Skip to content



The step executes the sonar-scanner cli command to scan the defined sources and publish the results to a SonarQube instance.


  • The project needs a file that describes the project and defines certain settings, see here.
  • A SonarQube instance needs to be defined in the Jenkins.


name mandatory default possible values
branchName No
changeBranch No
changeId No
changeTarget No
customTlsCertificateLinks No
disableInlineComments No false true, false
dockerEnvVars No []
dockerImage No node:lts-stretch
dockerName No sonar
dockerOptions No []
dockerWorkspace No \<empty>
githubApiUrl No
githubToken No
githubTokenCredentialsId Yes
host No
instance No SonarCloud
legacyPRHandling No false true, false
options No
organization No
owner No
projectVersion No
pullRequestProvider No GitHub GitHub
repository No
script Yes
sonarScannerDownloadUrl No
sonarTokenCredentialsId Yes
token No
verbose No false true, false
  • branchName: Non-Pull-Request only: Name of the SonarQube branch that should be used to report findings to.
  • changeBranch: Pull-Request only: The name of the pull-request branch.
  • changeId: Pull-Request only: The id of the pull-request.
  • changeTarget: Pull-Request only: The name of the base branch.
  • customTlsCertificateLinks: List of comma-separated download links to custom TLS certificates. This is required to ensure trusted connections to instances with custom certificates.
  • disableInlineComments: Pull-Request only: Disables the pull-request decoration with inline comments. DEPRECATED: only supported in SonarQube < 7.2
  • dockerEnvVars: Environment variables to set in the container, e.g. [http_proxy: "proxy:8080"].
  • dockerImage: Name of the docker image that should be used. If empty, Docker is not used and the command is executed directly on the Jenkins system.
  • dockerName: Kubernetes only: Name of the container launching dockerImage. SideCar only: Name of the container in local network.
  • dockerOptions: Docker options to be set when starting the container.
  • dockerWorkspace: Kubernetes only: Specifies a dedicated user home directory for the container which will be passed as value for environment variable HOME.
  • githubApiUrl: Pull-Request only: The URL to the Github API. see GitHub plugin docs DEPRECATED: only supported in SonarQube < 7.2
  • githubToken: Pull-Request only: Token for Github to set status on the Pull-Request.
  • githubTokenCredentialsId: Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Github Server.
  • host: The URL to the Sonar backend.
  • instance: Jenkins only: The name of the SonarQube instance defined in the Jenkins settings. DEPRECATED: use host parameter instead
  • legacyPRHandling: Pull-Request only: Activates the pull-request handling using the GitHub Plugin. DEPRECATED: only supported in SonarQube < 7.2
  • options: A list of options which are passed to the sonar-scanner.
  • organization: only: Organization that the project will be assigned to in
  • owner: Pull-Request only: The owner of the scm repository.
  • projectVersion: The project version that is reported to SonarQube.
  • pullRequestProvider: Pull-Request only: The scm provider.
  • repository: Pull-Request only: The scm repository.
  • script: The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this parameter, as in script: this. This allows the function to access the commonPipelineEnvironment for retrieving, e.g. configuration parameters.
  • sonarScannerDownloadUrl: URL to the sonar-scanner-cli archive.
  • sonarTokenCredentialsId: Jenkins 'Secret text' credentials ID containing the token used to authenticate with the Sonar Server.
  • token: Token used to authenticate with the Sonar Server.
  • verbose: verbose output

Step Configuration

We recommend to define values of step parameters via config.yml file.

In following sections of the config.yml the configuration is possible:

parameter general step/stage
branchName X
customTlsCertificateLinks X
disableInlineComments X
dockerEnvVars X
dockerImage X
dockerName X
dockerOptions X
dockerWorkspace X
githubApiUrl X X
host X
instance X
legacyPRHandling X
options X
organization X
owner X X
projectVersion X
pullRequestProvider X
repository X X
sonarScannerDownloadUrl X
verbose X