SonarQube

Supported OS Linux Windows Mac OS

Integration version5.0.0

Overview

This check monitors SonarQube.

Setup

Installation

The SonarQube check is included in the Datadog Agent package. No additional installation is needed on your server.

Configuration

SonarQube exposes metrics from two sources: its web API and JMX. To collect all of the metrics specified below, configure three instances of this check. One to monitor SonarQube’s web API, and the other two to monitor SonarQube’s JMX beans.

Documentation on SonarQube’s web API is available at /web_api on your SonarQube web UI. By default this integration collects all relevant SonarQube performance metrics exposed through SonarQube’s JMX beans. The configuration for these default metrics is available in the sonarqube.d/metrics.yaml file. Documentation on these beans is available on SonarQube’s website.

SonarQube’s JMX server is not enabled by default, this means that unless it is enabled, sonarqube.server.* metrics are not collected. More information on how to enable and configure JMX within SonarQube is available within the SonarQube documentation. Below are configurations needed to enable the JMX server for some common Java processes:

# WEB SERVER
sonar.web.javaAdditionalOpts="
  -Dcom.sun.management.jmxremote=true
  -Dcom.sun.management.jmxremote.port=10443
  -Dcom.sun.management.jmxremote.rmi.port=10443
  ...
  "

# COMPUTE ENGINE
sonar.ce.javaAdditionalOpts="
  -Dcom.sun.management.jmxremote=true
  -Dcom.sun.management.jmxremote.port=10444
  -Dcom.sun.management.jmxremote.rmi.port=10444
  ...
  "

# ELASTICSEARCH
sonar.search.javaAdditionalOpts="
  -Dcom.sun.management.jmxremote=true
  -Dcom.sun.management.jmxremote.port=10445
  -Dcom.sun.management.jmxremote.rmi.port=10445
  ...
  "

This is a basic sonarqube.d/conf.yaml example based on SonarQube and JMX defaults. You can use it as a starting point when configuring for both the host-based or container-based Agent installation.

init_config:
    is_jmx: false
    collect_default_metrics: true
instances:

  # Web API instance
  - is_jmx: false
    web_endpoint: http://localhost:9000
    auth_type: basic
    username: <username>    # Defined in the Web UI
    password: <password>    # Defined in the Web UI
    default_tag: component  # Optional
    components:             # Required
      my-project:
        tag: project_name

  # Web JMX instance
  - is_jmx: true
    host: localhost
    port: 10443           # See sonar.web.javaAdditionalOpts in SonarQube's sonar.properties file
    user: <username>      # Defined in SonarQube's sonar.properties file
    password: <password>  # Defined in SonarQube's sonar.properties file

  # Compute Engine JMX instance
  - is_jmx: true
    host: localhost
    port: 10444           # See sonar.ce.javaAdditionalOpts in SonarQube's sonar.properties file
    user: <username>      # Defined in SonarQube's sonar.properties file
    password: <password>  # Defined in SonarQube's sonar.properties file

Note: Once the integration is configured, have SonarQube scan at least one project to send metrics to Datadog.

Metrics collected by this integration are tagged with a component tag by default. If you wish to change the tag name on a per component basis, specify the tag property within the component definition. To set it for all projects, set the default_tag property on the instance config.

Note: Projects in SonarQube often contain multiple source control branches. This integration can only collect metrics from the default branch in SonarQube (typically main).

Search server metrics

SonarQube exposes a search server, which can be monitored using an additional instance of this integration and a configuration of the JMX metrics. To learn how to customize the metrics to collect, see the JMX Checks documentation for more detailed instructions. For an example, use the config below and default JMX metric config in sonarqube.d/metrics.yaml.

init_config:
  # The list of metrics to be collected by the integration.
  config:
    - include:
      domain: SonarQube
      name: <name>
      exclude_tags:
        - name
      attribute:
        MyMetric:
          alias: sonarqube.search_server.my_metric
          metric_type: gauge
instances:
  # Search Server JMX instance
  - is_jmx: true
    host: localhost
    port: 10445           # See sonar.search.javaAdditionalOpts in SonarQube's sonar.properties file
    user: <username>      # Defined in SonarQube's sonar.properties file
    password: <password>  # Defined in SonarQube's sonar.properties file

Host

To configure this check for an Agent running on a host:

Metric collection
  1. Edit the sonarqube.d/conf.yaml file, in the conf.d/ folder at the root of your Agent’s configuration directory to start collecting your SonarQube data. See the sample sonarqube.d/conf.yaml for all available configuration options.

