Upgrade to SonarQube 9

We use SonarQube to scan our code (see Adding SonarQube to TFS build) and have version 8 LTS up-and-running for some time now. The upgrade to SonarQube 9 and future version 9 LTS is upcoming. Here is how we prepare for the upgrade.

Run SonarQube 9

According to the requirements for SonarQube we need the Java 11 runtime for the server. This is already available along with the other requirements because they are the same for running our version 8 LTS.

For testing purpose we create another database (upgrade test planned for another time) and put that connectionstring in the configuration. We configure other ports for the Web UI and ElasticSearch so we can run both version 8 and 9 at the same time on our server. After a few attempts we get everything right and see the “Sonarqube is up” message on the console.

Run Azure devops build

Our platform team installed the Java 17 runtime on a few build agents. This is needed for the scanners or we get errors. To make sure we use the correct Java runtime we set the environment variable JAVA_HOME to point to Java 17 in the task (like https://marketplace.visualstudio.com/items?itemName=Hey24sheep.envar) before the Run Code Analysis task.

In the Prepare Analysis task we needed to set the timeout property (sonar.ws.timeout) to 2 minutes. This might be caused by running two instances of SonarQube on one server.

For use of the new SonarQube 9 instance we needed to create a new service endpoint with a generated token. Here comes the first real difference – tokens are now more specific.

You need specific rights to create a project and specific rights to run analysis for a project. There is one token type that contains both rights but you should not use it for running analysis. So we need to create the project (and get a project key) by hand so the build can run analysis with the analysis token. More details about tokens: https://docs.sonarqube.org/latest/user-guide/user-token/

The analyses worked as expected and a report is available in the SonarQube 9 web ui.


We have some custom plugins. Most can be removed after buying a license. But the R code plugin was the odd one. Luckily we had no problems running analysis with the plugin after copying it from the version 8 instance.


For now all signs are on green.

About erictummers

Working in a DevOps team is the best thing that happened to me. I like challenges and sharing the solutions with others. On my blog I’ll mostly post about my work, but expect an occasional home project, productivity tip and tooling review.
This entry was posted in Tooling and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.