How To Integrate SonarQube With Jenkins

This post intends to guide users on integrating SonarQube with Jenkins.

What is SonarQube

SonarQube is a very popular code quality management tool used widely for static code analysis to identify code smells, possible bugs, and performance enhancements. SonarQube supports many popular programming languages like Java, JavaScript, C#, Python, Kotlin, Scala etc. It also provides test and code coverage.

SonarQube Features 

Sonarqube supports multiple features, some of which are listed below.

  1. Supports multiple Languages.
  2. Easily integrates with IDE like Eclipse and IntelliJ.
  3. It is easily configured with build management tools like Maven, Gradle, and Ant.
  4. Supports easy integration with CI/CD tools like Jenkins, TeamCity, Hudson etc.
  5. Prebuilt quality checks are available to start with.
  6. Provides detailed metrics and reports to visualize code quality trends.
  7. SonaQube is Open Source and has a vast and active community to support.
  8. Available in both Opensource and Enterprise versions.

Why do we need SonarQube?

SonarQube offers comprehensive code analysis capabilities that help in detecting code smells, bugs, vulnerabilities, and other issues early in the development process, allowing developers to solve them as soon as possible, hence saving time, effort, and costs associated with bug fixing, troubleshooting, and rework later on.

It also acts as a quality Management tool. Apart from the code analysis it gathers and generates test reports like unit testing and code coverage.SonarQube provides code coverage data, allowing organisations to evaluate the success of their test suites. Teams can detect gaps in test coverage and improve the overall reliability and robustness of the software by estimating how much of the code is covered by tests.

SonarQube Components

SonarQube has 2 main components-

A) SonarQube Server:

The SonarQube Server Comprises 3 components-

1) Rules: These are the best practices and guidelines that should be followed while writing the code/script. Many default rules come with the SonarQube installation.

2) Database: Whenever a report is generated in SonarQube, it gets stored in the SonarQube database by default.

3) Web Interface: It’s a GUI or dashboard to create new projects, and observe reports and metrics.

B) SonarScanner:

This service runs project analysis and sends the result to the SonarQube Server for processing.

Prerequisites:

Before moving on to the Sonarqube integration with Jenkins make sure that we have installed and configured the required tools in our system.

1) Install and Configure Jenkins

2) Git repo with Project code

3) Install and Configure Java

4) Install and Configure Maven

SonarQube Setup

The first step is the installation and configuration of SonarQube on our system. Follow the below-mentioned steps.

1) Go here and download the community edition.

2) UnZip it and save it on your local machine.

3) To start Sonar, go to the location where Sonar files are located and Execute the following commands:

Windows: For the Windows platform right click and run the .bat file.

C: \sonarqube\bin\windows-x86-xx\StartSonar.bat

Mac: Navigate to bin/macosx-universal and execute the command.

./sonar.sh

4) Open the web browser and start the local host.SonarQube server will start on localhost:9000

Once the Login screen appears then provide the default username and password = admin/admin. After successful Login, click the new Project–>Select Manually–>Give a project Key and Click the Setup button.

Under the Provide a token section, select Generate a token option. Give your token a unique name, click the Generate button, and click Continue. Copy and save this token for future reference.

SonarQube Integration With Jenkins

To integrate SonarQube with Jenkins follow the below-mentioned steps:-

1) Install the SonarQube Scanner plugin

Jenkins is configured at port 8080 and will be accessible at http://localhost:8080.

1) Log in to Jenkins
2) Go to Jenkins Dashboard and navigate to manage Jenkins.
2) Go to Plugin Manager and search for the ‘SonarQube Scanner’ plugin under the available tab.
3) Install the Plugin “SonarQube Scanner”

SonarQube Plugin For Jenkins

After the installation restart the Jenkins and verify the installed plugin under the installed tab.

2) Create a Jenkins freestyle project

Go To New item–>Select Freestyle project–>General–>Select Git as Source code management

Provide your Git repo in the URL section. Add a branch to build. For example, specify */master if you want to build a master branch or */main as per recent changes in the Git master branch renamed as main.

Source code management git

Scroll down and navigate to Build environment. Select the Prepare SonarQube Scanner environment checkbox. Provide the authentication token that was generated for the SonarQube sample project.

SonarQube Scanner

Next, Go to the build steps and provide Goals under the Goals section. Ensure that the correct Maven version is provided in the Maven Version section.

Sonar Goals

3) Configure Jenkins

Go to Jenkins Dashboard–>Open Manage Jenkins–>Configure System–>Jenkins location

Fetch your machine’s IP address and configure the Jenkins URL with the IP address in the Jenkins URL section.

Jenkins Location Configuration

4) Configure SonarQube Environment

Scroll down and come to the SonarQube installation section. Add a name to your Sonarqube server and provide the Sonar server URL. Provide an authentication token that was generated at the Sonar server.

SonarQube With Jenkins

Click Apply and Save. SonarQube installation is complete with the Jenkins server.

5) Configure Post-build action

This step is optional. If you want after the successful execution of the build, an HTML report to get published then you can refer to this article to configure post-build actions.

Now Jenkins freestyle job is configured to execute and generate the Sonar Report.

Execution And Generation of Sonar Report

1) Start the local sonar server on your machine at port 9090.
2) Go to the Jenkins configured project and Build the Project in Jenkins.
3) Observe the console output.

Once the build is successful, the Sonar dashboard is updated with the latest results.

SonarQube Jenkins Integration

Navigate to the sonar dashboard and analyze the results.

SonarQube Analysis

Tip: If Jenkins build fails due to an access issue to the Sonar analysis report. Then in the goals section of Jenkins build steps, define the goal along with the project key and token :

clean verify sonar:sonar 
  -Dsonar.projectKey=Your Project key
  -Dsonar.host.url=http://localhost:9000 
  -Dsonar.login=Your Token

By using SonarQube we can improve the code quality and reliability of our application. This process can also be automated using the Jenkins code pipeline.

Discover more from AutomationQaHub

Subscribe now to keep reading and get access to the full archive.

Continue reading