Topics Discussed:
- Introduction to Sonarqube
- Features
- Architecture
- Demo on SonarQube integration with Azure Devops
SonarQube
It is a code quality management platform and a scanning tool that allows the team to manage
track and eventually improve the quality of the source code.It reduces the vulnerability or
security risk in the code development.SonarQube is a static application security testing(SAST)
tool.
Feature of SonarQube
● Continuous inspection
● Continuous inspection in earlier stage
● Quality gates ex:to take decision to proceed further only fi 80% quality gate is passed
● Minimum cost and effort to check code quality
● Part of development cycle
● Can be integrated in almost all devops tools like Azure devops,Jenkins etc
● Support 27+programming languages.Community version only supports 14 languages
● Identify lack of code coverage
● Identify excess code complexity
● Enforce best practices
● Identify security errors and memory leaks
● Sonar lint-a plugin to integrate with IDE to implement a check while coding
SonarQube Architecture
Comprises of major 3 components
1. CI/CD-Scanning and language analysis on the source code
2. SonarQube Server-Processing of the report generated in the CICD part is done
in Sonar server.Processing is done by a search server and a compute engine
3. Database server-SQL server is connected to DB server to store the metadata.
Demo
● Spinning up Sonar Instance
● Setting up of azure devops pipeline
● Integrating sonarqube with azure devops
● Walkthrough through the quality profiles and sonar scanned reports