Preparing your project analysis

SonarQube project creation method

The SonarQube projects can be created according to different methods (see Creating and importing projects). It is highly recommended that you import your GitLab repositories into SonarQube to create the corresponding projects. This way, the project setup is easier and the quality gate report to your merge requests is automatically set up. See Importing your GitHub projects.

If using GitHub Actions

If you use GitHub Actions then the SonarScanners will automatically detect branches or merge requests being built so you don't need to specifically pass them as parameters to the scanner. 

See Adding the SonarQube analysis to your GitHub Actions workflow.

If not using a CI tool

If you don't use a CI tool, to integrate the SonarQube analysis into your build process, you must set up for your project analysis the SonarScanner installed on your CI/CD host. See Analysis Parameters and the respective SonarScanner page: Maven, Gradle, .NET, CLI.

If using a monorepo

See If you're using a monorepo.

Verifying the code checkout step

Make sure the branch to be analyzed is properly checked out during the build process. During the checkout of a working copy (clone) of the code from the project repository, we recommend using the full depth. For more information, see SCM integration.