Customers have installed this add-on in at least 666 active instances.
    by Mibex Software GmbHAtlassian Verified
    Mibex Software GmbH is an Atlassian Verified vendor. Verified vendors demonstrate Atlassian standards for add-on quality, reliability, and support.

    Learn more

    for Bitbucket Server 4.0.0 - 4.14.4 and more versions
    Versions available for Bitbucket Server 3.2.0 - 3.11.6
    This add-on isn't formally supported, but you can ask a question via Atlassian Answers.

    Ask a question

    Mibex Software GmbH supports this add-on.

    Get support

    Data Center
    This add-on is compatible with the clustering and high-availability capabilities of our products.

    Integrates SonarQube by showing metrics, test coverage and code issues in pull requests

    Integrates SonarQube by showing metrics, test coverage and code issues in pull requests

    Shows Sonar code issues in pull requests

    Visualizes code coverage and duplicate code lines

    Pull request statistics and quality merge checks

    Shows issues found by Sonar directly in the pull request diff view. Provides a context menu which allows you to see issue details in Sonar, to mark an issue as a false positive or to create a comment or task for it.

    Shows code coverage directly in your pull request diff view. Also marks duplicated code lines and offers links to directly go to the affected code lines in Bitbucket Server.

    Shows Sonar statistics in the pull request overview and provides merge checks based on SonarQube's quality gates and other quality metrics like technical debt, code coverage, issues based on severity and duplicated code.

    More details

    This add-on integrates SonarQube's useful metrics and defect hunting tools into Bitbucket Server's pull requests. Detected code violations, uncovered and duplicate code lines are directly shown in Bitbucket Server's diff view. By only showing them on changed lines of the pull request, the code review peers can focus on the code that should be integrated into the target branch.

    For every found Sonar issue, a Bitbucket Server task can be created by just one click so that fixing it is not forgotten. Sonar metrics like technical debt are shown on the pull request overview. To ensure a good quality of new code changes, this add-on provides merge checks to disallow code being merged in if it doesn't meet the configured quality requirements.

    This add-on requires a build that generates different Sonar projects for the pull request branches. Our free add-on Sonar for Bamboo is able to do this automatically. For Jenkins and Teamcity, we describe the setup in detail on our wiki page.

    User reviews

    Sign in to write a review
    by Adrien Pujol on 2017-03-25
    Great plugin but isn't compatible with Sonarqube 6.3 yet.
    Was this review helpful?YesNo
    Mibex Software GmbH

    Thank you for your feedback. Please note that plug-in versions >= 1.11 are compatible with SonarQube 6.3. From 1.11.1 on everything just works automatically. For 1.11.0 you have to re-save your SonarQube server settings to clear the version cache. Hope this helps. Otherwise, please let us know by opening a support ticket.

    by Tiago Ferreira on 2017-03-24
    We are using this plugin for some time now in our production Bitbucket instance. Its a really game changer because it helps to easily visualise all the SonarQ stats directly in the PR. Now each developer can better measure his contribution to the master branch and repository maintainers can easily control their "Merge Checks" by defining certain requirements that the PR must follow (example having a code coverage higher then x) Apart of that the support from Mibex Software is very good. They answer question and features requests super fast.
    Was this review helpful?YesNo
    by Orlando Caro on 2017-02-10
    I am currently evaluating this plugin. It works well. We are able to see the results in-line in bitbucket pull requests similarly to how it reports in sonarqube. To get the correct results in a pull request, the plugin configuration needs to set analysis mode as branch-based, otherwise the results will include code that was not modified in the branch, which leads to false positives against the developer. This is particularly important for legacy applications that likely have tons of technical debt. About the trial - nag screens. When the trial expires, the plugin constantly overlays with message boxes: "Sonar for Bitbucket failed Your evaluation license of Sonar for Bitbucket expired. If you liked this add-on, please use the Buy button in the Universal Plug-in Manager to purchase a new license." It is impossible to remove those nags without uninstalling the plugin. This becomes a productivity loss immediately. My advise is to not try the plugin in a production environment. It is clear this company does not understand how procurement works in large organizations.
    Was this review helpful?YesNo
    Mibex Software GmbH

    Hi, we improved the license handling with release 1.11.0 of the plug-in. Looking forward to your feedback! Thanks

    by Yogesh Londhe on 2017-01-12
    How will this work when multiple people creating fork out of main repo and working on same branch in their local fork (e.g. master)? I believe sonar project name should be unique for each individual fork.
    Was this review helpful?YesNo
    Mibex Software GmbH