    This check has a limit of 350 metrics per JMX instance. The number of returned metrics is indicated in the status page. You can specify the metrics you are interested in by editing the configuration below. To learn how to customize the metrics to collect, see the JMX Checks documentation for more detailed instructions. If you need to monitor more metrics, contact Datadog support.

  2. Restart the Agent.

Log collection
  1. Enable SonarQube logging.

  2. Collecting logs is disabled by default in the Datadog Agent. Enable it in your datadog.yaml file:

    logs_enabled: true
    
  3. Add the following configuration block to your sonarqube.d/conf.yaml file. Change the path and service parameter values based on your environment. See the sample sonarqube.d/conf.yaml for all available configuration options.

    logs:
      - type: file
        path: /opt/sonarqube/logs/access.log
        source: sonarqube
      - type: file
        path: /opt/sonarqube/logs/ce.log
        source: sonarqube
        log_processing_rules:
          - type: multi_line
            name: log_start_with_date
            pattern: \d{4}\.\d{2}\.\d{2}
      - type: file
        path: /opt/sonarqube/logs/es.log
        source: sonarqube
        log_processing_rules:
          - type: multi_line
            name: log_start_with_date
            pattern: \d{4}\.\d{2}\.\d{2}
      - type: file
        path: /opt/sonarqube/logs/sonar.log
        source: sonarqube
        log_processing_rules:
          - type: multi_line
            name: log_start_with_date
            pattern: \d{4}\.\d{2}\.\d{2}
      - type: file
        path: /opt/sonarqube/logs/web.log
        source: sonarqube
        log_processing_rules:
          - type: multi_line
            name: log_start_with_date
            pattern: \d{4}\.\d{2}\.\d{2}
    
  4. Restart the Agent.

Containerized

Metric collection

For containerized environments, see the Autodiscovery with JMX guide.

Log collection

Collecting logs is disabled by default in the Datadog Agent. To enable it, see Docker log collection.

ParameterValue
<LOG_CONFIG>{"source": "sonarqube"}

Components Discovery

You can configure how your components are discovered with the components_discovery parameter.

limit
Maximum number of items to be autodiscovered.
Default value: 10
include
Mapping of regular expression keys and component config values to autodiscover.
Default value: empty map
exclude
List of regular expressions with the patterns of components to exclude from autodiscovery.
Default value: empty list

Examples:

Include a maximum of 5 components with names starting with my_project:

components_discovery:
  limit: 5
  include:
    'my_project*':

Include a maximum of 20 components and exclude those beginning with temp:

components_discovery:
  limit: 20
  include:
    '.*':
  exclude:
    - 'temp*'

Include all components with names starting with issues, apply the issues_project tag, and only collect metrics belonging to the category issues. As limit is not defined, the number of components discovered is limited to the default value 10:

components_discovery:
  include:
    'issues*':
       tag: issues_project
       include:
         - issues.

Validation

Run the Agent’s status subcommand and look for sonarqube under the JMXFetch section:

========
JMXFetch
========
  Initialized checks
  ==================
    sonarqube
      instance_name : sonarqube-localhost-10444
      message : <no value>
      metric_count : 33
      service_check_count : 0
      status : OK
      instance_name : sonarqube-localhost-10443
      message : <no value>
      metric_count : 38
      service_check_count : 0
      status : OK

If you set an instance without is_jmx: true, also look for sonarqube under the Collector section:

=========
Collector
=========
  Running Checks
  ==============
    sonarqube (1.1.0)
    -----------------
      Instance ID: sonarqube:1249c1ed7c7b489a [OK]
      Configuration Source: file:/etc/datadog-agent/conf.d/sonarqube.d/conf.yaml
      Total Runs: 51
      Metric Samples: Last Run: 39, Total: 1,989
      Events: Last Run: 0, Total: 0
      Service Checks: Last Run: 1, Total: 51
      Average Execution Time : 1.19s
      Last Execution Date : 2021-03-12 00:00:44.000000 UTC
      Last Successful Execution Date : 2021-03-12 00:00:44.000000 UTC

