=========== SonarQube =========== => Code Quality Checking software or Code Review Software. => Using sonarqube we can perform code review to identify developers mistakes in the code. => SonarQube s/w developed by using Java language. => SonarQube supporting 30+ Programming languages code review. Ex: C, C++, Python, Java, Dot net, SQL, Ruby, java script... Note: We can use sonar trail version for practice. => In company we will use sonar enterprise version (commerical) ============= Sonar Issues ============= => sonarqube server will identify below issues in the project. 1) Bugs (danger, it may stop code execution) 2) Vulnerabilities (security hotspots) 3) Code Smells (not danager, but weak design) 4) Duplicate Code Blocks 5) Code Coverage (how many lines of code is tested) Note : DevOps team is responsible to perform Code review and send code review report to Development team. Note: Development team is responsible to fix the issues identified by sonar server. ========================== Sonar Quality profiles ========================== => Quality Profile means set of rules to perform code review. => In SonarQube for every language one quality profile available java project ---> java quality profile ---> java language rules are configured python project ---> python quality profile ---> python language rules are configured dot net project ---> dotnet quality profile ---> dot net rules are configured =================== Sonar Quality Gate =================== => Quality Gate represents overall project code quality is Passed or Failed. Note: If project quality gate is failed then we shouldn't deploy that code in server. ================= SonarQube Setup ================= Setup Doc : https://github.com/ashokitschool/DevOps-Documents/blob/main/06-Sonar-Setup-Docker.md Note: SonarServer runs on port number 9000. Enable it in Ec2 vm security group inbound rules. default username : admin default password : admin =========================================== SonarServer Integration in CICD Pipeline =========================================== => To integrate sonar server in jenkins pipeline we need sonar server token. SonarServer login => Goto profile => My Account => Security => Generate Token. Token : sqa_f5794766e3aec9f61e85c37d6521e52797e03b0c Note: In jenkin pipeline after maven build process completed we will perform Code Review using SonarQube server.