SonarQube is an open-source platform for continuous inspection of code quality. Here, We will discuss integrating SonarQube with Jenkins to achieve CI with fully automated code analysis.
Welcome back to the second article in our #BacktoBasics series. As many of us already know, SonarQube is an open-source tool for continuous inspection of code quality. It performs static analysis of code, thus detecting bugs, code smells and security vulnerabilities. In addition, it also can report on the duplicate code, unit tests, code coverage and code complexities for multiple programming languages. Hence, in order to achieve Continuous Integration with fully automated code analysis, it is important to integrate SonarQube with CI tools such as Jenkins. Here, we are going to discuss integrating SonarQube with Jenkins to perform code analysis.
Enough on the introductions. Let’s jump into the configurations, shall we? First of all, let’s spin up Jenkins and SonarQube using Docker containers. Note that, we are going to use docker compose as it is an easy method to handle multiple services. Below is the content of the
docker-compose.yml file which we are going to use.
version: '3' services: sonarqube: ports: - '9000:9000' volumes: - 'E:\work\sonar\conf\:/opt/sonarqube/conf' - 'E:\work\sonar\data\:/opt/sonarqube/data' - 'E:\work\sonar\logs\:/opt/sonarqube/logs' - 'E:\work\sonar\extensions\:/opt/sonarqube/extensions' image: sonarqube jenkins: image: 'ravindranathbarathy/jenkins' volumes: - /var/run/docker.sock:/var/run/docker.sock - 'E:\work\jenkins_home\:/var/jenkins_home' ports: - '8080:8080' - '5000:50000' jenkins-slave: container_name: jenkins-slave restart: always environment: - 'JENKINS_URL=http://jenkins:8080' image: kaviyakulothungan/jenkins-slave-node:v2 volumes: - /var/run/docker.sock:/var/run/docker.sock - 'E:\work\jenkins_slave\:/home/jenkins' depends_on: - jenkins
docker-compose up is the command to run the
docker-compose command to spin up Jenkins and Sonarqube
Note: The `docker-compose_` command must be run from folder where the `docker-compose.yml_`_ file is placed_
This file, when run, will automatically host the Jenkins listening on port 8080 along with a slave.
Jenkins hosted using Docker
The SonarQube will be hosted listening on port 9000.
SonarQube hosted using Docker
In order to run the SonarQube analysis in Jenkins, there are few things we have to take care before creating the Jenkins job. First of all, we need to install the_ ‘_SonarQube Scanner” plugin. For this, let’s go to Jenkins -> Manage Jenkins -> Manage Plugins. There, navigate to “Available” view and look for the plugin “SonarQube Scanner”. Select the plugin and click on “Install without restart” and wait for the plugin to be installed.
Installing SonarQube Scanner Plugin
Once the plugin is installed, we need to configure a few things in the Jenkins global configuration page.
For that, let’s click on Jenkins -> Manage Jenkins -> Configure System -> SonarQube Servers and fill in the required details.
SonarQube Server Configuration
To get the server authentication token, login to SonarQube and go to Administration -> Security -> Users and then click on Tokens. There, Enter a Token name and click on Generate and copy the token value and paste it in the Jenkins field and then click on “Done”.
Creating Authorization Token
Finally, save the Jenkins Global configurations by clicking on the “Save” icon.
There is one last configuration which has to be set up. In order to run SonarQube scan for our project, we need to install and configure the SonarQube scanner in our Jenkins. For that, let’s go to Manage Jenkins -> Global Tool Configuration -> SonarQube Scanner -> SonarQube Scanner installations. Enter any meaningful name under the Name field and select an appropriate method in which you want to install this tool in Jenkins. Here, we are going to select “Install automatically” option. Then, click on “Save”.
SonarQube Scanner Configuration in Jenkins
Since we are all set with the global configurations, let’s now create a Jenkins Pipeline Job for a simple node.js application for which code analysis will be done by SonarQube.
For that, let’s click on “New Item” in Jenkins home page and enter the job name as “sonarqube_test_pipeline” and then select the “Pipeline” option and then click on “OK”.
Creating Jenkins Pipeline job
Now, inside the job configuration, let’s go to the Pipeline step and select Pipeline Script from SCM and then select Git and enter the Repository URL and then save the job.
#backtobasics continuous integration devops blueocean ci code review continous integration docker docker-compose git github jenkins jenkins pipeline nodejs sonarqube sonarqube scanner static code analysis
Static code analysis is a method of debugging by examining source code before a program is run. It's done by analyzing a set of code against a set (or multiple sets) of coding rules. Static code analysis and static analysis are often used interchangeably, along with source code analysis.
Here, we will discuss the branching and merging strategy using GIT and how Jenkins Multibranch Pipeline compliments it to give a seamless CI experience.In this article, we will discuss the branching and merging strategy using GIT which will work well for agile teams. We will also see how Jenkins Multibranch Pipeline compliments it to give a seamless Continuous Integration experience.
Peer code reviews have increasingly been adopted by engineering teams around the world. Here are 6 tips to make the process better for teams.
After using Jenkins on several projects, we say it's time to move on. Jenkins is left behind with his old approach — found out more!
Guidelines for Java Code Reviews.Get a jump-start on your next code review session with this list.