Monday, February 13, 2023

How to integrate SonarQube with Azure DevOps | SonarQube Integration with Azure DevOps Classic Pipeline | Automate Code Scan using SonarQube In Azure Classic Pipelines

Please find steps below for integrating SonarQube with Azure DevOps, Previously known as Visual Studio Team Services:


Pre-requisites:

https://marketplace.visualstudio.com/acquisition?itemName=SonarSource.sonarqube


Once added SonarQube plug-in, click on proceed to Organization..



Watch Steps in YouTube channel:

How to integrate SonarQube with Azure DevOps:

Create Token in SonarQube to authenticate with Azure DevOps
You need to login to SonarQube using your admin password. admin/admin123 and click on Admin on your top side.
Click on My Account, Security. 
Under Tokens, Give some value for token name and choose Global analysis token, click on generate Tokens. Copy the token value generated.


Create Service Connections in Azure DevOps 

Login to Azure DevOps. Select your project dashboard.



Click on Project settings --> Service connections


click on New service connection

Type SonarQube and Click Next

Enter SonarQube server url and enter Token created 
Give name for service connection and select Grant access permission to all pipelines.
Click on Save.

Create a Pipeline in Azure DevOps

1. Login to Azure DevOps. Go to Azure Pipelines. Click on create a new pipeline, use classic editor 
Select your Azure Repos
Type Maven and choose maven template as shown below


2. Click on Add tasks
3. Type Sonar











4. Add Prepare Analysis on SonarQube task
5. move up this task to all the way up.
And also search for Java tool installer task and add it


It should be like shown below:



6. Click on prepare sonar analysis configuration task

select Integrate with Maven or Gradle option

7.Click on Java tool installer and change to 11 instead of 8


8. Edit maven task & add install sonar:sonar and also select the path of pom.xml under MyWebApp/pom.xml



















Click on Save and Queue to kick start build.
9. Now login to SonarQube dashboard, click on Projects


No comments:

Post a Comment

What is GitHub Advanced Security for Azure DevOps | Configure GitHub Advanced Security for Azure DevOps

GitHub Advanced Security for Azure DevOps brings the  secret scanning, dependency scanning  and  CodeQL code scanning  solutions already ava...