=========== SonarQube =========== => Code Quality Checking software or Code Review Software => Using sonarqube we can perform code review to identify developers mistakes in the code. => SonarQube s/w developed by using Java language. => SonarQube supporting 30+ Programming languages code review. Note: We can use sonar trail version for practice. => In company we will use sonar enterprise version (commerical) ============= Sonar Issues ============= => sonar qube server will identify below types of issues in the project. a) Bugs (danger, it may stop code execution) b) Vulnerabilities (security hotspots) c) Code Smells (not danager but weak design) d) Duplicate Code Blocks e) Code coverage (how many lines of code is tested) Note : DevOps team is responsible to perform Code review and send code review report to Development team. Note: Development team is responsible to fix the issues identified by sonar server as part of code review process. ========================== Sonar Quality profiles ========================== => Quality Profile means set of rules to perform code review. => In SonarQube for every language one quality profile available java project ====> java quality profile ===> Java Rules python project ===> python quality profile => Python Rules PHP project ===> php quality profile => PHP rules =================== Sonar Quality Gate =================== => Quality Gate represents overall project code quality is Passed or Failed. Note: If project quality gate is failed then we shouldn't deploy that code. ================= SonarQube Setup ================= https://github.com/ashokitschool/DevOps-Documents/blob/main/06-Sonar-Setup-Docker.md Note: SonarServer runs on port number 9000. Enable it in Ec2 vm security group inbound rules. default username : admin default password : admin ================================== SonarServer Integration in CI CD ================================== => To integrate sonarserver in jenkins pipeline we need sonar server token. => Follow below steps to generate sonar server token => Goto profile => My Account => Security => Generate Token. Token : sqa_31074e77a351480bf44b1e0c0aa43781ea7209bf Note: In jenkin pipeline after maven build process completed we will perform Code Review using SonarQube server.