Use SonarQube with Azure DevOps or Team Foundation Server (TFS) for Java development

Configure an Azure DevOps Services or TFS Maven or Gradle build task to use SonarQube for code project and technical debt analysis.

Prerequisites

About SonarQube

SonarQube is a set of static analyzers that can be used to identify areas of improvement in your code. It allows you to analyze the technical debt in your project and keep track of it in the future. With Maven and Gradle build tasks, you can run SonarQube analysis with minimal setup in a new or existing Azure DevOps Services build task.

Creating a SonarQube endpoint

To use your SonarQube server, you need to setup an endpoint connection under the Services tab in the Control Panel menu. For explicit instructions on how to configure your SonarQube endpoint, follow the instructions outlined in the SonarQube Azure DevOps Services documentation for configuring the new build task.

Enabling SonarQube analysis

After setting up a Maven build task or a Gradle build task for your repository, you can enable SonarQube analysis by selecting the option under the Code Analysis option in the task. Both build tasks will require you to select a SonarQube endpoint which you should have already configured. Additional information such as project name and project key may be needed depending on the task.

Azure DevOps Services VSCode extension login indicator

Note

SonarQube support for Maven is currently available for Azure DevOps Services or TFS 2015 Update 1 or later.

SonarQube support for Gradle is currently available for Azure DevOps Services and TFS 2017 or later.

Frequently Asked Questions (FAQ)

Q: What versions of TFS support SonarQube analysis in builds?

A: At this moment, SonarQube analysis is available for both Maven and Gradle build tasks on Azure DevOps Services. Additionally, it is also present for the Maven build task in TFS 2015 Update 1 or later.