Introduction
SonarQube: It is a code quality management tool. If the developer is not following the tools it is going to generate the report
Code Coverage: how many lines tested by unit test cases
Code Review: we are validating the code against the standard
it is an open-source software quality management tool
it will continuously analyze and measure the quality of source code
it will generate the report if any issues in HTML format/PDF format
it is a web based tool supports multiple languages(java, C#, JS)
it will support multi OS platforms(windows, MAC, linux)
it supports multiple databases (MySQL, Oracle, etc,.)
it will identify the code category of issues
duplicated code-(solution-functions)
coding standards
Unit tests
Complex code
Comments
Potential Bugs
Architecture & Design
maven/tomcat/ --> developed java --> supports only Java PL
SonarQube/nexus/Jenkins --> developed using this Java -->Supports multiple languages
popular Database
Relations DB's
:> Open source database Oracle, MYSQL, PostgreSQL, MS SQL server
DB2
NO SQLDBS/NON Relational DBS
Mango DB, cloud, data is stored in JSON format
Document == table
In SonarQube H2 is an inbuilt Database in the SonarQube server
initially, it is developed for only Java projects
pre-requisite
java 22 version
- to have Java (Oracle JRE 8 onwards or OpenJDK 8 onwards) installed on your machine
it will check vulnerabilities, bugs, code smells
installation
# sudo su - (log in as a root user
#cd /opt change dir to /opt
#apt install update
# apt install wget -y
# wget
#apt install
#java -version
After installation
ls
Add the user & give the permission
Change the ownership & permission
Switch to sonar user
#start sonarqube server
#sh. sonar.sh start
connect to the server via IP address:9000
username: admin
password: admin
In root user we can run the SonarQube Server
Change it to SonarQube User
change the user
check the status
This is the error which a file is showing in log files
So delete the tmp directory
Log into the page by 9000
we need to configure the sonarqube sever details in Pom.xml
Go to Pom.xml & edit
vi pom.xml
In Properties Section we need to change it
now we have updated in pom.xml
so # mvn package is a build artifact
mvn sonar:Sonar is a command for sonarqube reports -- > for java code [here sonar is a plugin name : Sonar is a goal name ]
We can see it in dashboard
then generate the token
go to my account in sonar dashboard > security >generate token
In pom.xml we have to replace it in --> no user or password is required
process for NodeJS
Lets check the code now
quality gates
it is a condition set to executed
press on create and give parameter as shown below
set condition : after adding repo name (note : condition will be obtained by development team)
to quality gate to project we have to go to projects and then click on Administration and select quality gates
See the following video
