As of SonarQube v4.0, the server natively supports HTTPS access. The official configuration instructions, however, are not really clear for people who 1) aren't familiar with Java and 2) are running on a Windows server. So in this post, I'm documenting the steps I followed to get SonarQube server up and running with an SSL cert purchased from a signing authority.

Step 1: Create a PKCS#12 Cert File

If you already have a version of your cert that ends with .p12 or .pfx, you can skip this step. Otherwise, you likely have a .cert, .cer or .crt file. You'll need to convert it to PKCS#12 format using the instructions I've provided in a separate post: Converting a SSL Certificate to PKCS#12 Format on Windows

Step 2: Configure SonarQube

Copy the .pfx file you created in Step 1 to the /conf folder of your SonarQube install location. Then open the sonar.properties file in that same folder.

In the "Web" section of the sonar.properties file, you'll need to change the properties as follows:

• sonar.web.https.port=443
  • This will enable HTTPS access on the port you provide (443 is the standard HTTPS port). If you want to force HTTPS access only, you should also set sonar.web.port=-1 to turn off HTTP access.
• sonar.web.https.keyPass=changeit (where changeit is the password you provided during the Export Wizard in Step 1)
• sonar.web.https.keystoreFile=C:/Path/To/Your/SonarQube/conf/exportedCert.pfx
  • Enter the correct path to the .pfx file (hit, Shift-Right-Click the file and choose "Copy as path". Make sure to use forward slashes in your path here, not the standard Windows back-slashes.
• sonar.web.https.keystoreType=PKCS12

Now, restart your SonarQube server.

If there were issues loading your cert, such as a bad password, you may see entries like this in the /log/sonar log file:

Step 3: Change your default URL

Go to the Settings page for your SonarQube server and in the General section, change the URL to use https://hostname.in.your.cert.file/. This will ensure links generated by the system (such as in emails) point to the https link. Make sure the hostname you use matches your cert!

Enjoy!

TeamCity supports using HTTPS access, however they don't provide instructions for configuring this - rather they point you to a set of third-party instructions which are difficult to piece together and are not really clear for people who 1) aren't familiar with Java and 2) are running on a Windows server. So in this post, I'm documenting the steps I followed to get a TeamCity 8.1 server up and running with an SSL cert purchased from a signing authority.

Step 1: Create a PKCS#12 Cert File

If you already have a version of your cert that ends with .p12 or .pfx, you can skip this step. Otherwise, you likely have a .cert, .cer or .crt file. You'll need to convert it to PKCS#12 format using the instructions I've provided in a separate post: Converting a SSL Certificate to PKCS#12 Format on Windows

I suggest placing the file in the /conf folder of your TeamCity installation.

Step 2: Configure the TeamCity server Connector

Open the /conf/server.xml file in your TeamCity installation folder with your favorite text editor and find the <Service name="Catalina"> section where it defines the <Connector> entry. Add an entry as follows:

    <Connector port="443" 
               protocol="HTTP/1.1" 
               SSLEnabled="true"
               scheme="https" 
               secure="true"
               clientAuth="false" 
               sslProtocol="TLS" 
               keystoreFile="C:/your.path/TeamCity/conf/exportedCert.pfx"
               keystorePass="yourpassword"
               keystoreType="PKCS12"
               maxThreads="150" 
               />

Where: - port is the listening port for HTTPS. The standard port for HTTPS is 443. - keystoreFile is the correct path to the .pfx file (hit, Shift-Right-Click the file and choose "Copy as path". Make sure to use forward slashes in your path here, not the standard Windows back-slashes. - keystorePass is the password for the cert (change yourpassword to your actual password)

Now save and restart the server!

If there were any issues, they will be logged into the /log/catalina*.log file, so take a look there if things don't "just work".

Also, don't forget to set the URL in the server's configuration page so that emails, etc, use the new URL.

I'm working on configuring a couple of different Java-based servers (SonarQube and TeamCity) to use HTTPS for connectivity, which is fairly easy if you have a PKCS#12 format cert file. In this post, I'll walk through an option (there are others) for converting a .cert, .crt or .cer file into the PKCS#12 format us built-in Windows certificate store.

Note: you'll need to be an administrator on the Windows machine you're using to do the conversion.

In the Windows Start page, type "Manage Computer Certificates" and open the MMC (or run MMC directly and add the cert snap-in). Right-click on the 'Personal' certs folder and choose the Import option from the All Tasks... menu. This will open the Certificate Import Wizard.

