The Blueriq Sonar Scanner can be configured by creating an application.properties file and passing it either as an command line argument with --spring.config.location=file:application.properties or placing it next to the Blueriq Sonar Scanner. See Run analysis on how to run an analysis.
Through this property file, both Blueriq Sonar Scanner properties and SonarQube Analysis Parameters can be configured.
Blueriq Sonar Scanner Properties
Property | Required | Default | Description |
---|---|---|---|
blueriq.scanner.scanName | Required | The name of the analysis which will be used in SonarQube, A scan name may only contain letters, numbers, underscores and hyphens | |
blueriq.scanner.repository | Required | Name of the repository | |
blueriq.scanner.branch | Required | Name of the branch | |
blueriq.scanner.projects | Required | A comma separated list of Blueriq project names | |
blueriq.scanner.studio.managementServiceUrl | Required for management service | Url to the management service, if this property is set then all other management service properties must also be set. If this is not set, then the branch export location must be set. | |
blueriq.scanner.studio.authenticationType | Required for management service | BASIC | Since 6.7, choose one of either BASIC, OIDC_PASSWORD or OIDC_CLIENT_CREDENTIALS for this property. BASIC corresponds to the method used before 6.7, but note that BASIC is deprecated and may no longer be supported in a future version. OIDC_PASSWORD most closely resembles BASIC, like BASIC it requires the username and password of a Studio user. In addition it also requires a tokenUrl, clientId and clientSecret which are used to request an access token on behalf of the user. OIDC_CLIENT_CREDENTIALS offers an alternative to using the credentials of a regular user. It requires a tokenUrl, clientId and clientSecret. No username or password are required. To use this option, you must have created a client for the BMA Sonar Scanner via User Management (Keycloak). Once that is done, you can connect to the Studio backend using only the client credentials of the BMA client. |
blueriq.scanner.studio.tokenUrl | Required for management service when using an OIDC authentication type | Since 6.7, the url from which a token can be requested when using an OIDC authentication type, for example: STUDIO_URL/Keycloak/realms/BlueriqStudio17/protocol/openid-connect/token | |
blueriq.scanner.studio.clientId | Required for management service when using an OIDC authentication type | Since 6.7, the id of the OIDC client | |
blueriq.scanner.studio.clientSecret | Required for management service when using an OIDC authentication type | Since 6.7, the secret of the OIDC client | |
blueriq.scanner.studio.username | Required for management service | Studio username credential | |
blueriq.scanner.studio.password | Required for management service | Studio password credential | |
blueriq.scanner.studio.timeoutInSeconds | Optional | 60 | If the calls to the management service timeout you can increase the timeout via this property. |
blueriq.scanner.export.location | Required for export file | Location of a branch export zip from the studio, if this is set then the managementservice property must not be set. When the export location is set to a relative path, it will loaded from the location of the application.properties | |
blueriq.scanner.workDir | Optional | target | Relative path inside the executing directory where the BMA plugin creates files to index issues and measures. |
blueriq.scanner.debug | Optional | Enables the verbose mode of SonarQube for additional debugging information. | |
sonar.blueriq.license | Optional | License key string which can be found in the license.aql file. | |
sonar.blueriq.test-exclusion.business-rules | Optional | A comma separated list of business rule element names to exclude from test coverage. | |
sonar.blueriq.test-exclusion.decision-tables | Optional | A comma separated list of decision table element names to exclude from test coverage. | |
sonar.login | Required | Sonarqube user token or username | |
sonar.password | Optional | Password field is deprecated since Sonarqube 9.9 LTS and is going to be removed in next release. It is advised to move to token based login. Sonarqube password when the username instead of user token is used for sonar.login |
SonarQube Analysis Parameters
An overview of all SonarQube Analysis Parameters can be found here. These parameters can be added to the same property file as the Blueriq Sonar Scanner properties.
Encrypting the studio password
By passing the password as a command line argument (using --blueriq.scanner.studio.password=PASSWORD
where PASSWORD
is replaced by the actual password) you can encrypt the password using an external tool in your CI. The following page contains an example on how to configure this in Jenkins using the credentials binding plugin:
Using secrets in Jenkins and other CI tooling should offer similar capabilities. Alternatively, the environment variable BLUERIQ_SCANNER_STUDIO_PASSWORD
environment variable can be set instead of a command line argument.