Configure Sonarqube with VSTS for Continuous Code Quality

Sonarqube is used to Continuously inspect code for quality. This is an Open source, supports multiple languages like Java, Javascript, C#, C/C++, COBOL, Python, PL/SQL and more. Sonarqube has following features

  • Overall health of your project
  • Quality gate
  • Identify code vulnerability
  • Code Smells
  • Bugs
  • Code Duplication
  • Code Coverage
  • Security
  • Maintainability
  • Analyse pull requests

We can configure Sonarqube in VM in Cloud or use SonarCloud, for this workshop we will be using Sonar Cloud

Follow below steps to setup SonarCloud

    1. Open link and Signup with your Github accountScreenshot_19
    2. After signup click on to your profile, select organizations tab and Click on Create buttonScreenshot_20.png
    3. Give company name. for our demo give your name and click on Create buttonScreenshot_23.png
    4. Navigate to Security tab and enter VSTS Build, click on Generate buttonScreenshot_22
    5. make a note of generated TokenScreenshot_24
    6. Navigate to Administration tab and click Create Project buttonScreenshot_39
    7. Enter project details in dialogue window and click Create button. Make a note all these details which we will be adding later into our Continuous Integration build definition in VSTS Screenshot_41
    8. We will integrate Sonarqube with our Continuous Integration build which we have created before from Enable DevOps Continuous Integration with Microsoft VSTS for project
    9. Navigate to VSTS account. Select Build and Release tab then select Builds tab. Here you will see the list CI builds. click on and select Edit option.Screenshot_27
    10. Click on + button to add task and Search for Sonar, if you don’t find the extension then click on top corner, click on Browse Marketplace to install Sonarqube extensionsScreenshot_35.png
    11. Search for Sonarqube extension and install to your VSTS accountScreenshot_29 Screenshot_30
    12. Click on Confirm to install Screenshot_31.png
    13. Navigate to VSTS account, refresh the page so that installed Sonarqube extension will appear. Search for Sonar and select SonarQube Scanner for MSBuild – Begin Analysis (new) and Add to build stepsScreenshot_32
    14. Also add SonarQube Scanner for MSBuild – End Analysis (New)Screenshot_33
    15. Reorder SonarQube StepsScreenshot_34
    16. Select Prepare the SonarQube analysis and click on Manage link to add SonarQube service endpointScreenshot_36.png
    17. Now lets add SonarCloud details we have created in the beginning. Enter these details in Connection name field enter SonarQube, Server Url field enter and enter previously generated token from SonarCloud at Token field and click OKScreenshot_38
    18. Go to VSTS account Edit screen and select SonarQube as SonarQube Endpoint which we have just created, enter as sample project under Project Name field, enter VSTSProject under Project Key  field which we have created in SonarCloud. Expand Advanced section and enter Orgnization name which we have created in SonarCloud. Click on Save & queue at the top to queue the buildScreenshot_47
    19. Click Build number to see as build happens


  1. Check whether the Build is Succeeded<a href=Screenshot_49.png
  2. Go to SonarCloud and see your project code analysis. Screenshot_50.png

We are done with configuring Sonarqube with VSTS for Continuous Code Quality.

Next steps will Build Continuous Deployment with VSTS and Azure

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s