Repository files navigation

A Python scanner for SonarQube, available on PyPI.

• SonarQube v10.6 or above
• Python 3.9 or above

Install with pip:

pip install pysonar

Once installed, thepysonar scanner can be run from the command line to perform an analysis.It assumes a running SonarQube server or a project configured on SonarCloud.

In order for the analysis to run, analysis properties need to be defined.There are multiple ways of providing these properties, described below in descending order of priority:

1. Through CLI arguments to thepysonar command
2. Environment variables for individual properties (e.g.SONAR_TOKEN,SONAR_VERBOSE,SONAR_HOST_URL, ...)
3. Generic environment variableSONAR_SCANNER_JSON_PARAMS
4. Under the[tool.sonar] key of thepyproject.toml file
5. In a dedicatedsonar-project.properties file
6. Through common properties extracted from thepyproject.toml

Analysis properties can be provided as CLI arguments to thepysonar command.They can be provided in a similar way as when running the SonarScanner CLI directly(seedocumentation).This means that analysis properties provided that way should be prepended with-D, for instance:

$ pysonar -Dsonar.token=myAuthenticationToken

You can use all the arguments allowed bySonarScanner.For more information onSonarScanner please refer to theSonarScanner documentation.

Additionally, some common properties can be provided using a shorter alias, such as:

pysonar --token "MyToken"

SeeCLI_ARGS for more details.

Inside apyproject.toml, Sonar analysis properties can be defined under thetool.sonar table.

[tool.sonar]# must be unique in a given SonarQube/SonarCloud instanceprojectKey=my:project# --- optional properties ---# defaults to project key#projectName=My project# defaults to 'not provided'#projectVersion=1.0 # Path is relative to the pyproject.toml file. Defaults to .#sources=. # Encoding of the source code. Default is default system encoding#sourceEncoding=UTF-8

The configuration parameters can be found in theSonarQube documentation.

In thepyproject.toml file the prefixsonar. for parameter keys should be omitted.For example,sonar.scm.provider in the documentation will becomescm.provider in thepyproject.toml file.

Properties inpyproject.toml files are expected to be provided in camel case. However, kebab case is also accepted:

[tool.sonar]project-key=My Project key # valid alias for projectKey

By default, the scanner will expect thepyproject.toml file to be present in the current directory. However, its path can be provided manually through thetoml-path CLI argument as well as through thesonar.projectBaseDir argument. For instance:

pysonar --toml-path "path/to/pyproject.toml"

Or:

pysonar --sonar-project-base-dir "path/to/projectBaseDir"

Or:

pysonar -Dsonar.projectBaseDir="path/to/projectBaseDir"

When apyproject.toml file is available, the scanner can deduce analysis properties from the project configuration. This is currently supported only for projects usingpoetry.

Exactly likeSonarScanner,the analysis can also be configured with asonar-project.properties file:

# must be unique in a given SonarQube/SonarCloud instancesonar.projectKey=my:project# --- optional properties ---# defaults to project key#sonar.projectName=My project# defaults to 'not provided'#sonar.projectVersion=1.0 # Path is relative to the sonar-project.properties file. Defaults to .#sonar.sources=. # Encoding of the source code. Default is default system encoding#sonar.sourceEncoding=UTF-8

It is also possible to configure the scanner through environment variables:

$ export SONAR_HOST_URL="http://localhost:9000"$ pysonar

See theSonarScannerdocumentation for more information.

For feedback and issues regardingpysonar, do not hesitate to contact us through ourCommunity.

To install the latest pre-released version of Sonar Scanner Python. Execute the following command:

pip install --index-url https://test.pypi.org/simple/ --extra-index-url https://pypi.org/simple/ pysonar

Copyright 2011-2025 SonarSource.

Licensed under theGNU Lesser General Public License, Version 3.0