docs.sonarcloud.io
Open in
urlscan Pro
2a05:d014:275:cb01:457d:6b8c:73fc:8f8f
Public Scan
Submitted URL: https://docs.sonarcloud.io/appendices/scanner-environment/#nodejs-configuration
Effective URL: https://docs.sonarcloud.io/appendices/scanner-environment/
Submission: On September 07 via manual from IN — Scanned from DE
Effective URL: https://docs.sonarcloud.io/appendices/scanner-environment/
Submission: On September 07 via manual from IN — Scanned from DE
Form analysis 1 forms found in the DOM
<form novalidate="" class="ais-SearchBox-form" action="" role="search"><input type="search" placeholder="Search for pages or keywords" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" required="" maxlength="512" value=""
class="ais-SearchBox-input"><button type="submit" title="Submit your search query." class="ais-SearchBox-submit"><svg class="ais-SearchBox-submitIcon" xmlns="http://www.w3.org/2000/svg" width="10" height="10" viewBox="0 0 40 40">
<path
d="M26.804 29.01c-2.832 2.34-6.465 3.746-10.426 3.746C7.333 32.756 0 25.424 0 16.378 0 7.333 7.333 0 16.378 0c9.046 0 16.378 7.333 16.378 16.378 0 3.96-1.406 7.594-3.746 10.426l10.534 10.534c.607.607.61 1.59-.004 2.202-.61.61-1.597.61-2.202.004L26.804 29.01zm-10.426.627c7.323 0 13.26-5.936 13.26-13.26 0-7.32-5.937-13.257-13.26-13.257C9.056 3.12 3.12 9.056 3.12 16.378c0 7.323 5.936 13.26 13.258 13.26z">
</path>
</svg></button><button type="reset" title="Clear the search query." class="ais-SearchBox-reset" hidden=""><svg class="ais-SearchBox-resetIcon" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" width="10" height="10">
<path d="M8.114 10L.944 2.83 0 1.885 1.886 0l.943.943L10 8.113l7.17-7.17.944-.943L20 1.886l-.943.943-7.17 7.17 7.17 7.17.943.944L18.114 20l-.943-.943-7.17-7.17-7.17 7.17-.944.943L0 18.114l.943-.943L8.113 10z"></path>
</svg></button></form>Text Content
*
* Help
Documentation
GETTING STARTED
IMPROVING YOUR CODE
ENRICHING YOUR ANALYSIS
MANAGING YOUR ORGANIZATION
SETTING YOUR STANDARDS
ADVANCED SETUP
DIGGING DEEPER
APPENDICES
PRICING
FREQUENTLY ASKED QUESTIONS
TROUBLESHOOTING
BITBUCKET CLOUD INTEGRATION
GITHUB CODE SCANNING ALERTS
GLOSSARY
KEYBOARD SHORTCUTS
ANNOUNCEMENTS
SCANNER ENVIRONMENT
PRIVACY POLICY
SECURITY STATEMENT
PROJECT INFORMATION
SCANNER ENVIRONMENT
A Java runtime environment is always required to run the scanner that performs
(CI-based) analysis. This applies to all scanner variants (CLI, Cloud
CI-specific, etc.)
Additionally, in order to analyze JavaScript, TypeScript or CSS, the scanner
also requires a Node.js runtime.
The required versions for these runtimes change with successive versions of the
scanner. The current requirements and recommendations are:
* You must use at least Java 11 or 17.
* You should use at least Node.js 14, though we recommend that you use the
latest Node.js LTS, which is currently Node.js 16.
SCANNER VS PROJECT
The requirements above refer only to the versions of Java and Node.js used by
the scanner itself to run. It does not restrict the versions of Java,
JavaScript, TypeScript or CSS that can be analyzed by the scanner.
JAVA CONFIGURATION
GITHUB ACTIONS
The SonarCloud GitHub Action can be configured for different target build
technologies. You can find samples for .NET, Gradle, Maven and a generic one,
all running with JDK11 here.
MAVEN / GRADLE
If your whole Maven or Gradle build doesn't run on Java 11 or 17, we suggest
first to try to base the whole build on one of those versions of Java. If it's
not compatible, then you can override the JAVA_HOME environment variable just
before the analysis step, as shown here:
# Maven
mvn verify ...
export JAVA_HOME=/path/to/java11
mvn sonar:sonar ...
# Gradle
gradle build ...
export JAVA_HOME=/path/to/java11
gradle sonarqube ...
AZURE DEVOPS
All VM images available in Azure Pipelines for Microsoft-hosted agents already
contain Java 11. There is no further action required. For self-hosted agents you
must ensure that you are using Java 11 or 17. You can either modify your build
pipeline to ensure that it runs with Java 11 or 17 by default, or override the
JAVA_HOME environment variable just before running the analysis.
XAMARIN
For the specific case of Xamarin, which only allows Java 8, you will need to
specify a Java 8 path separately when invoking MSBuild (using, for example,
XAMARIN_JAVA_HOME), and then leave the JAVA_HOME environment variable for the
scanner only.
$env:JAVA_HOME=/path/to/java11
$env:XAMARIN_JAVA_HOME=/path/to/java8
msbuild.exe /p:JavaSdkDirectory=$env:XAMARIN_JAVA_HOME
DOCKERFILE
Multiple base images can be used to run your build with Java 11, here are some
examples:
* openjdk:11-jre-slim
* debian:buster and above
* gradle:jre11-slim
If your build is not compatible with Java 11, then you can override the
JAVA_HOME environment variable to point to Java 11 immediately before running
the scanners.
