Setting Up SonarCloud forAzure Pipelines

Setting Up SonarCloud forAzure Pipelines

Static code analysis is very useful to detect security issues and bad code practices in our projects. SonarCloud is a great static code analysis tool that can be easily integrated into Azure DevOps. It can be used for free in public Azure DevOps projects.

Static code analysis is very useful to detect security issues and bad code practices in our projects. SonarCloud is a great static code analysis tool that can be easily integrated into Azure DevOps. It can be used for free in public Azure DevOps projects. Without further ado, let’s get started. Assuming we already have an Azure DevOps organization and a SonarCloud account, the first step is to associate our Azure DevOps organization with SonarCloud. For this, we need to create a Personal Access Token (PAT) in Azure DevOps. Click on the user settings icon on the top right corner in Azure DevOps, then “Personal access tokens”. That will take us to a page where we can see an option to create a token. Clicking on “New Token” will show us a form we need to fill out to generate a new PAT.

Create a Personal Access Token in Azure DevOps, part 1. We must set a name for it, the organization it belongs to, an expiration date, and for SonarCloud we only need the “Code (Read & Write)” permissions, always keep in mind the principle of least privilege when giving permissions for anything.

Create a Personal Access Token in Azure DevOps, part 2. After clicking on “Create” we’ll see the actual token, this is the only time we will be able to see the token, make sure to copy it and save it in a safe place. Now that we have a PAT, it’s time to start setting things up in SonarCloud. In the SonarCloud portal click on the plus icon on the top right corner, then click on “Create new organization”. This will show us the required steps to associate our Azure DevOps organization. We simply have to follow the steps that SonarCloud displays. Set the organization name as it is in Azure DevOps, paste the PAT we created, and click on “Continue”.

Add an Azure DevOps organization to SonarCloud, part 1. Now we set a key to identify our organization, it can be anything. We’ll use the organization name and click on “Continue”.

Add an Azure DevOps organization to SonarCloud, part 2. We have to choose a plan. We’ll choose the free plan since we have a public project in Azure DevOps, and click on “Create Organization”.

Add an Azure DevOps organization to SonarCloud, part 3. Now that our Azure DevOps organization is associated with SonarCloud we can set up a project. Click one more time in the plus icon on the top right corner of the SonarCloud portal. Now click on “Analyze new project”, since we only have one organization it will be selected by default, but if we had more organizations we could choose between them. A list of all the projects that we have available in the organization will be displayed, we’ll select the project that was want to analyze and click on “Set Up”.

Create a new project in SonarCloud. Great, we have our Azure DevOps organization associated with our SonarCloud account 🎉. There are still a few more things to do before we can use SonarCloud in our pipelines. We must install the SonarCloud extension for Azure DevOps, create a service connection, and then we’ll be able to add the SonarCloud tasks to our pipelines. Installing an extension is very simple if we have the correct permissions, if we don’t then we can submit a request for the Azure DevOps organization administrator to install it for us. Either way, we must go to the Visual Studio Marketplace, look for the SonarCloud extension and click on “Get it free”.

SonarClour extension for Azure DevOps. Then select the organization where we want to install the extension and click on “Install”. If we didn’t have enough permissions to install the extension ourselves, here we would see a textbox to input a message to request to the organization admin to install it for us.

Install SonarCloud extension for Azure DevOps. That’s it, now we have the SonarCloud extension installed. In SonarCloud we created a project that has not been configured yet. Since we want to analyze our code from Azure Pipelines, we’ll choose “With Azure DevOps Pipelines” as the analysis method.

Configuring the project in SonarCloud, part 1. This will tell us that we have to install the extension, which we have already installed. It will also automatically create a “User Token” that we’ll use to create a service connection in Azure DevOps. Finally, it will show us how to set up the pipeline tasks according to the language that we use in our project. In this case, we’ll analyze a JavaScript app, so we’ll select the option “Other”. It will also show additional information at the bottom for more configurations that can be implemented with SonarCloud in Azure Pipelines.

azure-pipelines sonarcloud

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Azure DevOps Pipelines: Multi-Stage Pipelines

The last couple of posts have been dealing with Release managed from the Releases area under Azure Pipelines. This week we are going to take what we were doing.

Use Azure Static Web Apps with Azure DevOps pipelines

Use Azure Static Web Apps with Azure DevOps pipelines. Azure Static Web Apps now provides Azure DevOps support. If you have a repository in Azure DevOps, you can wire up an Azure Pipelines YAML file that builds and deploys your app to Azure Static Web Apps.

How to Debug a Pipeline in Azure Data Factory

In this tutorial, we will learn to use the Azure Data Factory debug feature to test the pipeline activities during the development stage.

How to set up Azure Data Sync between Azure SQL databases and on-premises SQL Server

In this article, you learn how to set up Azure Data Sync services. In addition, you will also learn how to create and set up a data sync group between Azure SQL database and on-premises SQL Server.

Use Azure Key Vault for Secrets in Azure DevOps Pipelines

This blog shows how Azure Key Vault can be used in an Azure DevOps Pipeline build. By using Azure Key Vault to handle all your secrets or certificates, no secrets need to be saved to code, files, or other storage for the initial secrets required in a solution.