{"id":8523,"library":"pysonar","title":"Sonar Scanner for Python (pysonar)","description":"pysonar is a command-line tool developed by SonarSource for static code analysis of Python projects with SonarQube or SonarCloud. It acts as a wrapper around the SonarScanner CLI, simplifying configuration and execution for Python ecosystems. It is actively maintained with frequent releases, currently at version 1.4.0.4676, and supports configuration via `pyproject.toml` or `sonar-project.properties` files.","status":"active","version":"1.4.0.4676","language":"en","source_language":"en","source_url":"https://github.com/SonarSource/sonar-scanner-python","tags":["static analysis","code quality","sonar","sonarqube","security","cli"],"install":[{"cmd":"pip install pysonar","lang":"bash","label":"Install pysonar"}],"dependencies":[{"reason":"Runtime environment.","package":"Python","optional":false},{"reason":"Requires SonarQube Server v10.6 or higher, or SonarCloud, for analysis reporting.","package":"SonarQube Server","optional":false}],"imports":[{"note":"pysonar is primarily a command-line interface (CLI) tool and is not intended to be imported as a Python library for direct programmatic use.","wrong":"import pysonar","symbol":"pysonar","correct":"pysonar --help"}],"quickstart":{"code":"# 1. Install pysonar\npip install pysonar\n\n# 2. Configure your project (e.g., in pyproject.toml in your project root)\n#    Replace <your-project-key> with your SonarQube project key.\n#    For SonarCloud, also uncomment and set 'organization'.\n#    For SonarQube Server, ensure host.url is set if not default.\n#\n#  [tool.sonar]\n#  project-key = \"<your-project-key>\"\n#  # host.url = \"https://sonarqube.example.com\"\n#  # organization = \"<your-organization-key>\" \n\n# 3. Run the analysis\n#    Ensure SONAR_TOKEN is set in your environment with a valid SonarQube/SonarCloud token.\n#    Example: export SONAR_TOKEN=\"your_sonar_token_here\"\nimport os\nsonar_token = os.environ.get('SONAR_TOKEN', '')\nif not sonar_token:\n    print(\"Error: SONAR_TOKEN environment variable not set. Please set it before running pysonar.\")\nelse:\n    print(\"Running SonarQube analysis...\")\n    # The actual command would be run in your shell or CI/CD pipeline\n    # For demonstration, we'll print it. In a real scenario, you'd use subprocess.run()\n    print(f\"Executing: pysonar --token {sonar_token}\")\n    # Example of actual command to run (requires `pysonar` to be in PATH):\n    # import subprocess\n    # result = subprocess.run([\"pysonar\", \"--token\", sonar_token], capture_output=True, text=True)\n    # print(result.stdout)\n    # if result.stderr: print(result.stderr)\n    # if result.returncode != 0: print(\"Analysis failed!\")","lang":"python","description":"To quickly get started, install `pysonar`, configure your project (ideally via a `[tool.sonar]` section in `pyproject.toml`), and then run the `pysonar` command with your SonarQube or SonarCloud authentication token. The token can be passed via command-line argument `--token` or an environment variable `SONAR_TOKEN`."},"warnings":[{"fix":"Uninstall `pysonar-scanner` and install `pysonar`: `pip uninstall pysonar-scanner && pip install pysonar`.","message":"The `pysonar-scanner` PyPI package is deprecated in favor of `pysonar`. Users should migrate to `pysonar` for all new projects and existing projects where possible. The deprecated package is no longer actively maintained and may break.","severity":"breaking","affected_versions":">=0.3.0.2016 for pysonar-scanner, all versions of pysonar"},{"fix":"Ensure your SonarQube server is version 10.6+ or use SonarCloud. If not possible, consider using the `pysonar-scanner` (deprecated) for older SonarQube versions, or upgrade pysonar to at least 1.0.1.","message":"pysonar requires SonarQube Server v10.6 or higher, or SonarCloud. Older versions of pysonar (before 1.0.1) incorrectly stated compatibility with SonarQube v9.9. If you are on an older SonarQube server, you might need to use the deprecated `pysonar-scanner` or upgrade your SonarQube instance.","severity":"gotcha","affected_versions":"<1.0.1"},{"fix":"Instead of `sonar.projectKey = \"mykey\"`, use `projectKey = \"mykey\"` or `project-key = \"mykey\"` in `pyproject.toml`.","message":"When defining SonarQube analysis properties in a `pyproject.toml` file under `[tool.sonar]`, the `sonar.` prefix for property keys should be omitted. Property keys are generally camelCase (e.g., `projectKey`), although kebab-case is also accepted (e.g., `project-key`).","severity":"gotcha","affected_versions":"All versions"},{"fix":"When debugging complex analysis issues, consult the official SonarScanner CLI documentation in addition to pysonar's specific guidance.","message":"pysonar is a wrapper around the SonarScanner CLI. While it simplifies Python project analysis, it still fundamentally relies on the underlying SonarScanner CLI. This means some deep troubleshooting might involve understanding the generic SonarScanner CLI behavior.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Ensure `pip install pysonar` completed successfully. Verify that the directory where pip installs scripts (e.g., `~/.local/bin` on Linux/macOS, or `Scripts` subdirectory of your Python installation on Windows) is included in your system's PATH environment variable.","cause":"`pysonar` executable is not in your system's PATH after installation, or pip's script directory is not included in PATH.","error":"command not found: pysonar"},{"fix":"Install a JRE (Java 11 or higher recommended, ensure it's on your PATH) or manually set the `SONAR_SCANNER_OPTS` environment variable to point to your JRE's `bin` directory or specify a `sonar.java.home` property. pysonar versions 1.0+ include JRE provisioning, so ensure you have a recent version.","cause":"pysonar, as a wrapper around the SonarScanner CLI, requires a Java Runtime Environment (JRE) to execute. It attempts to provision one, but can fail in certain environments.","error":"ERROR: Could not find a JRE. Please set the SONAR_SCANNER_OPTS environment variable or download and install a JRE."},{"fix":"Ensure you are consistently using only `pysonar` for Python projects and that project keys are unique. Prioritize configuration via `pyproject.toml` under `[tool.sonar]`. Check for and remove any conflicting `sonar-project.properties` files if `pyproject.toml` is the intended source of truth.","cause":"Conflicting analysis attempts for the same project key, possibly due to both `pysonar` and the generic `sonar-scanner` CLI being used, or an outdated `sonar-project.properties` file conflicting with `pyproject.toml` configuration.","error":"You are trying to scan a project with an analysis key '...' that is already being scanned by the SonarScanner CLI."},{"fix":"Define `project-key` (or `projectKey`) under `[tool.sonar]` in your `pyproject.toml` file, or pass `-Dsonar.projectKey=YourProjectKey` via the command line. Ensure the file is in the current directory or its path is specified correctly if not.","cause":"The required `sonar.projectKey` property was not provided via CLI, `pyproject.toml`, or `sonar-project.properties` file.","error":"ERROR: Error during SonarQube Scanner execution. ERROR: Please provide the value for the 'sonar.projectKey' property."}]}