Integrating SonarQube with Jenkins

Integrating SonarQube with Jenkins

SonarQube is an open-source platform for continuous inspection of code quality. Here, We will discuss integrating SonarQube with Jenkins to achieve CI with fully automated code analysis.

Welcome back to the second article in our #BacktoBasics series. As many of us already know, SonarQube is an open-source tool for continuous inspection of code quality. It performs static analysis of code, thus detecting bugs, code smells and security vulnerabilities. In addition, it also can report on the duplicate code, unit tests, code coverage and code complexities for multiple programming languages. Hence, in order to achieve Continuous Integration with fully automated code analysis, it is important to integrate SonarQube with CI tools such as Jenkins. Here, we are going to discuss integrating SonarQube with Jenkins to perform code analysis.

Running Jenkins and SonarQube on Docker

Enough on the introductions. Let’s jump into the configurations, shall we? First of all, let’s spin up Jenkins and SonarQube using Docker containers. Note that, we are going to use docker compose as it is an easy method to handle multiple services. Below is the content of the docker-compose.yml file which we are going to use.

docker-compose.yml file

version: '3'
services:
  sonarqube: 
    ports: 
      - '9000:9000' 
    volumes: 
      - 'E:\work\sonar\conf\:/opt/sonarqube/conf' 
      - 'E:\work\sonar\data\:/opt/sonarqube/data' 
      - 'E:\work\sonar\logs\:/opt/sonarqube/logs' 
      - 'E:\work\sonar\extensions\:/opt/sonarqube/extensions' 
    image: sonarqube
  jenkins:
    image: 'ravindranathbarathy/jenkins'
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - 'E:\work\jenkins_home\:/var/jenkins_home'  
    ports:
      - '8080:8080'
      - '5000:50000'
  jenkins-slave:
    container_name: jenkins-slave
    restart: always
    environment:
            - 'JENKINS_URL=http://jenkins:8080'
    image: kaviyakulothungan/jenkins-slave-node:v2
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - 'E:\work\jenkins_slave\:/home/jenkins'
    depends_on:
      - jenkins

docker-compose up is the command to run the docker-compose.yml file.

docker-compose command to spin up Jenkins and Sonarqube

Shell

1

docker-compose up

Note: The `docker-compose_` command must be run from folder where the `docker-compose.yml_`_ file is placed_

This file, when run, will automatically host the Jenkins listening on port 8080 along with a slave.

Jenkins Hosted on Docker

Jenkins hosted using Docker

The SonarQube will be hosted listening on port 9000.

SonarQube hosted on Docker

SonarQube hosted using Docker

Configuring Jenkins for SonarQube Analysis

In order to run the SonarQube analysis in Jenkins, there are few things we have to take care before creating the Jenkins job. First of all, we need to install the_ ‘_SonarQube Scanner” plugin. For this, let’s go to Jenkins -> Manage Jenkins -> Manage Plugins. There, navigate to “Available” view and look for the plugin “SonarQube Scanner”. Select the plugin and click on “Install without restart” and wait for the plugin to be installed.

Installing SonarQube Scanner Plugin

Installing SonarQube Scanner Plugin

Once the plugin is installed, we need to configure a few things in the Jenkins global configuration page.

For that, let’s click on Jenkins -> Manage Jenkins -> Configure System -> SonarQube Servers and fill in the required details.

SonarQube Server Configuration

SonarQube Server Configuration

Here,

  • Name: Anything meaningful. Eg. sonarqube
  • Server URL:
  • Server Authentication TokenRefer below

To get the server authentication token, login to SonarQube and go to Administration -> Security -> Users and then click on Tokens. There, Enter a Token name and click on Generate and copy the token value and paste it in the Jenkins field and then click on “Done”.

Creating Authorization Token

Creating Authorization Token

Finally, save the Jenkins Global configurations by clicking on the “Save” icon.

There is one last configuration which has to be set up. In order to run SonarQube scan for our project, we need to install and configure the SonarQube scanner in our Jenkins. For that, let’s go to Manage Jenkins -> Global Tool Configuration -> SonarQube Scanner -> SonarQube Scanner installations. Enter any meaningful name under the Name field and select an appropriate method in which you want to install this tool in Jenkins. Here, we are going to select “Install automatically” option. Then, click on “Save”.

SonarQube Scanner Configuration in Jenkins

SonarQube Scanner Configuration in Jenkins

Creating and Configuring Jenkins Pipeline Job

Since we are all set with the global configurations, let’s now create a Jenkins Pipeline Job for a simple node.js application for which code analysis will be done by SonarQube.

For that, let’s click on “New Item” in Jenkins home page and enter the job name as “sonarqube_test_pipeline” and then select the “Pipeline” option and then click on “OK”.

Creating Jenkins Pipeline job

Creating Jenkins Pipeline job

Now, inside the job configuration, let’s go to the Pipeline step and select Pipeline Script from SCM and then select Git and enter the Repository URL and then save the job.

Pipeline Job Configuration

#backtobasics continuous integration devops blueocean ci code review continous integration docker docker-compose git github jenkins jenkins pipeline nodejs sonarqube sonarqube scanner static code analysis

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Static Code Analysis: What It Is? How to Use It?

Static code analysis is a method of debugging by examining source code before a program is run. It's done by analyzing a set of code against a set (or multiple sets) of coding rules. Static code analysis and static analysis are often used interchangeably, along with source code analysis.

GIT Branching and Merging with Jenkins Multibranch Pipeline

Here, we will discuss the branching and merging strategy using GIT and how Jenkins Multibranch Pipeline compliments it to give a seamless CI experience.In this article, we will discuss the branching and merging strategy using GIT which will work well for agile teams. We will also see how Jenkins Multibranch Pipeline compliments it to give a seamless Continuous Integration experience.

Effective Code Reviews: A Primer

Peer code reviews have increasingly been adopted by engineering teams around the world. Here are 6 tips to make the process better for teams.

Jenkins Is Getting Old — It’s Time to Move On

After using Jenkins on several projects, we say it's time to move on. Jenkins is left behind with his old approach — found out more!

Guidelines for Java Code Reviews

Guidelines for Java Code Reviews.Get a jump-start on your next code review session with this list.