How to Integrate SonarQube with Azure DevOps | Automate Code Scan using SonarQube In Azure Pipelines

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome back in this video we are going to learn how to integrate sonar cube with Azure devops in our previous video we learned how to setup sonar Cube on Azure Cloud but this video we are going to integrate sonar cube with Azure devops so if you look at this diagram we have configured a project in Azure reports so this is my Azure post I have configured a Java web application over here and we are going to create Azure devops pipeline which is going to check out the code from here and then Azure device pipeline would integrate with sonar Cube okay so we will make a code change in Azure approach and that is going to trigger build and um a set of Ops Pipeline and that is going to perform analysis uh code analysis in installer Cube and then we are going to log into sonar Cube and then look at all the bug report or any kind of code smells or anything like that all right awesome so if you look at the demo item here um yes we need to have sonar Cube weapon running we also need to have Java web app configured and then as part of the demo what I'm going to do is we need to First install sonar Cube add-on in azure devops and then we are going to create a token in sonar Cube because we need to authenticate uh from agenda verbs into sonar Cube so we are going to create a token in sonar Cube and then we are going to uh create a service connection under project settings in Azure devops because once you have a service connection created your pile print can use the service Connection in order to integrate with the sonar queue and then we will create a pipeline and then we will choose Maven template and then we will add a record task in order to do the build in order to do the code analysis so we have to add these two task this task is important like Java tool installer because uh sonar Cube latest version does not support Java 8 so we need to have Java 11 installed as part of our pipeline so we will also take care of that and then we will save the configuration and then we will run the bill and then we will check the analysis report in sonar Cube okay so that's all we are going to do awesome guys so let's get started so this is my website coach devops.com I will be posting the link right below the video as well so we already have sonar Cube up and running we already have Java project configured okay so this is my Sonar cube right here okay so the first thing is we need to install the sonar Cube add-on or Plugin you can click on this link or you can also go to Google here and then say sonar Cube Azure devops extension so when you type that it is going to directly take you to I mean this page yeah so you can click on get it free so you see here right so I have already installed but this is how you would install to your organization okay perfect so this is taken care let me scroll down further so now we are going to talk about how to integrate sonar Cube website so we need to First create a token in sonar Cube so let me go into sonar Cube so if you see here I already logged in here as admin so this is mandatory you need to log in as admin so you can see the administration tab so click on the administrator name and go to account go to security so we need to create a token here uh let me say sonar token all right let me say sonar Ado token ok so select as a global analysis token and this is up to up to you so when you want to expire right this is not recommended uh but you know you can just say maybe 30 days or 90 days let me go with 30 days and then click on generate so this is the token okay so make sure you copy this value and then go into uh go into Azure devops dashboard and then go to the project settings so this is the project where I want to integrate uh you know with sonar Cube okay so go to that particular project go to that particular project settings so what we need to do is we need to create a service connections so click on service connections click on new service connection and then you can search here sonarq and this is the one click on next so this is where we are going to registers on our Cube information so I already copied the token I'm going to paste that over here and then it is asking for the sonar Cube URL so that is the URL uh paste that here don't provide anything after port number 9000 okay and then give some name so I can say my Sonar Cube and then make sure you give this permission okay so all the permissions should have access so make sure you check this so that's it click on Save so right now our service connection is created so what we can do is we can create a pipeline and then we can use the service Connection in order to integrate with sonar Cube okay so let's go to Pipelines and click on create pipeline so I'm going to go with the classic editor as part of this particular demo maybe in the maybe in a separate video we will learn how to uh you know use AML pipeline in order to integrate with the sonar Cube so let me go with the classic editor and since we already have our project configured in Azure reports itself so I'm going to go with this option if you want to integrate with GitHub or if you want to integrate with bitbucket Cloud that process is slightly different but the scope of this video is just to integrate with Azure reports okay so click on continue so now we have to choose a template so I'm going to do a very simple pipeline I'm not going to deploy into Azure cloud and all but if you want to deploy into Azure Cloud so what you can do you can type Java and then you can choose this template but but since we are going to do a basic pipeline so just type Maven here and then use this one select this one and then click on apply so that's it right now our pipeline is created so now we are going to go ahead and then configure this let me first pick up the agent so let me choose Ubuntu