Automated Code Quality Analysis- Integrating Sonarqube with Bitbucket and Bamboo

Automated code analysis is a powerful and useful technology and Sonarqube is the leading open-source platform in this space. According to Sonarqube’s official documentation:

"Sonarqube® software (previously called Sonar) is an open source quality management platform, dedicated to continuously analyze and measure technical quality, from project portfolio to method." 

Bitbucket is amazing for enabling collaboration among developers in an intuitive web interface. Integrating Sonarqube with Bitbucket provides automated feedback on code quality issues in the relevant context of pull requests where the peer code reviews are happening.

Bitbucket Integration

In the pull request view:

    1. Summary of the Sonarqube analysis is visible to the participants:

      In this example, we can see that the codebase currently has a total of 4 critical issues out of which 3 were introduced by the feature branch under review. Similarly, 1 additional major and minor issues were introduced by the current branch:

    2. The "Diff" tab in the pull request details can show details on the Sonarqube analysis in relation to the code change:

    3. If the reviewer wants to find a detailed analysis report, clicking on the Sonarqube marker icons will display details on the issue. In the example above it shows details on the "Critical" issue found for line #66. There are options to convert this into a comment or viewing details about the rule that triggered this result and the suggested fix.
    4. Sonarqube analysis can also be used as a merge check by setting thresholds in the Bitbucket repository settings.

      The example repository below has the condition which will not allow anyone to merge a pull request that has more than 1 critical issue:

How does this work?

Overall Setup:

Sonarqube analysis is triggered by the Continuous Integration Setup in Bamboo via build plan branches. The results published to Sonarqube analysis is available to Bitbucket Server and accessible to users in the Pull Requests view.

source: (Before version 4.x, Bitbucket Server was known as Stash)

Bamboo Integration

In Bamboo you need to add the Sonarqube Maven task within your build job in order for Sonarqube to trigger an analysis. Link to Sonarqube analysis is visible in the Bamboo results summary page:

When you click on the Sonarqube link it takes you to the Sonarqube home page of the particular branch build 

Sonarqube Analysis

A typical Sonarqube analysis will include  

  1. Home Page :  provides a summary of the entire analysis. Here, Technical Debt, Coverage, Duplication, Structure are the areas highlighted:

  2. Technical Debt: Sonarqube, based on its policies, does a code analysis to find the issues in your code like conventions, security, performance, error-handling, etc
    1. Depending on the policies, it raises issues for the user to address.
    2. Additionally, it provides the amount of effort required to address those issues
    3. Sonarqube also provides interesting graphical visualization of various statistics related to the analysis results:

  3. Coverage: Helps you determine percentage of code covered by the unit test. 
    1. A graphical representation of each file’s test coverage and indicating number of uncovered lines:

  4. Duplications: Displays duplicate blocks, lines and files:

  5. Structure: This section shows us the architecture of the project
    1. What percentage of code is in JAVA, XML, or in any other languages?
    2. How complex is the code?
    3. Number of functions defined, classes used, etc
    4. Based on the above analysis, a reviewer can decide, with confidence, whether code should be merged or needs to be cleaned up.


Sonarqube is a powerful platform for continuous inspection of source code and various aspects pertaining to quality and best practices. Integrating Sonarqube analysis into pull requests in Bitbucket server makes this very useful for developers, thanks to the marketplace addons available for Bitbucket and Bamboo. Please visit Sonarqube’s website for more information on the product. 

Be sure to contact Addteq with your all of your DevOps and Continuous Inspection needs!

Related Content
work from anywhere
Embracing the Freedom: Work from anywhere
If our products can be used from anywhere, we should also be able to work from anywhere. This blog shows...
Jira Accessibility: Best Practices for enhancing collaboration
Jira is a powerful tool to streamline workflows and enhance productivity. This blog explores four best...
The Perfect Match: Confluence & Excellentable
Discover the perfect match for your team's collaboration needs this Valentine's Day. Learn how to seamlessly...

Leave a Reply

Your email address will not be published. Required fields are marked *