Saturday, January 31, 2026
Wednesday, January 28, 2026
How to integrate SonarCloud with Azure DevOps YAML Pipeline | SonarCloud Integration with Azure DevOps | Automate Code Scan using SonarCloud In Azure YAML Pipelines
Please find steps below for integrating SonarCloud to perform static code analysis using Azure DevOps YAML pipeline.
Pre-requisites in SonarCloud:
Visit https://sonarcloud.io/
Click on Azure DevOps, enter your Microsoft credentials.
Create an Organization, click on Import from a DevOps platform
- Azure DevOps Account
- Make sure Java Project is setup in Azure Repos and default branch is either main or master.
- Service connection to integrate with SonarCloud from Azure DevOps
- Make sure you install SonarCloud plug-in/Add-on in Azure DevOps using below URL:
How to add SonarCloud plug-in in Azure DevOps?
And look for SonarQube Cloud Add-on
Once added SonarQube plug-in, click on proceed to Organization..
How to integrate SonarCloud with Azure DevOps:
Create Token in SonarQube to authenticate with Azure DevOps
You need to login to SonarQube using your admin password. admin/admin123 and click on Admin on your top side.
Click on My Account, Security.
Under Tokens, Give some value for token name and choose Global analysis token, click on generate Tokens. Copy the token value generated.
Create Service Connections in Azure DevOps
Login to Azure DevOps. Select your project dashboard.
Click on Project settings --> Service connections
click on New service connection
Give name for service connection and select Grant access permission to all pipelines.
Click on Save.
2. Select your GitHub repo and select the Maven as YAML pipeline template
Create a YAML Pipeline in Azure DevOps
1. Login to Azure DevOps. Go to Azure Pipelines. Click on create a new pipeline, Select GitHub:
3. Click on show assistant on right hand side, type SonarQube and select Prepare Analysis on SonarQube task and then select Service connection from the drop down and choose Integrate with Maven or Gradle option and then click on Add task
Sample Code for entire pipeline is here below
Azure DevOps Pipeline YAML Code:
Azure DevOps Pipeline YAML Code:
trigger:
- main
pool:
vmImage: ubuntu-latest
steps:
- task: SonarCloudPrepare@4
inputs:
SonarQube: 'my_sonar_cloud'
organization: 'mydevopscoachingapp'
scannerMode: 'CLI'
configMode: 'manual'
cliProjectKey: 'MyDevopsCoachingApp_mySep2025WeekendRepo'
cliProjectName: 'MyWebApp'
- task: Maven@4
inputs:
mavenPomFile: 'MyWebApp/pom.xml'
mavenOptions: '-Xmx3072m'
javaHomeOption: 'JDKVersion'
jdkVersionOption: '1.17'
jdkArchitectureOption: 'x64'
publishJUnitResults: true
testResultsFiles: '**/surefire-reports/TEST-*.xml'
goals: 'clean install sonar:sonar'
- task: PublishTestResults@2
inputs:
testResultsFormat: 'JUnit'
testResultsFiles: '**/surefire-reports/TEST-*.xml'
failTaskOnFailedTests: true
Click on Save and Queue to kick start build.
Now login to SonarCloud dashboard, click on Projects:
How to Integrate SonarCloud with GitHub Actions | GitHub Actions SonarCloud Integration | Automate Static Code Quality Analysis with SonarCloud from GitHub Action
Automate Static Code Quality Analysis in SonarCloud from GitHub Actions:
- Login to https://sonarcloud.io/ and then click on login.
Depending on your SCM tool, please click on it.
Enter GitHub credentials to setup your account in SonarCloud.
