Developing a Multibranch Pipeline in Jenkins for SonarQube Community Edition to scan code

When working with SonarQube Community Edition, it’s important to note that this version does not support branch-level scanning. This feature is available only in the Developer Edition or higher, which are licensed versions.

In licensed editions, branch-level scans consolidate all branch reports under a single project key, providing a unified view of code quality for all branches. Unfortunately, this functionality isn’t available in the Community Edition.

However, there is a workaround to achieve similar results to some extent. In this approach:

Instead of using a single project key for all branches, each branch's scan results are associated with separate project keys. While this does not provide the convenience of consolidated branch-level insights under one key, it allows you to maintain visibility for each branch individually.

This alternative can be useful for teams that rely on the Community Edition but still want to implement multibranch pipelines in Jenkins for static code analysis.

How to Achieve a Multibranch Pipeline in Jenkins for SonarQube Community Edition to Scan Code

Step 1: Prepare Your Repository

Ensure you already have a repository. If not, create one (e.g., in Bitbucket) with your branches, including master and release branches. For each branch, add a Jenkinsfile that defines your pipeline configuration.

Master branch

My release branches

release_nov_2024

release_dec_2024

Step 2: Add Credentials for Repository Access

Navigate to the Credentials section in Jenkins. Add the credentials required for Jenkins to connect to your Bitbucket repository. This could be a username/password pair or an SSH key.

Step 3: Configure SonarQube Credentials in Jenkins

Similarly, add your SonarQube credentials to Jenkins. This will enable Jenkins to authenticate and connect to SonarQube for code analysis.

Bitbucket and Sonarqube credentials

Step 4: Create a Multibranch Pipeline

Go to New Item, enter a name, select Multibranch Pipeline, and click OK.

Add details as mentioned

After making above changes SAVE it.

Step 5: Add this Jenkfile script in each branch of the repository for Sonar analysis

pipeline {
    agent any

    environment {
        SONAR_SCANNER_PATH = 'C:\\ProgramData\\Jenkins\\.jenkins\\tools\\hudson.plugins.sonar.SonarRunnerInstallation\\sonar-scanner\\bin\\sonar-scanner.bat'
        SONAR_HOST_URL = 'http://localhost:9000/'
        SONAR_PROJECT_BASE_KEY = 'scanlocal'
        SONAR_PROJECT_VERSION = '1.0'
        SONAR_SOURCE_ENCODING = 'UTF-8'
        GIT_REPO_URL = 'https://sonarqubescanning-admin@bitbucket.org/sonarqubescanning/scanlocal.git'
        GIT_CREDENTIALS_ID = 'bb_coding'
    }

    stages {
        stage('Clone Repository') {
            steps {
                echo "Cloning repository ${GIT_REPO_URL}..."
                git branch: "${env.BRANCH_NAME}",  
                    url: "${GIT_REPO_URL}",
                    credentialsId: "${GIT_CREDENTIALS_ID}"
            }
        }

        stage('SonarQube Analysis') {
            steps {
                script {
                    // Create a unique project key and name per branch
                    def branchKey = env.BRANCH_NAME.replaceAll('/', '_')
                    def sonarProjectKey = "${SONAR_PROJECT_BASE_KEY}_${branchKey}"
                    def sonarProjectName = "${env.BRANCH_NAME}"

                    withSonarQubeEnv('SonarQube') { 
                        echo "Starting SonarQube analysis for ${sonarProjectKey}..."
                        bat """
                        "${SONAR_SCANNER_PATH}" ^
                            -Dsonar.host.url=${SONAR_HOST_URL} ^
                            -Dsonar.projectKey=${sonarProjectKey} ^
                            -Dsonar.projectName=${sonarProjectName} ^
                            -Dsonar.projectVersion=${SONAR_PROJECT_VERSION} ^
                            -Dsonar.sourceEncoding=${SONAR_SOURCE_ENCODING} ^
                            -Dsonar.sources=. ^
                            -Dsonar.inclusions=**/*.sql,**/*.plsql,**/*.py,**/*.sh ^
                            -Dsonar.verbose=true
                        """
                    }
                }
            }
        }
    }

    post {
        always {
            echo 'Pipeline execution completed.'
        }
        success {
            echo 'SonarQube scan completed successfully!'
        }
        failure {
            echo 'SonarQube scan failed.'
        }
    }
}

Step 6 : On jenkins -> Click on : Scan Multibranch pipeline now and wait the report will be generated in Sonarqube

Step 7 : After the scan completes successfully, check SonarQube for the analysis results and review any issues.

Scan report generated on Sonarqube