Data Collected

Metrics

sonarqube.complexity.cognitive_complexity
(gauge)
Cognitive complexity
sonarqube.complexity.complexity
(gauge)
Cyclomatic complexity
sonarqube.coverage.branch_coverage
(gauge)
Condition coverage
Shown as percent
sonarqube.coverage.conditions_to_cover
(gauge)
Conditions to cover
sonarqube.coverage.coverage
(gauge)
Coverage by tests
Shown as percent
sonarqube.coverage.line_coverage
(gauge)
Line coverage
Shown as percent
sonarqube.coverage.lines_to_cover
(gauge)
Lines to cover
sonarqube.coverage.new_branch_coverage
(gauge)
Condition coverage of new/changed code
Shown as percent
sonarqube.coverage.new_conditions_to_cover
(gauge)
Conditions to cover on new code
sonarqube.coverage.new_coverage
(gauge)
Coverage of new/changed code
Shown as percent
sonarqube.coverage.new_line_coverage
(gauge)
Line coverage of added/changed code
Shown as percent
sonarqube.coverage.new_lines_to_cover
(gauge)
Lines to cover on new code
sonarqube.coverage.new_uncovered_conditions
(gauge)
Uncovered conditions on new code
sonarqube.coverage.new_uncovered_lines
(gauge)
Uncovered lines on new code
sonarqube.coverage.skipped_tests
(gauge)
Number of skipped unit tests
sonarqube.coverage.test_errors
(gauge)
Number of unit test errors
sonarqube.coverage.test_failures
(gauge)
Number of unit test failures
sonarqube.coverage.test_success_density
(gauge)
Density of successful unit tests
Shown as percent
sonarqube.coverage.tests
(gauge)
Number of unit tests
sonarqube.coverage.uncovered_conditions
(gauge)
Uncovered conditions
sonarqube.coverage.uncovered_lines
(gauge)
Uncovered lines
sonarqube.duplications.duplicated_blocks
(gauge)
Duplicated blocks
sonarqube.duplications.duplicated_files
(gauge)
Duplicated files
sonarqube.duplications.duplicated_lines
(gauge)
Duplicated lines
sonarqube.duplications.duplicated_lines_density
(gauge)
Duplicated lines balanced by statements
Shown as percent
sonarqube.duplications.new_duplicated_blocks
(gauge)
Duplicated blocks on new code
sonarqube.duplications.new_duplicated_lines
(gauge)
Duplicated Lines on New Code
sonarqube.duplications.new_duplicated_lines_density
(gauge)
Duplicated lines (%) on new code balanced by statements
Shown as percent
sonarqube.issues.blocker_violations
(gauge)
Blocker issues
sonarqube.issues.confirmed_issues
(gauge)
Confirmed issues
sonarqube.issues.critical_violations
(gauge)
Critical issues
sonarqube.issues.false_positive_issues
(gauge)
False positive issues
sonarqube.issues.info_violations
(gauge)
Info issues
sonarqube.issues.major_violations
(gauge)
Major issues
sonarqube.issues.minor_violations
(gauge)
Minor issues
sonarqube.issues.new_blocker_violations
(gauge)
New Blocker issues
sonarqube.issues.new_critical_violations
(gauge)
New Critical issues
sonarqube.issues.new_info_violations
(gauge)
New Info issues
sonarqube.issues.new_major_violations
(gauge)
New Major issues
sonarqube.issues.new_minor_violations
(gauge)
New Minor issues
sonarqube.issues.new_violations
(gauge)
New issues
sonarqube.issues.open_issues
(gauge)
Open issues
sonarqube.issues.reopened_issues
(gauge)
Reopened issues
sonarqube.issues.violations
(gauge)
Issues
sonarqube.issues.wont_fix_issues
(gauge)
Won't fix issues
sonarqube.maintainability.code_smells
(gauge)
Code Smells
sonarqube.maintainability.new_code_smells
(gauge)
New Code Smells
sonarqube.maintainability.new_maintainability_rating
(gauge)
Maintainability rating on new code
sonarqube.maintainability.new_sqale_debt_ratio
(gauge)
Technical Debt Ratio of new/changed code.
Shown as percent
sonarqube.maintainability.sqale_debt_ratio
(gauge)
Ratio of the actual technical debt compared to the estimated cost to develop the whole source code from scratch
Shown as percent
sonarqube.maintainability.sqale_rating
(gauge)
A-to-E rating based on the technical debt ratio
sonarqube.reliability.bugs
(gauge)
Bugs
sonarqube.reliability.new_bugs
(gauge)
New Bugs
sonarqube.reliability.new_reliability_rating
(gauge)
Reliability rating on new code
sonarqube.reliability.reliability_rating
(gauge)
Reliability rating
sonarqube.security.new_security_rating
(gauge)
Security rating on new code
sonarqube.security.new_vulnerabilities
(gauge)
New Vulnerabilities
sonarqube.security.security_rating
(gauge)
Security rating
sonarqube.security.vulnerabilities
(gauge)
Vulnerabilities
sonarqube.security_review.new_security_hotspots
(gauge)
New Security Hotspots
sonarqube.security_review.new_security_hotspots_reviewed
(gauge)
Percentage of Security Hotspots Reviewed on New Code
Shown as percent
sonarqube.security_review.new_security_review_rating
(gauge)
Security Review Rating on New Code
sonarqube.security_review.security_hotspots
(gauge)
Security Hotspots
sonarqube.security_review.security_hotspots_reviewed
(gauge)
Percentage of Security Hotspots Reviewed
Shown as percent
sonarqube.security_review.security_review_rating
(gauge)
Security Review Rating
sonarqube.server.async_execution.largest_worker_count
(gauge)
sonarqube.server.async_execution.queue_size
(gauge)
sonarqube.server.async_execution.worker_count
(gauge)
sonarqube.server.compute_engine_tasks.error_count
(count)
Number of Background Tasks which failed since the last restart of SonarQube
Shown as error
sonarqube.server.compute_engine_tasks.in_progress_count
(gauge)
Number of Background Tasks currently under processing. Its value is either 1 or 0, since SonarQube can process only one task at a time.
sonarqube.server.compute_engine_tasks.longest_pending_time
(gauge)
Pending time (ms) of the oldest Background Task waiting to be processed. This measure, together with PendingCount, helps you know if analyses are stacking and taking too long to start processing. This helps you evaluate if it might be worth configuring additional Compute Engine workers (Enterprise Edition) or additional nodes (Data Center Edition) to improve performance. Requires SonarQube >=9.0.
Shown as millisecond
sonarqube.server.compute_engine_tasks.pending_count
(count)
Number of Background Tasks waiting to be processed since the last restart of SonarQube
sonarqube.server.compute_engine_tasks.processing_time
(gauge)
Measure the time spent to process Background Tasks since the last restart. The value will always increase. This measure is powerful when combined with SuccessCount and ErrorCount measures to get the average time to handle a Background Task, or when used to understand how much time the server is spending during a day to handle Background Tasks. It gives you an indication of the load on your server.
sonarqube.server.compute_engine_tasks.success_count
(count)
Number of Background Tasks successfully processed since the last restart of SonarQube
sonarqube.server.compute_engine_tasks.worker_count
(gauge)
Number of Background Tasks that can be processed at the same time
sonarqube.server.compute_engine_tasks.worker_max_count
(gauge)
sonarqube.server.database.pool_active_connections
(gauge)
Number of active database connections
Shown as connection
sonarqube.server.database.pool_idle_connections
(gauge)
Number of database connections waiting to be used
Shown as connection
sonarqube.server.database.pool_initial_size
(gauge)
Initial size of the database connections pool
Shown as connection
sonarqube.server.database.pool_max_active_connections
(gauge)
Maximum number of active database connections
Shown as connection
sonarqube.server.database.pool_max_idle_connections
(gauge)
Maximum number of database connections waiting to be used
Shown as connection
sonarqube.server.database.pool_max_wait_millis
(gauge)

