x
SonarQube is an open-source platform used for code analysis and code quality checks. It provides us a piece of detailed information detailed, vulnerability, report bugs, error, code duplication, code smell, and much more.
It is a static code analysis tool that has become extremely popular because its code analysis code properties make code cleaner, more straightforward, and bug-free. It supports more than 25+ programming languages and has server plugins and extension support.
In this blog, we will learn how to install SonarQube and intergrade it with the Azure DevOps pipeline.
We will install SonarQube on Ubuntu 20.04. For SonarQube integration, we are using an ubuntu 20.04 machine launched on Azure Virtual machine.
After creating a Virtual Machine, we get a public IP that is assigned to your virtual machine.
Now we are good to go. Just SSH into your Ubuntu machine, and let us set up SonarQube.
1 2 |
<span style="color: #000000;">sudo apt-get update sudo apt-get install default-jdk –y</span> |
1 2 |
<span style="color: #000000;">sudo wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O - | sudo apt-key add - sudo apt-get -y install postgresql postgresql-contrib</span> |
1 2 |
<span style="color: #000000;">sudo systemctl start postgresql sudo systemctl enable postgresql</span> |
1 |
<span style="color: #000000;">sudo su – postgres</span> |
1 |
<span style="color: #000000;">createuser sonar</span> |
1 |
<span style="color: #000000;">psql</span> |
Execute these three lines:
1 2 3 4 5 |
<span style="color: #000000;">ALTER USER sonar WITH ENCRYPTED password 'password'; CREATE DATABASE sonarqube OWNER sonar; GRANT ALL PRIVILEGES ON DATABASE sonarqube to sonar;</span> |
Then save it using: \q
Then type exit to come out.
We are using a community version of SonarQube for this lab.
1 2 3 4 5 6 7 |
<span style="color: #000000;">sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.6.0.39681.zip sudo apt-get -y install unzip sudo unzip sonarqube*.zip -d /opt sudo mv /opt/sonarqube-8.6.0.39681 /opt/sonarqube -v</span> |
1 |
<span style="color: #000000;">sudo groupadd sonarGroup</span> |
1 2 |
<span style="color: #000000;">sudo useradd -c "user to run SonarQube" -d /opt/sonarqube -g sonarGroup sonar sudo chown sonar:sonarGroup /opt/sonarqube -R</span> |
1 2 3 4 5 6 7 |
<span style="color: #000000;">sudo vi /opt/sonarqube/conf/sonar.properties uncomment the below lines by removing # and add values sonar.jdbc.username=sonar sonar.jdbc.password=password</span> |
Add the below line:
1 |
<span style="color: #000000;">sonar.jdbc.url=jdbc:postgresql://localhost/sonarqube</span> |
Now press the escape button and enter :wq! To exit.
1 |
<span style="color: #000000;">sudo vi /opt/sonarqube/bin/linux-x86-64/sonar.sh</span> |
Add enable the below line
1 |
<span style="color: #000000;">RUN_AS_USER=sonar</span> |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
<span style="color: #000000;">sudo vi /etc/systemd/system/sonar.service add the below code: [Unit] Description=SonarQube service After=syslog.target network.target [Service] Type=forking ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop LimitNOFILE=131072 LimitNPROC=8192 User=sonar Group=sonarGroup Restart=always [Install] WantedBy=multi-user.target Save the file by entering :wq!</span> |
1 2 3 4 5 6 7 8 9 |
<span style="color: #000000;">modification on kernel system limits files: sudo vi /etc/sysctl.conf Add the following Commands: vm.max_map_count=262144 fs.file-max=65536</span> |
14. Next, we are going to edit limits.conf. Open that file with the command:
1 2 3 4 5 6 7 8 9 10 11 |
<span style="color: #000000;">sudo vi /etc/security/limits.conf Add at the end of line: sonar - nofile 65536 sonar - nproc 4096 Reload system level changes without server boot sudo sysctl -p</span> |
1 2 3 4 5 |
<span style="color: #000000;">sudo systemctl start sonar sudo systemctl enable sonar sudo systemctl status sonar</span> |
Then type q to come out.
1 |
<span style="color: #000000;">tail -f /opt/sonarqube/logs/sonar*.log</span> |
Make sure that sonarqube is Up status.
To open your SonarQube portal get your public IP and use the below URL format to open it:
Now to go to any browser –>your_sonardqube_publicdns
Log in using admin; that is a default username and password. Then it will ask for a password change. You can change it as per your need.
Now you can connect to a new project using Azure DevOps using SonarQube to get logs and check code quality.
Go to My account>> security>> generate Token, give it a name and click on generate.
IMPORTANT: Make a note of these tokens and paste it into Azure DevOps for creating a connection (check this in step 7 of Create a service connection between Azure DevOps and SonarQube).
Now let us create a service connection between Azure DevOps and SonarQube (creating a service connection in azure).
Now, we must add tasks to your azure pipeline: Preparing analysis configuration, Running code analysis, and publishing quality gate results. Also, we must configure and prepare an analysis on the SonarQube task first. Select the connection you created in the Azure DevOps portal. Select the standalone scanner and then select manually provided configuration and paste the project key we created from SonarQube in step 3.
Then, save the configuration, and you can check your code configuration by running the pipeline.
After all these steps and SonarQube configuration, we can see the logs on SonarQube.
We have successfully installed and configured SonarQube with the Azure pipeline that can check your code quality and do code analysis, improve your quality check, security, unit test, duplications, and remove bugs and vulnerabilities from your code.
Now you can track our code which has been integrated with your infrastructure also SonarQube has great support for more than 20+ programming languages also extended plugins that are used by the organization to build their software applications.
Also, it has seamlessly integrated with SSO, JIRA, LDAP, and CI/CD such as Jenkins and all.
CloudThat is the official AWS (Amazon Web Services) Advanced Consulting Partner, Microsoft Gold Partner, Google Cloud Partner, and Training Partner helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.
CloudThat is a house of All-Encompassing IT Services on the cloud offering Multi-cloud Security & Compliance, Cloud Enablement Services, Cloud-Native Application Development, and System Integration Services. Explore our consulting here.
If you have any queries about SonarQube, DevOps, or AWS CI/CD pipeline, drop them in the comment section and I will get back to you quickly.
Developers develop large projects with big code that requires serving the customer. So, it is essential to have excellent code quality and duplication, and SonarQube provides great quality help to improve code quality.
Download the sonar-scanner-based platform you used here: https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!
Click to Comment