SonarQube Integration With Jenkins Pipeline | SonarQube GitHub Integration & Code Coverage Java

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] so [Music] hello friends welcome back to my channel so we are back with another tutorial on solar cube so if you have seen my previous tutorial we have spoke about and we shown how to set up sonar coupon docker how to integrate with jenkins like a normal job right so in this tutorial what we are going to do we are going to write the jenkins pipeline script to integrate solar cube static core analysis in your uh you know overall build process okay so by using this so you can have a pipeline script for detecting your vulnerability for quality etc using the sonar cube scan so you uh to give some uh detail how this works is like you have a git or some other uh source code or version control tool right where you'll have your source code so some users will do the checkout or the source code they will keep it in kit so what we will do is we will do a build from this kit so we will pull the we are we are going to use the java project so we are going to pull the code from the gate and we are going to the build in jenkins right that's how we usually do uh for uh java or other continuous build process right so in our case our jenkins is running on docker okay and we will have a sonar cube which is also running in docker okay so what we will do is once the code is pulled by jenkins uh it will uh you know do the scan through the sonar cube and it will give you the output in the sonar case okay so we are going to write the whole pipeline script for pulling the code from kit and uh doing the scan and so on okay we seen how to do this manually uh by writing like a normal build job right so but here we are going to do it like a pipeline script so it will be an interesting tutorial for you so if you haven't subscribed to my channel i would request you to subscribe like this video share and comment so that you know you can get the notifications of my videos so i'll be putting a lot of new videos on devops or splunk or other technologies like docker right and then kubernetes ansible so you will be interested to learn all those things so in order to start you know i have as i showed in the picture diagram that you know i have uh jenkins and sonar cube running as docker containers right so if you don't know how to set up jenkins it's on our keypad docker containers please check my previous tutorial have clearly explained how you can set up jenkins or cube even using docker compose files okay so you can see it there so i'll be using this java project which is a game of life project which is the java project okay which will be using for this uh uh our tutorial and i have my jenkins running okay and i also have the sonar cube right okay so first thing what i want to do is i'll just create a new sonar cube project i'm going to name this as a sonar cube test okay and let me create that so once you click on create no projects i'm giving the sonar cube test project okay it will ask you to generate a token so if you want you can generate a token which we can use it for integrating with the jenkins but i'm here in this case i'm not going to generate anything so if you see you know i have a sonar keep test project here right and i don't have anything uh content here like here if you see the sonar cube this one i showed in one of my previous tutorial like you know how to do the scan uh opportunities in box and everything using sonar cube okay so we'll be getting similar kind of output when we do this build uh you know using the jenkins pipeline so the next step is i will go to jenkins and let me create a new item okay and i'm going to call this one as or i'm going to call this a solar queue pipeline project okay i'm going to use pipeline and we click on okay so now if you see i have the pipeline uh tab here where we can write down the pipeline uh script okay so before i get into that let me save this so i let me show you some of uh configurations i have set it in jenkins this was also done as part of my previous tutorial so there are two things which you need to do one is you need to install a sonarqube plugin so if you go to manage akin and uh like in energy you should be having a install plugin listed here so if i search for our cube scanner you can see it's already installed right so i have already installed this as part of my previous tutorial and also i have configured it so if i go to configure system if you scroll down you can see there is a uh configuration place for sonar cube servers right so i have already enabled this uh you know environmental variables because we need to use this in our pipeline script okay and i have given a name as sonar cube and this is my sonar cube url okay i'm not using any authentication here we can use the authentication as the token or another ways we can do but i'll be giving the user id password correctly in the pipeline script itself okay so let me also show you if i go to global tools configurations i have also set uh an osr installation so you can see it's on our cube and it's the installation installed automatically okay so these are something you know which you need to set it before so if you have not uh seen my previous tutorial i would request you to go and check that okay so now let me go to this uh configuration of pipeline so let me write down uh the pipeline script so if you are not sure how to start you can go to this pipeline syntax you can select like it right and i know how to get this url so i'll go to my github location okay let me put the url here okay and generate pipeline script so you can see it give you a sam uh the script what you need to use okay so let me start the pipeline job so i'll start with node okay you can also start like a pipeline okay and i'm going to call the stage okay so i'm going to call this as a cloning gate okay loading the project from git and don't need this need to have our code so this code should come on this because this is the script which uh the syntax is given for cloning so if you call kit and this one it will clone the project okay so that's the first stage simple command let me go to the second stage and i'm going to call this as a summer cube analysis okay okay here we need to set few things okay so first thing is we have to define uh the sonar cube tool okay so i'm going to define a center cube uh home and the two