We think SonarQube is an awesome platform to manage code quality. We already built an integration of SonarQube for Bitbucket Server and thought that such an integration would also be a great addition for Bitbucket cloud. We think that code quality metrics need to be a first class citizen of your repository so we put them on the repository overview page.
What it does
It shows the most important statistics about your repository like technical debt, number of issues per severity, test coverage, code duplication and the status of your quality gates on the Bitbucket repository overview page. Together with our SonarQube plug-in for Bitbucket, it also creates pull request comments for found code issues.
How I built it
We built this with Node.js and the Atlassian Connect Express framework. The SonarQube plug-in for Bitbucket is built with Scala and uses the SonarQube plug-in framework.
Challenges I ran into
The pull request page of Bitbucket cloud is not extensible like it is in Stash and Bitbucket server, so we were not able to show the code issues directly in the pull request diff. So we had to build an external integration by using the SonarQube plug-in framework and by creating pull request comments for the found code issues with Bitbucket's REST API. Also, there is no "technical user" concept in Bitbucket, so we had to create pull request comments as the repository user or with the Bitbucket team account (this is configurable in the SonarQube plug-in). Furthermore, because SonarQube does not provide OAuth to access its REST API, we decided to only support public SonarQube instances (no authentication) as we did not want to store user credentials in the cloud.
Accomplishments that I'm proud of
The SonarQube plug-in for Bitbucket provides two authentication modes to create pull request comments for the found code issues: OAuth and Bitbucket's team API key.
What I learned
This was our first Bitbucket Connect add-on, so we learned a lot. This was also the first time we made use of the Bitbucket REST API.
What's next for Sonar for Bitbucket
We want to build more code quality visualizations and also provide statistics on the Java package level. We also plan to integrate an issue tag cloud.