JENKINS
You can easily define a new JDK version by navigating to Manage Jenkins > Global
Tool Configuration if you have the JDK Tool Plugin installed.
DECLARATIVE PIPELINES
If you are using a declarative pipeline with different stages, you can add a
'tools' section to the stage in which the code scan occurs. This will make the
scanner use the JDK version that is specified.
stage('SonarCloud analysis') {
tools {
jdk "jdk11" // the name you have given the JDK installation in Global Tool Configuration
}
environment {
scannerHome = tool 'SonarCloud Scanner' // the name you have given the Sonar Scanner (in Global Tool Configuration)
}
steps {
withSonarQubeEnv(installationName: 'SonarCloud') {
sh "${scannerHome}/bin/sonar-scanner -X"
}
}
}
If you are analyzing a Java 8 project, you probably want to continue using Java
8 to build your project. The following example allows you to continue building
in Java 8, but will use Java 11 to scan the code:
stage('Build') {
tools {
jdk "jdk8" // the name you have given the JDK installation using the JDK manager (Global Tool Configuration)
}
steps {
sh 'mvn compile'
}
}
stage('SonarCloud analysis') {
tools {
jdk "jdk11" // the name you have given the JDK installation using the JDK manager (Global Tool Configuration)
}
environment {
scannerHome = tool 'SonarCloud Scanner' // the name you have given the Sonar Scanner (Global Tool Configuration)
}
steps {
withSonarQubeEnv(installationName: 'SonarCloud') {
sh 'mvn sonar:sonar'
}
}
}
This example is for Maven but it can be easily modified to use Gradle.
CLASSICAL PIPELINES
Set Job JDK version
Set the JDK version to be used by jobs in the General section of your
configuration. This option is only visible if you have configured multiple JDK
versions under Manage Jenkins > Global Tool Configuration.
Set 'Execute SonarQube Scanner' JDK version
If you are using the "Execute SonarQube Scanner" step in your configuration, you
can set the JDK for this step in the configuration dialog. By using this
approach, you can use JDK 11 only for the code scanning performed by SonarCloud.
All the other steps in the job will use the globally configured JDK.
Java 8 projects
Jenkins does not offer functionality to switch JDKs when using a Freestyle
project or Maven project configuration. To build your project using Java 8, you
will have to manually set the JAVA_HOME variable to Java 11 when running the
analysis.
This can be done by using the Tool Environment Plugin. This plugin lets you
expose the location of the JDK you added under Manage Jenkins > Global Tool
Configuration.
The location of the JDK can then be used to set the JAVA_HOME variable in a post
step command, like this:
export JAVA_HOME=$OPENJDK_11_HOME/Contents/Home
mvn $SONAR_MAVEN_GOAL
NODE.JS CONFIGURATION
GITHUB ACTIONS
The SonarCloud GitHub Action already uses Node.js 14+. If you are using the
official SonarCloud Action, there is nothing further to do. If you are using
your own GitHub Action and invoke the SonarScanner manually within that Action,
then you should ensure that you are also using at least Node.js 14. See Other
cases below.
BITBUCKET PIPELINES
Version 1.4.0 and onward of the sonarcloud-scan Bitbucket Pipe uses Node.js 14+.
You should ensure that you specify at least version 1.4.0 of the pipe
declaration in your bitbucket-pipelines.yml. For example:
- pipe: sonarsource/sonarcloud-scan:1.4.0
AZURE PIPELINES
All VM images available in Azure Pipelines for Microsoft-hosted agents already
contain Node.js 14+. There is no further action required. For self-hosted agents
you must ensure that you are using Node.js 14+.
GITLAB CI/CD
The recommended setup for your .gitlab-ci.yml specifies sonar-scanner-cli:latest
which already uses Node.js 14+. If you are using the recommended setup there is
nothing further to do.
CIRCLE CI
When using the official SonarCloud CircleCI Orb, you should ensure that the
version of Node.js specified is 14+. For example, in your .circleci/config.yml
file, you should have a stanza that looks something like this:
jobs:
build:
docker:
- image: 'node:16.14.0'
TRAVIS CI
You should specify Node.js 14+ in your .travis.yml file.
JENKINS
You should ensure that the Node.js version used by your Jenkins jobs is at least
version 14. If you want to manage multiple versions of Node.js in Jenkins, the
NodeJS Jenkins plugin may be useful.
OTHER CASES
If your build setup falls into one of the following categories, then you will
need to ensure that the build environment within which the SonarScanner runs has
Node.js 14+ installed:
* Manual invocation of the SonarScanner from the command line.
* Custom local build script invoking the SonarScanner.
* Non-standard use of a SonarCloud-integrated CI (that is, one of the above).
For example, using GitHub Actions but not using the provided SonarCloud
GitHub Action and instead using some other custom Action.
* Use of a CI that is not SonarCloud-integrated (that is, not one of the above)
In general, if you are running the SonarScanner command line tool as an
executable, then Node.js 14+ needs to be installed on the machine where it is
run. Alternatively, if you are using the SonarScanner Docker image, then you
just have to ensure that you are using at least version 4.4 of the image, as it
already bundles the correct version of Node.js.
ON THIS PAGE
Scanner vs projectJava configurationNode.js configuration
© 2008-2022, SonarCloud by SonarSource SA. All rights reserved.
News - Twitter - Terms - Pricing - Privacy - Security - Community - Contact us -
Status - About