Send analysis reports of PMD, Spotbugs, Sonarqube and others to Bitbucket Code Insights - via API, no plugin installation required
Based on cdancy/bitbucket-rest
View Bitbucket Code Insights to find out more about the Bitbucket feature.
The workflow is always:
- Create the reports with your standard tools
- Use this exporter to send the reports to Bitbucket Insights.
You always need an open Pull-Request in Bitbucket, otherwise results will not be shown
Tested with Bitbucket Server 6.6.3
Currently supported analysis reports:
The configuration takes place in a file called code-analysis-bb.yml
This is an example configuration
# Optional: Working directory, defaults to the current dir
workDir: /home/me/my-project
# Optional: Whether to exit with an exception (or error exit code), when the quality gate is broken, default to false
breakExecutionOnQualityGate: false
# URL of your Bitbucket server
# Bitbucket Access Token (READ access is enough)
token: <Bitbucket Access Token>
# Your Bitbucket project
# If you have a repo under your username, use "~username"
project: some-project
# Your Bitbucket repository inside the Bitbucket project
repo: some-repo
# Optional: Commit id for which the report should be exported
# Must be pushed to Bitbucket before
# Defaults to the current commitId (by running 'git rev-parse HEAD')
commitId: 500bf0068609dc0521b69731396b2ee7d66ce10c
# Optional: Add exporter for the PMD reporter
# Xml files that should be exported to Bitbucket
# Paths are relative to workDir (see above)
- "build/reports/pmd/main.xml"
- "build/reports/pmd/test.xml"
# Optional:
# path that should be stripped out of the inputXmls filenames, otherwise Bitbucket will not find it
# e.g. /home/me/my-project/src/main/java/de/kekru/ will become src/main/java/de/kekru/
# Defaults to workDir
stripBasePathInputXml: /home/me/my-project
# Optional:
# path that should be added as prefix to source files, after being shortened by "stripBasePathInputXml"
# e.g. src/main/java/de/kekru/ will become new/sub-directory/src/main/java/de/kekru/
# Defaults to empty string
addBasePathPrefix: new/sub-directory
# Optional: Whether this reporter is enabled, defaults to true
enabled: true
# URL-safe key to identify an analyser in Bitbucket
key: pmd-analysis
# Title of the report
title: PMD Code Analysis Report
# Name of the reporter
reporter: PMD
# Optional: QualityGate when to mark report as failed
# Defaults to "mark failed when there is at least one high finding"
highCount: 1
mediumCount: null
lowCount: null
# See 'pmd'
- "build/reports/spotbugs/main.xml"
- "build/reports/spotbugs/test.xml"
stripBasePathInputXml: /home/me/my-project
enabled: true
key: spotbugs-key
title: Spotbugs Code Analysis Report
reporter: Spotbugs
highCount: 1
mediumCount: null
lowCount: null
enabled: true
stripBasePathInputXml: /home/me/my-project
key: sonar-key
title: Sonarqube Report
reporter: Sonarqube
# Optional: URL of your Sonarqube server
# Defaults to the value of "serverUrl" in report-task.txt
# Login Access Token for Sonarqube
login: <Login Token in Sonarqube>
# Optional: Key of the analysed project in Sonarqube
# Defaults to the value of "projectKey" in report-task.txt
projectKey: "my-project-name-in-sonarqube"
# Optional: Branch of the analysed project in Sonarqube
# Defaults to "master"
branch: master
# report-task.txt file that was created when sonarqube analysis finished
# "ceTaskId" from inside the file is required
# Path is relative to workDir (see above)
reportTaskFile: "build/sonar/report-task.txt"
All properties can be overridden using environment variables or Java system properties.
They need to be prefixed with codeanalysisbb
- Env vars must be devided by
Java system properties Env vars must be devided by
If you have another location for your config file set the location in an env var or Java system property with name codeAnalysisBBConfigFile
e.g. export codeAnalysisBBConfigFile="some/other/dir/code-analysis-bb.yml"
A minimal configuration will look like this.
project: some-project
repo: some-repo
- "build/reports/pmd/main.xml"
- "build/reports/pmd/test.xml"
key: pmd-analysis
title: PMD Code Analysis Report
reporter: PMD
- "build/reports/spotbugs/main.xml"
- "build/reports/spotbugs/test.xml"
key: spotbugs-key
title: Spotbugs Code Analysis Report
reporter: Spotbugs
Then set your Bitbucket access token as environment variable and e.g. run with gradle (see below)
export codeanalysisbb_bitbucket_token=yourToken
./gradlew exportToBitbucket
The artifacts are served via JitPak. Be sure to add it as remote repository for Gradle and Maven
buildscript {
repositories {
maven { url '' }
dependencies {
classpath "com.github.kekru:code-analysis-bitbucket-exporter:0.1.0"
This example configures PMD and spotbugs in Gradle and adds the code-analysis-bitbucket-exporter
to export the results to Bitbucket insights.