Shown as millisecond
sonarqube.server.database.pool_min_idle_connections
(gauge)

Shown as connection
sonarqube.server.database.pool_remove_abandoned_timeout_seconds
(gauge)

Shown as second
sonarqube.size.classes
(gauge)
Classes
sonarqube.size.comment_lines
(gauge)
Number of comment lines
sonarqube.size.comment_lines_density
(gauge)
Comments balanced by ncloc + comment lines
Shown as percent
sonarqube.size.directories
(gauge)
Directories
sonarqube.size.files
(gauge)
Number of files
sonarqube.size.functions
(gauge)
Functions
sonarqube.size.generated_lines
(gauge)
Number of generated lines
sonarqube.size.generated_ncloc
(gauge)
Generated non Commenting Lines of Code
sonarqube.size.lines
(gauge)
Lines
sonarqube.size.ncloc
(gauge)
Non commenting lines of code
sonarqube.size.new_lines
(gauge)
New lines
sonarqube.size.projects
(gauge)
Number of projects
sonarqube.size.statements
(gauge)
Number of statements

Events

SonarQube does not include any events.

Service Checks

sonarqube.can_connect
Returns CRITICAL if the Agent is unable to connect to and collect metrics from the monitored SonarQube instance’s JMX endpoint, WARNING if no metrics are collected, and OK otherwise.
Statuses: ok, critical, warning

sonarqube.api_access
Returns CRITICAL if the Agent is unable to connect to and collect metrics from the monitored SonarQube instance’s web endpoint, otherwise returns OK.
Statuses: ok, critical

Troubleshooting

Need help? Contact Datadog support.

Further Reading

Additional helpful documentation, links, and articles: