Skip to content
Docs

Scanning a Project

This tutorial will demonstrate how to scan a project using the nx-sonarqube Nx Plugin and upload the results to Sonar

Prerequisites

  1. Nx workspace
  2. nx-sonarqube
  3. @nx/jest or @nx/vite test executors with code coverage enabled
  4. Sonar

Steps

  1. Given the existing project to be scanned is named app, run the following generator:

    Terminal window
    npx nx g @koliveira15/nx-sonarqube:config app

  2. The generator will create the following changes:

    • The sonar target is added:

      apps/app/project.json
      {
        "name": "app",
        "$schema": "../../node_modules/nx/schemas/project-schema.json",
        "projectType": "application",
        "sourceRoot": "apps/app/src",
        "targets": {
          "sonar": {
            "executor": "@koliveira15/nx-sonarqube:scan",
            "options": {
              "hostUrl": "https://sonarcloud.io",
              "projectKey": "app"
            }
          }
        }
      }

    • The sonar and test targets are added so that test will depend on the project dependencies’ tests:

      nx.json
      {
        "$schema": "./node_modules/nx/schemas/nx-schema.json",
        "targetDefaults": {
          "sonar": {
            "dependsOn": ["^test", "test"]
          },
          "test": {
            "dependsOn": ["^test"]
          }
        }
      }

  3. Sonar can require authentication credentials. You can set these via environment variables using the Define Environment Variables Recipe

    • SONAR_LOGIN: The authentication token or login of a SonarQube user with either Execute Analysis permission on the project or Global Execute Analysis permission
    • SONAR_PASSWORD: If you’re using an authentication token, leave this blank. If you’re using a login, this is the password that goes with your SONAR_LOGIN username

  4. Execute the sonar task against the app project:

    Terminal window
    npx nx sonar app

  5. The executor will output the following to the terminal where the status of scan can be checked:

    output
    ...
    

    INFO: Analysis report generated in 88ms, dir size=320 KB
    INFO: Analysis report compressed in 26ms, zip size=82 KB
    INFO: Analysis report uploaded in 520ms
    INFO: Sensor cache published successfully
    INFO: ------------- Check Quality Gate status
    INFO: Waiting for the analysis report to be processed (max 300s)
    INFO: QUALITY GATE STATUS: PASSED - View details on https://sonarcloud.io/dashboard?id=app
    INFO: Analysis total time: 37.334 s
    INFO: ------------------------------------------------------------------------
    INFO: EXECUTION SUCCESS
    INFO: ------------------------------------------------------------------------
    INFO: Total time: 38.993s
    INFO: Final Memory: 57M/228M
    INFO: ------------------------------------------------------------------------
    [19:31:42] Analysis finished.
    

    >  NX Successfully ran target sonar for project app and 1 task it depends on

  6. Click the link in the terminal out & log into Sonar to view the results: sonar-dashboard