Tuesday, April 14, 2020

How to Integrate SonarQube with Jenkins | Jenkins SonarQube Integration

Here below are the steps for integrating SonarQube with Jenkins:

Pre-requisites:
Make sure SonarQube is up and running
Make sure Sonarqube plug-in installed in Jenkins.

Watch the steps in YouTube channel:


1. You need to login to SonarQube using admin/admin
It will immediately ask you to change password, change the password to admin123

2. After login, click on Admin on your top side.

Click on My Account, Security. 
Under Tokens, Give some value for token name and choose Global analysis token, click on generate Tokens. Copy the token value generated.



2. After installing SonarQube successfully, login to Jenkins. Manage Jenkins --> Configure System --> SonarQube installation 




3. Click on Enable injection of Sonarqube server configuration check box.
Enter name as SonarQube,
URL as http://your_sonarqube_public_dns:9000, no / in the end
paste the token you copied from step #1 by click on Add Credentials, choose secret text as dropdown, paste the token as token

4. Save.
5. Click on your existing free style job, click on configure. click on prepare Sonarqube scanner  environment.








6. enter maven goal as clean install sonar:sonar










7. click on save and build the job.

You will see that Jenkins will integrate with SonarQube which does code analysis of your project.
Login to SonarQube, click on Projects to see the project dash board.

Below exercise is not for lab 6,  needed only for pipeline code, not for freestyle job. This is part of Lab 11 and 12.
 
Jenkins Pipeline code for running scan in SonarQube

node {

    def mvnHome = tool 'Maven3'
    stage ("checkout")  {
        //write pipeline code
    }

   stage ('build')  {
    sh "${mvnHome}/bin/mvn clean install -f MyWebApp/pom.xml"
    }

     stage ('Code Quality scan')  {
       withSonarQubeEnv('SonarQube') {
       sh "${mvnHome}/bin/mvn -f MyWebApp/pom.xml sonar:sonar"
        }
   }
}

1 comment:

  1. It is an maven project so you used maven goal to run sonar. If the build tool is ant then how we have to run the soonar on jenkins.... Please reply
    Thanks in advance

    ReplyDelete

How to Configure GitHub Advanced Security for Azure DevOps | How to Perform Security scan for Azure Repos using GitHub Advanced Security

GitHub Advanced Security for Azure DevOps brings the  secret scanning, dependency scanning  and  CodeQL code scanning  solutions already ava...