latest so this is our pipeline right so what we have to do we have to add a couple of more tasks so click on plus and then type sonar Cube here so when you type it if you don't uh if it if that does not show up here it means that you have not added the sonarq plugin okay so what we are going to do we are going to add this task and we have to move up this task let's move this up okay and then we also need to add one more task which is nothing but a Java tool installer because uh sonar Cube does not support Java 11 because by default Java 8 is used so we need to add this also okay so this needs to be I think this is fine so we have to change into Java 11. and choose an x64 that's fine and then jdq source is pre-installed so this is good now let's configure this particular task so this is where we are going to use the service connections so we already selected as part of service connections right so we are going to use this one and then we are going to select this option okay perfect so this is fine and then this is our Maven task so since we are going to integrate with uh sonar Cube so we need to add a maven gold so I'm going to say install sonar colon sonar and we need to Pro select the path of our palm.xml file let me see here so I want to make sure you know I select the Palm red XML file okay so because in my project I do have Palm red XML file in the root of the app folder so that's why I have to give like that perfect I think that's pretty much over there so we are going to build a war file so let me change this into war I think that's pretty much over there let me see everything looks good you don't have to check this option it should work uh without that okay all right and then if you want to trigger through some automated way you can if you want to enable you know web books so you can also go ahead with this option so let me save and queue click on save and run so as you can see the build is going to start okay so the build is started awesome perfect so right now it started uh performing the maven task yeah this is loading all the rules so this is the sonarq version which we are using so if I go there yeah so look at this one so this is a sonar Cube version what we are using so it's loading the rules and everything is fine it also able to perform the analysis perfect so now if I log it into sonar Cube so this is my Sonic dashboard click on projects wow see here guys so the last analysis happened like 35 seconds ago so this is our report so right now this has three bucks you all see here right so you can also click on the bug in order to see what is the bugs and all so yeah so that's it guys you know that's how you can uh integrate sonar cube with azure devops why don't we go ahead and then fix this box okay so uh the code is over here reports so I'm going to go into my web app SRC main web app index.jsp so this is where it is complaining isn't it so if you click on the box overall code click on box there you go you all see here so that is where it is reporting error so if you click on the first bug so it says that title is Miss Missing Right add a title tag to this page so you can also click on why this is an issue so now if you see here this is a non-compliant code and this is the complaint code right it says that you know title is missing so we can just simply copy this and let's go to the code and then we can just add a title above the body so I'm going to edit the code so title generally will come above the body so perfect so we fix that issue now let's go back and let's fix the second issue so this says that let's click on why this is an issue it says that this is a non-compliant code it does not have this particular doc type so we need to put this on so we are going to add this right above the HTML tag so let me go into the code I am going to add right above the HTML tag right so that's where I'm going to add and then let's look into the third issue so this says that title is missing not title uh the language that you see here right so this is missing it says so click on why this is an issue so if you look at uh non-compliant yeah there you go I don't have a language attribute there so we just need to add this one that's it so let me go back to the code and then I just need to add that one like that that's it right okay so that's pretty much over there so that's how you're gonna fix it so now let me uh click on Commit um but before yeah let me go ahead and commit um because if you remember we have configured our pipeline like a Web book so as soon as you commit uh code change it is going to trigger the bill so what I'm going to do I'm going to say fixed fixed the defects on by fixed 3 defects found by sonar click on Commit so as soon as I commit if I go to pipeline the bill should be running at least it should be in the queue there you go you see here right now so the build is already queued so it is starter running so why the build is running because if you remember if I edit the pipeline configuration if you go under trigger section so we have enabled a continuous integration right so this is like you know enabling Web Box okay so let's see right now so it is scanning right now okay see it already performed okay so we could see it again we could see the analysis everything is done so now if I go into everything is done pipeline ran a successful so if I go into sonar Cube go to projects wow there you go guys so the last analysis happened like 30 seconds ago right now we don't see any box right yeah look at here so earlier we had three bucks right now we don't have any bugs yeah so yeah so that's it guys you know that's how you would integrate sonar cube with Azure devops and that's how you know we can perform uh code analysis thank you for watching this video

Info

Channel: DevOps Coach

Views: 19,570

Rating: undefined out of 5

Keywords:

Id: R1bBkb1lWx4

Channel Id: undefined

Length: 15min 13sec (913 seconds)

Published: Tue Feb 14 2023