SonarQube is one of the popular static code analysis tools. SonarQube is open-source, Java based tool It also needs database as well - Database can be MySQL, Oracle or PostgreSQL. We will use PostgreSQL as it is open source as well.
SonarQube allows you to create quality gate to force the build to fail if some conditions are not met during code analysis.
Please see how to create quality gates in SonarQube:
What we will learn in this lab?
1. Learn how to setup a quality gate in SonarQube
2. How to force the build to fail in Jenkins when quality gate conditions are met?
Quality gates
In SonarQube a quality gate is a set of conditions that must be met in order for a project to be marked as passed.
Let us learn how to create quality gates in SonarQube and integrate with Jenkins during code scan.
Benefits of Quality gate:
✔ Reduces bugs, security risks, and technical debt.
✔ Enhances developer accountability and best practices.
✔ Ensures stable and production-ready releases.
Pre-requisites
- Jenkins is up and running
- SonarQube is up and running
- Jenkins and Sonarqube already integrated
Login to SonarQube, Click on Quality gate, enter some name
Once you create the quality gate. Click on Add condition.
Select new bugs from the drop down and enter 1 as error
Choose your Web App, by clicking on App. and select My WebApp
Setup a Default Gate
Configure webhooks in SonarQube
Click on Administration --> Configuration --> Webhooks
Now to go Jenkins, create a pipeline job:
node {
def mvnHome = tool 'Maven3'
stage ("checkout") {
//enter your repo info
}
stage ('Build') {
sh "${mvnHome}/bin/mvn -f MyWebApp/pom.xml clean install"
}
stage ('Code Quality scan') {
withSonarQubeEnv('SonarQube') {
sh "${mvnHome}/bin/mvn -f MyWebApp/pom.xml sonar:sonar"
}
}
stage("Quality Gate") {
timeout(time: 1, unit: 'HOURS') {
waitForQualityGate abortPipeline: true
}
}
}
Now you should see the Jenkins console output like this:
After looking through a few blog articles on your website Write For Us Technology
ReplyDeleteUseful
ReplyDelete