    Bitbucket Server creates branches for every pull request named like "refs/pull-requests/*/from" where * is the ID of the pull request. You can configure your CI system to only analyze those branches, which will always be unique because you will use different pull requests for every fork. Since version 1.10.4 the Sonar plug-in is able to use these branches instead of the pull request source branch names (which would not be unique in a fork-based workflow as you mentioned). You just have to configure the field "Use special pull request branches" in the repository settings of the plug-in. Hope that helps!

    by Ali Hesson on 2017-01-06
    Hello Awesome plug-in. As I was fiddling with it, I stumbled upon https://github.com/mibexsoftware/sonar-bitbucket-plugin I am just curious how the use cases this plug-in differs for the two plug-ins?
    Was this review helpful?YesNo
    Mibex Software GmbH

    Hi, thanks for your kind feedback The difference between the two is that the SonarQube plug-in for Bitbucket Cloud (available on Github) is a SonarQube plug-in that runs during the SonarQube analysis phase of a build and creates pull request comments for found issues in Bitbucket Cloud, while this plug-in is a Bitbucket Server plug-in that runs when a pull request is displayed. Beside issues, this plug-in is also able to show duplicate code lines, test coverage and detailed statistics about your pull request. And it can help you in the maintenance of branch projects (e.g., reusing the same quality profiles and properties as in your master project). In the end, it really depends which Atlassian product you use to decide which one is for you.


    Pricing details are loading…

    Paid-via-Atlassian pricing FAQ

    How does server add-on pricing work?

    Server products and add-ons are hosted on your servers. Licenses are perpetual and the purchase price include 12 months of maintenance (support and version updates).

    You can renew maintenance after 12 months at 50% of the current purchase price. You can upgrade the tier of your host product and add-on licenses at any time. Upgrade prices are calculated based on Atlassian's formula (view example).

    If add-on pricing changes after your initial purchase, there's a 60-day grandfathering period during which you can renew based on the old pricing.

    How do I determine my server pricing tier?

    The add-on tier should match the licensed user tier of the Atlassian host application. For example, if you have a Confluence Server license for 25 users, you should purchase the 25-user tier for add-ons. Even if fewer users want to use the add-on than your host application license, the two licenses should match exactly.

    Do you offer academic, community, or open-source licenses?

    For server add-ons, purchase and renewal is half-price if you have an academic license for your Atlassian host application. Server add-ons are always free for community and open-source licenses. Cloud add-ons do not have discounted or free licenses.

    For more details about qualifying for special licenses, see here.

    Can I extend my free trial?

    For server add-ons, you can extend your add-on trial up to 5 times - in other words, for up to six months. Extend your trial by generating a new evaluation license key from Atlassian Marketplace. Click Try it free and you'll be directed to generate a new license. Paste this license key into the add-on listing in UPM from your Atlassian host application, and you're all set.

    How can I buy add-ons for my legacy JIRA Server or Confluence Server license?

    If you own a legacy JIRA Server Unlimited (100+ users) or Confluence Server Unlimited (2000+ users) license purchased in 2012 or earlier, legacy add-on pricing is no longer available. You have two options for add-on purchasing:

    • Purchase the add-on at the non-legacy Unlimited (10000+ users) tier.
    • Renew your JIRA or Confluence license at a non-legacy tier, then purchase the add-on at the same tier.

    Learn more

    Mibex Software GmbH is an vendor, committed to providing support for their add-ons at least 8 hours a day, 5 days a week.

    Vendor support resources


    Find out how this add-on works.

    Atlassian Community

    Atlassian-hosted discussions connect you to other customers who use this add-on.


    Version 1.11.2 Bitbucket Server 4.0.0 - 4.14.4 Released 2017-04-19


    Bug fix release


    Bug fixes:

    * JSON parsing error for Sonar code duplication info when file referencing data is missing

    * Issue details link doesn't work in SonarQube versions < 5.1

    * Don't show user-facing warning for not-resolvable component ID's for Sonar build files

    * "You are not permitted to access this resource" error can occur in cross-repository pull requests


    * Improved debug logging


    1. Log into your Bitbucket instance as an admin.
    2. Click the admin dropdown and choose Atlassian Marketplace. The Manage add-ons screen loads.
    3. Click Find new add-ons from the left-hand side of the page.
    4. Locate Sonar for Bitbucket Server via search. The appropriate add-on version appears in the search results.
    5. Click Try free to begin a new trial or Buy now to purchase a license for Sonar for Bitbucket Server. You're prompted to log into MyAtlassian. Sonar for Bitbucket Server begins to download.
    6. Enter your information and click Generate license when redirected to MyAtlassian.
    7. Click Apply license. If you're using an older version of UPM, you can copy and paste the license into your Bitbucket instance.

    To find older Sonar for Bitbucket Server versions compatible with your instance, you can look through our version history page.

    Similar add-ons