After login, click on Admin on your top side. You need to login to SonarCloud using your credentials. Go to https://sonarcloud.io/account
Under Tokens, Give some value for token name and choose Global analysis token, click on generate Tokens. Copy the token value generated.
note down org key as well under My Organization:
Pre-requisites in GitHub Actions:
GitHub Actions CICD Workflw code for running scan in SonarCloud
name: Implement static code analysis for a Java App using SonarQube from GitHub Actions
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: '11'
- name: Build with Maven
run: mvn clean install -f MyWebApp/pom.xml
- name: Run SonarQube Scan
uses: sonarsource/sonarqube-scan-action@master
with:
projectBaseDir: .
args: >
-Dsonar.organization=akannan1087
-Dsonar.projectKey=akannan1087_my-javawebapp-repo
-Dsonar.java.binaries=**/target/classes
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
Now login to SonarCloud under --> https://sonarcloud.io/projects
Saturday, January 24, 2026
What is SonarCloud? What is the difference between SonarQube and SonarCloud | SonarCloud vs SonarQube Server Explained
SonarCloud is a
cloud-based code quality and security analysis tool.
-
It automatically scans your code to find:
- Bugs
- Security vulnerabilities
- Code smells (bad coding practices)
- Managed by SonarSource
- Works directly with cloud CI/CD pipelines
- No server installation or maintenance needed
👉 Think of SonarCloud as a “code quality checker in the cloud”
🧠 Why SonarCloud Matters in DevOps
- Detects issues early in CI/CD pipelines
- Prevents bad or insecure code from reaching production
- Enforces Quality Gates (pass/fail rules)
- Improves Code maintainability, Security posture, Team collaboration
☁️ What Is SonarQube?
- SonarQube is the self-hosted version of Sonar’s code analysis platform
- You install and manage it On-prem servers or Virtual machines or Kubernetes
- Requires Server setup, Database & maintenance
👉 Think of SonarQube as “code quality on your own servers”
🔄 SonarQube vs SonarCloud (Easy Comparison)
| Feature | SonarQube | SonarCloud |
|---|---|---|
| Hosting | Self-hosted (on-prem or private cloud) | Fully cloud-hosted (SaaS) |
| Setup | Manual install & config | No setup needed |
| Maintenance | You manage servers, upgrades, scaling | Zero maintenance, Sonar handles everything |
| Cost | Free + paid tiers for advanced features | Subscription based on lines of code; free for public repos |
| Data Control | Full control over data and environment | Data stored in SonarCloud’s infrastructure |
| Best For | Enterprises, regulated orgs | Cloud & DevOps teams |
| Integrations | Works with most CI/CD systems, including on-prem | Deep integration with GitHub, GitLab, Bitbucket Cloud, Azure DevOps |
| Branch/PR Analysis | Requires Developer Edition or higher | Included by default |
| Customization | Supports plugins, custom rules, and deep configuration | More limited customization compared to SonarQube |
| Scalability | You scale it | Auto-scales |
When Should You Use SonarCloud?
- You use GitHub / Azure DevOps / Bitbucket
- You want quick setup
- You don’t want to manage servers
- You’re building Cloud-native apps or DevSecOps pipelines or Open-source projects
🧠 Additional Context (Industry Understanding)
Even though the article highlights practical differences, other sources also emphasize technical nuance:- Both tools use the same core analysis engine (so results and rules are similar), but SonarCloud is optimized for cloud workflows and integrates first-class with GitHub, GitLab, Bitbucket, and Azure DevOps.
- SonarCloud is typically easier to start with because it’s SaaS, but enterprises with strict compliance might prefer SonarQube’s on-prem deployment options.
📝 Final Thoughts
- SonarCloud = Best for modern DevOps & cloud teams
- SonarQube = Best for enterprise & on-prem needs
- Both help you shift-left security and quality
👉 If you’re learning DevOps, DevSecOps, or CI/CD, mastering SonarCloud is a must.
SonarCloud is ideal for teams who want zero maintenance and fast cloud adoption. SonarQube is best for organizations needing data control, customization, and on‑prem compliance.How to Integrate SonarCloud with Jenkins | Jenkins SonarCloud Integration | Automate Static Code Quality Analysis with SonarCloud from Jenkins
Automate Static Code Quality Analysis with SonarCloud from Jenkins
- Login to https://sonarcloud.io/, click on login.
Depending on your SCM tool, please click on it.
Enter GitHub credentials to setup your account in SonarCloud.
click confirm to grant access to SonarCloud.
