Adding Sonarqube into our workflow, code and security analysis.
Pre-requisites
- Read the 1st part
- Ngrok app
For clarification
I tried to install it on the t2.micro instance but Sonarqube requires 2 gb ram
We will install it on our local machine to do everything for free at least in this test environment, but in AWS a t2.medium is recommended (it is not free tier).
Deploy Sonarqube
- Sonarqube compose file
- cd /path(compose file)
docker-compose up -d
In sonarqube it is typical to find this error when deploying the container.
The solution is simple paste into the CLI the next code
sudo sysctl -w vm.max_map_count=262144
Opening Sonarqube Web -> http://localhost:9000
Well as sonarqube is in our localhost now we will expose it to the internet
- Tunneling app to internet through Ngrok
Our Sonarqube is now exposed to the internet
Configure Jenkins to add Sonarqube
- Go to Jenkins -> Manage Jenkins -> Plugins ->Available plugins
- Install SonarQube Scanner
Now we configure the plugin
- Manage Jenkins -> System
- Search SonarQube servers -> Click Environment variables
- Go to SonarQube Web
- Click in Administration bar -> Security-> Users
- Click Token and name it
Now copy the token into the jenkins configuration variable
- Press Add
- Kind= Secret text ID and description name them as you wish
- Change Server authentication token
- Save
CodeQuality Stage
Take a look to the pipeline project
tools: maven 3.9.6
Go to Manage Jenkins -> Tools -> Maven
Ready to run the job
- Build the job
- New Item -> Pipeline
Check the correct branch
run
- Pulsa sobre el icono de sonarqube en la web, y haz click en el proyecto demo
Quality Gate
What is a quality gate for?
This function is used to wait for a certain time until the code analysis is completed
It's simple to use, just add the next code to the pipeline
stage("Quality Gate") {
steps {
timeout(time: 2, unit: 'MINUTES') {
waitForQualityGate abortPipeline: true
}
}
}
Top comments (0)