sonar cube so these names come from my you know the configuration which i did in the managing game so if you have given a different name you need to give the name according to your sonar cube server okay and the next stage is like we need to use the environmental variable for sonarqueen so it should be like this is the command we use with and so on our cube environmental variable okay and inside this we need to use uh solar cube it's again the same name which we have given uh you know for a configuration in the generation case okay then if you have multiple tools you have set you can use multiple sonar q versions and the next commands are going to be almost similar what we have used uh for our normal uh scan with the build process but only the difference is you know we are using inside the pipeline okay so if you see what i'm using is i'm using a shell command first okay to go to this uh solar cube uh home right and that's on our scanner location then i'm going to run this parameters for solar cube so it's giving sonar.login and the password so i'm using the id and password here so it's a hardcoded user id password so we can also use the you know the key which we can create from sonar cube and we can use that okay so that's a better option but this i just want to show it here in this way so maybe next tutorial i will show it in a different way okay and i'm going to tell jenkins that you know the project it should be sonar cube uh i think which based on our cube test project okay it should be somewhere cube test project and that should be you know the what files which i need to exclude and what is the url force on our cube okay so that is all for this uh pipeline script so let me save this and let me try to run the build okay so let's see what the output we get [Music] you can see you know it started the build job right the first stage is cloning the project so if i open this in a new tab you can see the console output right so let's try and download the project from kit okay so it's checking out right checking out the master branch and now it's uh trying to start the sonar cube scan right it's uh putting all this information okay so let's wait okay let's wait for to get our output if you see this pipeline the first part is completed and it's running in the solar cube analysis part right so that's what it's happening now so this may take or some time okay depending upon the size of the project so my project you know the game of life is a little bit the bigger project so it may it have a lot of files to be analyzed and a lot of data to be you know updated to the database of sonar cube so it may take some time so it's almost done so if you see like it's creating the report right so it's almost like 123 mb of data for reports so that's why you know depending upon your project may take more time to complete okay there is some error message we got so let me just check that okay okay so i think there was some happen to connect to this cube so let me check that okay as you can see now it's completed so i was just analyzing why last time it failed because i found my docker container was crashed so i had to reboot uh my sonar cube container so now it's connected okay let me go to the sonar cube instance so now we can see it's completed we should be able to see the output on the sonar cube so if you see it's on our cube test project we still don't see anything right so that is because if you go to let me see what it is if you go to administration and project background task if you see this on our cube test the status is still running because you know the output we got from jenkins is yet to be synced with the sonar cube so it may take some time to get updated in the you know the database depending upon the performance you can see now both uh is completed right so you can see now it came to green okay so we should wait for some free okay now if you see like you know the sonar cube test also we got the bugs right vulnerabilities code smells and all those things we are able to see so you can go inside that uh project and you should be able to get the more information on that right so if you go to 120k box which will start listing on that i think it's still not completed you can see some background processes they're running so we may need to wait for the whole result to be updated so the background task is completed so if you go back to your project and if you see the box you should be able to see the complete detail like what kind of box is there right so that's how you know if you see here the chord smells you can see what uh it gives so if you see this is the benefit of sonar cube right once you do your analysis you will be getting the complete details from it okay so that is all uh i wanted to show in this tutorial so as you see like what we did is we completely did the you know the pipeline job so now if you want to integrate with any project you don't need to manually run the solar cube scan you can just make use of this code you know in your pipeline job so it will automatically scan your project so not give any queued output now what i want to do in the next tutorial is like here we just did the scan right so in whichever cases your solar cube will complete the scan and your jenkins job will pass but i want to define some quality gate so that you know when the job does not pass the quality gate the job in jenkins should fail so that would be my next part of tutorial okay so please watch my channel so you'll be able to see that so i hope you will be you know subscribed to my channel so you can watch out for a more tutorial okay so i'm sure this tutorial will be informative for you and thank you for watching kindly subscribe to my channel again like the video share and comment

Info

Channel: Thetips4you

Views: 24,124

Rating: undefined out of 5

Keywords: sonarqube jenkins pipeline, sonarqube integration with jenkins pipeline, sonarqube tutorial, sonarqube integration with jenkins, sonarqube code coverage, sonarqube code coverage java, sonarqube and jenkins, sonarqube for beginners, sonarqube github integration, sonarqube gitlab integration, sonarqube jenkins integration, sonarqube java project, sonarqube scanner integration with jenkins, sonarqube tutorial java, demo, analysis, basics, code coverage, devops, full tutorial, how to

Id: 4AEW-yR_Biw

Channel Id: undefined

Length: 16min 36sec (996 seconds)

Published: Wed Dec 23 2020