...
The Black Duck Black Duck SonarQube plugin works through the Black Duck sensor in the sonar-scanner.
To populate a SonarQube instance with data regardless of having the Black Duck SonarQube plugin installed, the sonar-scanner must be run in the base directory of the project to be scanned. This directory requires a sonar-project.properties file where the following fields are specified:
...
These fields configure project mappings and plugin settings. Configuring the Black Duck SonarQube plugin can also be done through the SonarQube user interface (UI), where you can overwrite the sonar-project.properties file. This can only be done after the initial scan.
Basic Workflow
- Follow the instructions for installing SonarQube at https://docs.sonarqube.org/display/SONAR/Installing+a+Plugin
- Get the plugin from https://github.com/blackducksoftware/hub-sonarqube/releases
- Copy the JAR file to the
extensions/plugins/directory of your SonarQube installation and then start the server. - Configure the sonar-project.properties file with the project name, project version, and source directory.
- Configure the Black Duck SonarQube plugin properties file with the global and project-level properties for the Black Duck SonarQube plugin.
- Run sonar-scanner in the base directory of the project to be scanned with Black Duck SonarQube installed and configured.
- Black Duck SonarQube does not perform a Black Duck scan, but instead examines an already-scanned Black Duck project, gathers its Black Duck Bill of Materials (BOM) components, and compares the matched files from the Black Duck to the local files.
Requirements
- SonarQube versions 6.7.1 or higher.
- Black Duck Black Duck versions 4.2.0 or higher.
- Java versions 8 or higher.
- Black Duck Signature Scanner.
...