// Add code-analysis-bitbucket-exporter from jitpack as a buildscript dependency
buildscript {
repositories {
maven { url '' }
dependencies {
// Buildlog:<versionnumber>/build.log
classpath "com.github.kekru:code-analysis-bitbucket-exporter:0.1.0"
// add and configure PMD and spotbugs
plugins {
id 'pmd'
id "com.github.spotbugs" version "4.2.0"
pmd {
// Configuration see:
consoleOutput = true
toolVersion = "6.21.0"
rulePriority = 5
ruleSets = ["category/java/errorprone.xml", "category/java/bestpractices.xml"]
ignoreFailures = true
sourceSets = [sourceSets.main, sourceSets.test]
spotbugs {
toolVersion = '4.0.3'
ignoreFailures = true
// add task to export the reports to Bitbucket
task exportToBitbucket {
dependsOn pmdMain, pmdTest, spotbugsMain, spotbugsTest
group 'verification'
doLast {
// set workDir, otherwise it may be anywhere in gradles cache folders
System.setProperty("codeanalysisbb.workDir", projectDir.absolutePath)
// set inputsXmls for reporters (can also be set in 'code-analysis-bb.yml')
System.setProperty("codeanalysisbb.reporter.pmd.inputXmls", "build/reports/pmd/main.xml, build/reports/pmd/test.xml")
System.setProperty("codeanalysisbb.reporter.spotbugs.inputXmls", "build/reports/spotbugs/main.xml, build/reports/spotbugs/test.xml");
println "Send Code Analysis Report to Bitbucket"
Be sure to add all other settings in code-analysis-bb.yml
Be sure the current commit is the HEAD of a branch on Bitbucket and you have an open Pull Request for that branch.
Run ./gradlew exportToBitbucket
View the Pull Request. In the overview tab, there should be the report results.
This example configures PMD and spotbugs in Maven and adds the code-analysis-bitbucket-exporter
to export the results to Bitbucket insights.
<project xmlns=""
<!-- set inputsXmls for reporters (can also be set in 'code-analysis-bb.yml') -->
Be sure to add all other settings in code-analysis-bb.yml
Be sure the current commit is the HEAD of a branch on Bitbucket and you have an open Pull Request for that branch.
Run mvn package site exec:java@exportToBitbucket
creates the reports and exec:java@exportToBitbucket
sends them to Bitbucket.
View the Pull Request. In the overview tab, there should be the report results.
This example configures Sonarqube in Gradle and adds the code-analysis-bitbucket-exporter
to export the results to Bitbucket insights.
// Add code-analysis-bitbucket-exporter from jitpack as a buildscript dependency
buildscript {
repositories {
maven { url '' }
dependencies {
classpath "com.github.kekru:code-analysis-bitbucket-exporter:0.1.0"
plugins {
id "org.sonarqube" version "2.6.2"
sonarqube {
properties {
property 'sonar.jacoco.reportPaths', 'build/jacoco/test.exec'
property 'sonar.junit.reportPaths', 'build/test-results/test'
property "sonar.sourceEncoding", "UTF-8"
property "", ""
property "sonar.verbose", "true"
property "sonar.issuesReport.html.enable", "true"
property "sonar.projectKey", "my-project-name-in-sonarqube"
// add task to export the reports to Bitbucket
task exportToBitbucket {
group 'verification'
doLast {
// set workDir, otherwise it may be anywhere in gradles cache folders
System.setProperty("codeanalysisbb.workDir", projectDir.absolutePath)
// set reportTaskFile location (can also be set in 'code-analysis-bb.yml')
System.setProperty("codeanalysisbb.reporter.sonarqube.reportTaskFile", "build/sonar/report-task.txt")
println "Send Code Analysis Report to Bitbucket"
Be sure to add all other settings in code-analysis-bb.yml
Be sure the current commit is the HEAD of a branch on Bitbucket and you have an open Pull Request for that branch.
Run ./gradlew sonarqube -Dsonar.login=<Sonar Login Token>
to run sonarqube analysis.
When analysis is done, a file build/sonar/report-task.txt
is created.
Now you can run ./gradlew exportToBitbucket -Dcodeanalysisbb.reporter.sonarqube.login=<Sonar Login Token>
View the Pull Request. In the overview tab, there should be the report results.
Tested with Sonarqube 7.9.4
This example configures Sonarqube in Maven and adds the code-analysis-bitbucket-exporter
to export the results to Bitbucket insights.
<project xmlns=""
<!-- set reportTaskFile location (can also be set in 'code-analysis-bb.yml') -->
Be sure to add all other settings in code-analysis-bb.yml
Be sure the current commit is the HEAD of a branch on Bitbucket and you have an open Pull Request for that branch.
Run mvn package sonar:sonar -Dsonar.login=<Sonar Login Token>
to run sonarqube analysis.
When analysis is done, a file target/sonar/report-task.txt
is created.
Now you can run mvn exec:java@exportToBitbucket -Dcodeanalysisbb.reporter.sonarqube.login=<Sonar Login Token>
View the Pull Request. In the overview tab, there should be the report results.
Tested with Sonarqube 7.9.4