SonarQube is an open-source platform for static code analysis, used to verify the technical quality of the source code. The development is managed by sonarsource (Tool website: sonarqube.org). The tool was released in 2007 and was called “Sonar” until the name was changed in 2013.

Homepage: https://www.sonarqube.org/

Doc: https://docs.sonarqube.org/latest/analysis/gitlab-integration/

1. Create Access Token in Gitlab in the Group or Project
   1. Token name: SonarQube
   2. Scopes: api
   3. Expiration date: empty = no
   4. Role: Reporter

Save the group access token

1. Import GitLab Project into SonarQube
   1. Add Projekt
   2. Enter group access token
2. Select Project you want to add
3. Choose “With GitLab CI” for analyze your repository
4. Project key: Other
5. file: ./sonar-project.properties
   • In root dir of the project.
   • Filename: sonar-project.properties
   • Content:

     sonar.projectKey=tests_firstgit_AYAi0enkA
     sonar.qualitygate.wait=true
     sonar.python.version=2

6. Add two vars to Project: Settings→ CI/CD → Variables
   1. key: SONAR_TOKEN
      1. Value: generate token in SonarQube Webinterface
      2. uncheck “Protect Variable”
      3. CHECK “Mask Variable”
   2. key: SONAR_HOST_URL
      1. Value: https://sq.schnuerle.com:9999
      2. Uncheck both: Protect Variable / Mask Variable