Introduction.
Code that works isn’t always code that’s clean.
In modern development, quality is just as important as functionality—and that’s where tools like SonarQube come in.
SonarQube is a powerful open-source platform for continuous inspection of code quality. It analyzes your source code for bugs, vulnerabilities, code smells, and more—helping you write cleaner, more maintainable software.
But code quality checks are only effective when they’re automated, and that’s where Jenkins shines.
In this guide, you’ll learn how to integrate SonarQube with Jenkins so you can automatically scan your codebase during every build.
This means your CI/CD pipeline won’t just build and deploy—it’ll guard code quality too.
We’ll walk through:
- Installing and configuring SonarQube
- Setting up SonarQube Scanner in Jenkins
- Configuring a Jenkins pipeline to trigger code analysis
- Viewing and interpreting SonarQube reports
Let’s get started and bring quality assurance into your CI/CD workflow!
Step 1: Install and Run SonarQube
- Download SonarQube.
- Extract and run with:
./bin/[your_OS]/sonar.sh start- Access SonarQube at
http://localhost:9000 - Login with default:
admin / admin - Create a new project token under My Account > Security
Step 2: Install SonarQube Plugin in Jenkins
- Go to Manage Jenkins > Plugin Manager
- Search for and install:
SonarQube Scanner - Restart Jenkins if needed
Step 3: Configure SonarQube in Jenkins
- Go to Manage Jenkins > Configure System
- Find the SonarQube servers section
- Click Add SonarQube:
- Name:
SonarQube - Server URL:
http://localhost:9000(or your hosted SonarQube URL) - Add the token you created earlier as a Jenkins credential
- Name:
- Check “Install automatically” if using SonarScanner CLI
- Save the configuration
Step 4: Add SonarScanner to Jenkins
- Go to Manage Jenkins > Global Tool Configuration
- Scroll to SonarQube Scanner section
- Click Add SonarQube Scanner:
- Name:
SonarScanner - Select “Install automatically”
- Name:
- Save changes
Step 5: Configure Jenkins Project or Pipeline
- Pipeline with Jenkinsfile
pipeline {
agent any
tools {
sonarScanner 'SonarScanner' // Name from Global Tool Config
}
stages {
stage('Checkout') {
steps {
git 'https://github.com/your/repo.git'
}
}
stage('SonarQube Analysis') {
steps {
withSonarQubeEnv('SonarQube') {
sh 'sonar-scanner'
}
}
}
}
}
Step 6: Add sonar-project.properties to Your Repo
In the root of your project:
sonar.projectKey=my_project_key
sonar.projectName=My Project
sonar.projectVersion=1.0
sonar.sources=src
sonar.java.binaries=target/classesStep 7: View Results in SonarQube
- Run the Jenkins job
- After the analysis stage completes, go to your SonarQube dashboard
- View metrics, bugs, vulnerabilities, code smells, and more.
Conclusion.
By integrating SonarQube with Jenkins, you’ve added a powerful layer of quality control to your CI/CD pipeline.
Every build now includes automated code analysis—helping you catch issues before they reach production.
Here’s what you achieved:
- Set up SonarQube for static code analysis
- Connected Jenkins and configured authentication
- Triggered code scans during builds
- Viewed quality gates, coverage, and critical issues in the SonarQube dashboard
As you expand this setup, you can:
- Enforce quality gates to fail builds with critical issues
- Add coverage reports from tools like JaCoCo
- Integrate with GitHub or Bitbucket pull requests
Clean code isn’t just a goal—it’s a habit. And now, thanks to Jenkins + SonarQube, it’s also automated.
