Write clean code with SonarCloud and Bitbucket Cloud

This article was written with Fabrice Bellingard from SonarSource, a company that provides world-class solutions around continuous code quality. This blog is one of a series written by companies who attended our recentĀ Bitbucket Cloud Dev Week.

Last June, 2 developers from the SonarCloud team – Julien and Greg, attended the Atlassian Bitbucket Cloud Dev Week in San Francisco. Their mission? Build the first version of the SonarCloud application for Bitbucket Cloud, allowing for the automatic detection of bugs and vulnerabilities across project branches and pull requests inside the product. With support from the Atlassian Bitbucket Cloud team, they successfully completed this mission. Let’s see the features in more detail!

Analyze code easily with Bitbucket Pipelines

Once the SonarCloud application is installed for your team, configuring the SonarCloud analysis in the pipeline of your repository is simple. First, generate a token from your SonarCloud account (under “Security”), then save it as an encrypted environment variable in your project or team, and finally update the bitbucket-pipelines.yml file of your repository to trigger the analysis every time some code is pushed.

Thanks to the tight integration with Bitbucket Pipelines, SonarCloud automatically detects which branch or pull request is being built and updates the corresponding project with code quality results.

Note that Bitbucket Pipelines does not trigger a build upon initial creation of a pull request, therefore only subsequent changes pushed on the underlying branch will be analyzed by SonarCloud.

Get insights on your pull requests

Once your pipeline is configured to trigger analysis you will see branches and pull requests progressively appear in your SonarCloud project space. Most importantly, in each pull request you will find a summary of the analysis with a link to the detailed Issues page on SonarCloud:

Along with this summary, SonarCloud creates a pull request task which will be marked as failed in case of quality issues. This is perfect for teams that utilize merge checks to prevent merges if a pull request has open tasks associated with it.

Track overall quality

In addition to following the quality of your code on a day to day basis through pull requests, you can also see the big picture of your code base thanks to a SonarCloud widget. While it is hidden by default, you can activate it in the “SonarCloud” settings of your repository and it will appear on the “Overview” page of your repository.

It's quite powerful to see the overall quality at a glance! And if you need more information, you are one click away from the project space on SonarCloud where you can drill down for more details.

More on SonarCloud

SonarCloud is the leading product for Continuous Code Quality online, free for open-source projects. It supports all major programming languages, including Java, JavaScript, TypeScript, C#, C/C++ and many more. If your code is closed source, SonarCloud also offers a paid plan to run private analysis.


To learn more about the integration with Bitbucket Cloud, please visit SonarCloud on the Atlassian Marketplace.

Let’s get started!

If your team is using Bitbucket Cloud, you can activate SonarCloud quickly on your repository. Simply follow the official documentation. We hope you’ll like it! We’d love to hear from you, please visit our community forum and join the fun.


Try Bitbucket free