?

Share a with us; we'll be to discuss it with you.

🔍
Generic issue import format
feature request