Boost Code Quality in Zadig: A 3‑Step SonarQube Integration Guide

Project Background

Zadig (koderover/zadig) aims to improve code quality by scanning the

pkg

directory for code smells using SonarQube.

How to Use

Step 1 – System Administrator: Integrate SonarQube

Log in to SonarQube, click the avatar in the top‑right corner, select

My Account

, then go to the

Security

page and generate a token.

Step 2 – Engineer: Configure Code Scan in Zadig

Navigate in Zadig to System Settings → Integration Management → Sonar Integration and enter the SonarQube server address and the token.

In the project, create a new code scan with the following details:

<code>名称: zadig-scan
扫描工具: SonarQube
扫描环境: sonar:latest
sonar 地址: (the integrated SonarQube server URL)
代码信息: Zadig codebase
参数配置: see SonarQube documentation</code>

Sample Sonar parameters:

<code># Sonar 参数
sonar.projectKey=zadig-pkg
sonar.projectName=zadig-pkg
sonar.sources=./pkg
sonar.go.file.suffixes=.go</code>

Step 3 – Engineer: Execute and Analyze Results

Click the Execute button to start the scan.

After completion, click the View link to open the SonarQube UI and review issues, enabling targeted fixes.

Webhook Trigger

Configure a trigger in Zadig so that code changes (e.g., pull requests) automatically start a SonarQube scan, reducing manual effort.

Timely Scan Feedback

Scan results are posted back to the code repository (currently GitLab) and, in the future, will be sent to instant‑messaging platforms, ensuring developers receive immediate quality feedback.

References

https://github.com/koderover/zadig

https://github.com/koderover/zadig/tree/main/pkg

https://docs.sonarqube.org/latest/analysis/analysis-parameters/

https://docs.koderover.com/zadig/v1.12.0/settings/custom-image/