Select your certificate file, enter the cert's password and make sure to enable the "Mark this key as exportable" option. Finish the wizard.

Now, in the MMC, find the cert where you imported it and right-click on it. From the All Tasks... menu, choose Export to open the Certificate Export Wizard. If you don't see Export, go back and make sure you enabled "Mark this key as exportable" during the import process.

Walk through the export wizard and choose "Yes, export the private key".

When asked what format to export to, choose PKCS #12 and enable the "Include all certificates in the certification path" option. You'll be asked to set security for the cert -- select the password option and enter a password. Remember this password, you'll need it later when you configure the webservers to use this cert. Finish the export wizard.

You now have a .pfx file with your PKCS #12 formatted cert.

If you use TeamCity for your builds and to run your SonarQube analysis, you can add a tab to the TeamCity build results page that includes your SonarQube results.

Here's what the end result will look like. Note the "SonarQube" tab next to the Artifacts tab, which includes a report showing new (by default) issues added in this build.

I'm using TeamCity 8.1 and SonarQube 4.1, but older versions of both should be able to use these same steps with little or no changes. I'm analyzing a C# project using the sonar-runner utility, but if you're using Java, you should be able to follow along too.

Setting this up is actually really easy!

In SonarQube, add the Issues Report plugin. The easiest way to do this is by clicking "Install" on it's entry in the Update Center and restarting the SonarQube service.

Then, on your TeamCity server, modify your Sonar Runner build step to include -Dsonar.issuesReport.html.enable=true

This will cause the Sonar Runner to output an html report into the .sonar/issues-report folder after the SonarQube analysis is completed. The next step is exposing that report in a custom tab, which the TeamCity folks have made very easy. If you're using a version of TeamCity older than 8.1, you'll want to follow that link for alternate instructions.

Now, setup the project artifacts path to include the .sonar\\issues-report folder, like this:

Then, go into the project-level settings (not the build-level settings) and click the "Report Tabs" option. You'll use the Create new report tab button to add a "SonarQube" tab and use the issues-report.html file from artifact you just created as the Start Page (issues-report.zip!issues-report.html if you put it in a zip, like I showed above):

Run a build, and you've got your tab! If you don't see the tab, double-check the artifacts path in the Reports Tab settings.

I'm happy to announce that v1.1 of my SonarQube plugin for integrating ReSharper analysis into SonarQube has been released. This is the first public release of the plugin and users can now install it from the built-in SonarQube Update Center.

For existing beta and v1.0 users, please read the important upgrade note at later in this post.

If you are interested in installing this plugin, please read the official documentation and installation instructions.

Overview

The basic idea is this: The good folks at JetBrains have released a commandline-based tool (called “InspectCode”) allowing users to run ReSharper code analysis outside of Visual Studio and generate an XML-based file listing the various issues it detected in your codebase. Oh, and it’s free!

I felt this lined up very well with SonarQube, and wrote a SonarQube plugin to (optionally) execute the ReSharper analysis and consume the results, publishing them into SonarQube as Issues, allowing users to take advantage of the management, planning, reporting, etc, features of SonarQube to manage their code quality and technical debt.

The plugin supports reusing existing reports generated by the ReSharper "inspectcode.exe" tool, or, if the user has separately installed the tools, it supports running the analysis as part of the SonarQube runner. This mirrors the process used for the other .NET ecosystem tools such as FxCop and StyleCop. The JetBrains tools are not bundled with the plugin.

Related: See my other post on Setting up SonarQube analysis for C# projects

What You Can Expect To See

Something like this in Visual Studio:

Will turn into this in SonarQube:

Installation

If you are interested in installing this plugin, please read the official documentation and installation instructions.

IMPORTANT NOTE FOR EXISTING v1.0 USERS:

Between v1.0 and v1.1 of the plugin, the format of the rule keys was changed to remove the use of colons (:). The change in rule keys will cause any customization to those rules to be lost after the upgrade and the new rules will need to be activated in the Quality Profiles.

Disclaimers

I am not associated with JetBrains in any way, aside from being a big fan of many of their products. I have, however, received free licenses to JetBrains products (ReSharper and dotPeek) over the years via raffles at the (now defunct) Chicago Alt.Net Users Group, which was sponsored by JetBrains.