After login, click on Admin on your top side.
Click on My Account, Security.
Under Tokens, Give some value for token name and choose Global analysis token, click on generate Tokens. Copy the token value generated.
note down org key as well under My Organization:
Pre-requisites in Jenkins:
Enter Sonar credentials as secret text and select it from the drop down
Jenkins Pipeline code for running scan in SonarCloud
node {
def mvnHome = tool 'Maven3'
stage ("checkout") {
stage ('build') {
sh "${mvnHome}/bin/mvn clean install -f MyWebApp/pom.xml"
}
stage ('Code Quality scan') {
withSonarQubeEnv('SonarCloud') {
}
def mvnHome = tool 'Maven3'
stage ("checkout") {
git branch: 'main', credentialsId: '', url: 'https://github.com/akannan1087/my-javawebapp-repo'
}stage ('build') {
sh "${mvnHome}/bin/mvn clean install -f MyWebApp/pom.xml"
}
stage ('Code Quality scan') {
withSonarQubeEnv('SonarCloud') {
sh """
${mvnHome}/bin/mvn -f MyWebApp/pom.xml \
org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121:sonar \
-Dsonar.organization=org_key \
-Dsonar.projectKey=com.dept.app:MyWebApp \
-Dsonar.projectName=MyWebApp
"""
}}
}
Now login to SonarCloud under --> https://sonarcloud.io/projects
Here is the pipeline view:
Friday, January 2, 2026
Master DevSecOps and Multi Cloud Computing Course by Coach AK | DevSecOps and Cloud Computing Online Classes | Jan/Feb 2026 Schedule
Live Hands-On Bootcamp – Jan/Feb 2026
🚀 Supercharge your DevOps career with real-world skills!
🔥 What You’ll Learn
👉 Master leading DevSecOps tools & cloud platforms including:
✔ Git, GitHub, Bitbucket, Azure Repos
✔ Jenkins, GitHub Actions, Azure DevOps
✔ SonarQube, Trivy, Nexus, Slack
✔ Terraform, Ansible
✔ Docker & Kubernetes
✔ Helm, Prometheus & more!
🌐 AWS & Azure Multi-Cloud Training Included!
🧠 Real-World, Practical Training
✔ 100% Hands-On Projects
✔ Live Interactive Sessions
✔ Career Support: Resume + Interview Prep
✔ Build Recruiter-Ready Skills!
📅 Schedule Options
📍 Weekend Batch
🗓 Starts Jan 31, 2026
🕤 Sat – 09:45 AM to 11:30 AM CST
🕥 Sun – 10:30 AM to 12:30 PM CST
📍 Weekday Evening Batch
🗓 Starts Feb 12, 2026
🕕 Tue & Thu – 6:00 PM to 8:00 PM CST
🌎 Online – Learn From Anywhere!
📌 Why Join This Bootcamp?
✅ Fully hands on coaching
✅ Industry-Relevant Projects
✅ Expert Coaching by Coach AK
✅ Flexible Schedules for Working Pros
✅ Multi-Cloud + Security Focus
✅ Networking & Career Growth Support
✅ Industry-Relevant Projects
✅ Expert Coaching by Coach AK
✅ Flexible Schedules for Working Pros
✅ Multi-Cloud + Security Focus
✅ Networking & Career Growth Support
📞 Register Now – Spots Are Limited!
📱 +1 (469) 733-5248 (WhatsApp Available)
📧 devops.coaching@gmail.com
➡ Early Bird Discounts Available!
🚀 Take the Next Step in Your DevOps Career!
💡 Learn with confidence. Build with purpose. Get hired faster.
Subscribe to:
Comments (Atom)
-
Let us learn how to create and configure a Self-Hosted Agent in Azure DevOps (ADO). What is an Agent? An agent is computing infrastructure w... -
Please find steps for integrating SonarQube with GitHub Actions: Pre-requisites: Make sure SonarQube is up and running Make sure Java Projec... -
What is Amazon EKS Amazon EKS is a fully managed container orchestration service. EKS allows you to quickly deploy a production ready Kubern...