Sonarqube is used to Continuously inspect code for quality. This is an Open source, supports multiple languages like Java, Javascript, C#, C/C++, COBOL, Python, PL/SQL and more. Sonarqube has following features
- Overall health of your project
- Quality gate
- Identify code vulnerability
- Code Smells
- Bugs
- Code Duplication
- Code Coverage
- Security
- Maintainability
- Analyse pull requests
We can configure Sonarqube in VM in Cloud or use SonarCloud, for this workshop we will be using Sonar Cloud
Follow below steps to setup SonarCloud
-
- Open https://sonarcloud.io/ link and Signup with your Github account
- After signup click on to your profile, select organizations tab and Click on Create button
- Give company name. for our demo give your name and click on Create button
- Navigate to Security tab and enter VSTS Build, click on Generate button
- make a note of generated Token
- Navigate to Administration tab and click Create Project button
- Enter project details in dialogue window and click Create button. Make a note all these details which we will be adding later into our Continuous Integration build definition in VSTS
- We will integrate Sonarqube with our Continuous Integration build which we have created before from Enable DevOps Continuous Integration with Microsoft VSTS for Asp.net project
- Navigate to VSTS account. Select Build and Release tab then select Builds tab. Here you will see the list CI builds. click on … and select Edit option.
- Click on + button to add task and Search for Sonar, if you don’t find the extension then click on top corner, click on Browse Marketplace to install Sonarqube extensions
- Search for Sonarqube extension and install to your VSTS account
- Click on Confirm to install
- Navigate to VSTS account, refresh the page so that installed Sonarqube extension will appear. Search for Sonar and select SonarQube Scanner for MSBuild – Begin Analysis (new) and Add to build steps
- Also add SonarQube Scanner for MSBuild – End Analysis (New)
- Reorder SonarQube Steps
- Select Prepare the SonarQube analysis and click on Manage link to add SonarQube service endpoint
- Now lets add SonarCloud details we have created in the beginning. Enter these details in Connection name field enter SonarQube, Server Url field enter https://sonarcloud.io and enter previously generated token from SonarCloud at Token field and click OK
- Go to VSTS account Edit screen and select SonarQube as SonarQube Endpoint which we have just created, enter as sample project under Project Name field, enter VSTSProject under Project Key field which we have created in SonarCloud. Expand Advanced section and enter Orgnization name which we have created in SonarCloud. Click on Save & queue at the top to queue the build
- Click Build number to see as build happens
- Open https://sonarcloud.io/ link and Signup with your Github account
We are done with configuring Sonarqube with VSTS for Continuous Code Quality.
Next steps will Build Continuous Deployment with VSTS and Azure