This post intends to guide users on integrating SonarQube with Jenkins.
What is SonarQube
- Supports multiple Languages.
- Easily integrates with IDE like Eclipse and IntelliJ.
- Easily configured with build management tools like Maven, Gradle, and Ant.
- Easy integration with CI/CD tools like Jenkins, TeamCity, Hudson etc.
- Prebuilt quality checks are available to start with.
- Provides detailed metrics and reports to visualize code quality trends.
- SonaQube is Open Source and has a vast and active community to support.
Why do we need SonarQube?
SonarQube offers comprehensive code analysis capabilities that help in detecting code smells, bugs, vulnerabilities, and other issues early in the development process, allowing developers to solve them as soon as possible, hence saving time, effort, and costs associated with bug fixing, troubleshooting, and rework later on.
It also acts as a quality Management tool. Apart from the code analysis it gathers and generates test reports like unit testing and code coverage.SonarQube provides code coverage data, allowing organisations to evaluate the success of their test suites. Teams can detect gaps in test coverage and improve the overall reliability and robustness of the software by estimating how much of the code is covered by tests.
SonarQube has 2 main components-
A)SonarQube Server: Server Comprises 3 components-
1)Rules: These are the best practices and guidelines that should be followed while writing the code/script. Many default rules come with the SonarQube installation.
2)Database: Whenever a report is generated in SonarQube, it gets stored in the SonarQube database by default.
3)Web Interface: It’s a GUI or dashboard to create new projects, and observe reports and metrics.
B)SonarScanner: This service is responsible for running project analysis and sending the result to SonarQube Server for processing.
1)Install and Configure Jenkins
2)Git repo with Project code
3)Install and Configure Java
4)Install and Configure Maven
1)Go here and download the community edition.
2)UnZip it and save it on your local machine.
To start Sonar, go to the location and Execute the following commands:
Windows: For the Windows platform right click and run the .bat file.
Mac: Navigate to bin/macosx-universal –>./sonar.sh
Open the browser and start the local host.SonarQube server will start on localhost:9000
On the Login screen provide the default username and password = admin/admin. After successful Login, click the new Project–>Select Manually–>Give a project Key and Click the Setup button.
Under Provide a token, select Generate a token. Give your token a name, click the Generate button, and click Continue. Copy this token for future reference.
SonarQube Integration With Jenkins
To integrate SonarQube with Jenkins follow the below-mentioned steps:-
1)Install the plugin
1) log in to Jenkins
2)Go to Plugin Manager
3)Install the Plugin “SonarQube Scanner”
2)Create a Jenkins freestyle project
Go To New item–>Select Freestyle project–>General–>Select Git as Source code management
Provide your Git repo in the URL section. Add a branch to build. For example, specify */master if you want to build a master branch or */main as per recent changes in the Git master branch renamed as main.
Scroll down and navigate to Build environment. Select Prepare SonarQube Scanner environment checkbox. Provide the authentication token which was generated for the SonarQube sample project.
Go to the build steps and provide Goals under the Goals section. Ensure that the correct Maven version is provided in the Maven Version section.
Go to Jenkins Dashboard–>Open Manage Jenkins–>Configure System–>Jenkins location
Fetch your machine’s IP address and configure Jenkins URL with the IP address in the Jenkins URL section.
4)Configure SonarQube Environment
Add a name to your Sonarqube server and provide the Sonar server URL. Add the authentication token which was generated at the Sonar server.
Click Apply and Save.
5)Configure Post-build action
This step is optional. If you want after the successful execution of the build, an HTML report to get published then you can refer to this article to configure post-build actions.
Now Jenkins freestyle job is configured to execute and generate the Sonar Report.
Execution And Sonar Report
1)Start the local sonar server on your machine at port 9090.
2)Go to the configured project and Build the Project in Jenkins.
3)Observe the console output.
Once the build is successful, the Sonar dashboard is updated with the latest results.
Navigate to the sonar dashboard and analyze the results.
Tip: If Jenkins build fails due to an access issue to the Sonar analysis report. Then in the goals section of Jenkins build steps, define the goal along with the project key and token :
clean verify sonar:sonar
-Dsonar.projectKey=Your Project key
By using SonarQube we can improve the code quality and reliability of our application.