Sonarqube Setup on Docker for jenkins CI/CD(Ubuntu)

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality and security vulnerabilities. It is designed to help developers and teams manage technical debt effectively by providing insights into code quality, security vulnerabilities, code smells, and bugs. Here are the key aspects and features of SonarQube:

1. Code Quality Analysis: SonarQube analyzes code across various programming languages (such as Java, C#, JavaScript, Python, and others) to assess code quality based on a set of predefined rules and best practices.
2. Security Vulnerability Detection: It identifies security vulnerabilities in the code, such as potential injection flaws, cryptographic issues, authentication problems, and other security weaknesses that could lead to exploitation.
3. Code Smells and Bugs: SonarQube detects code smells, which are indicators of potential issues that may not necessarily be bugs but could lead to maintainability problems. It also identifies bugs that can cause runtime errors or unexpected behavior.
4. Customizable Quality Profiles: Users can create or customize quality profiles to tailor the analysis according to specific project requirements or organizational standards.
5. Integration with CI/CD Pipelines: SonarQube integrates seamlessly with CI/CD pipelines, allowing automatic code analysis and quality checks as part of the continuous integration and delivery process.
6. Dashboard and Reporting: It provides a dashboard that displays a summary of code quality metrics, issues found, and trends over time. Detailed reports are also available to help track improvements and prioritize remediation efforts.
7. Support for Multiple Environments: SonarQube supports analyzing code in different environments, including local development environments, centralized servers, and cloud-based setups.
8. Extensible with Plugins: Additional functionality can be added through plugins available in the SonarQube marketplace, expanding its capabilities to cover specific needs or technologies.
9. Community and Support: Being open-source, SonarQube benefits from an active community that contributes to its development and provides support through forums, documentation, and community resources.

Overall, SonarQube plays a crucial role in ensuring code quality, security, and maintainability throughout the software development lifecycle, helping teams deliver reliable and secure applications.

Step 1:-Prerequisites

1. Install Jenkins

Install Jenkins on Ubuntu 🚀

2 Install Docker

Install Docker on the system where Jenkins is running

sudo apt-get update
sudo apt-get install docker.io -y
sudo usermod -aG docker $USER   #my case is ubuntu
sudo usermod -a -G docker jenkins
systemctl restart docker

Step 2:- Sonarqube Docker Container Run

After the docker installation, we create a sonarqube container (Remember to add 9000 ports in the security group).

docker run -d --name sonar -p 9000:9000 sonarqube:lts-community

Now our sonarqube is up and running

Now our sonarqube is up and running on Port :9000

username -  admin
password - admin

Now our sonarqube is up and running

Update New password, This is Sonar Dashboard.

Install Plugins Sonarqube Scanner

Goto Manage Jenkins →Plugins → Available Plugins → search

SonarQube Scanner (Install without restart)

Configure Tool

Goto Jenkins Dashboard → Manage Jenkins → Tools

SonarQube Scanner installations

After that click on apply

Configure Sonar Server in Manage Jenkins

Goto your Sonarqube Server. Click on Administration → Security → Users → Click on Tokens and Update Token → Give it a name → and click on Generate Token

click on update Token

Create a token with a name and generate

copy Token

Goto Jenkins Dashboard → Manage Jenkins → Credentials → System → Global credentials (unrestricted) → Add Secret Text

Enter detail and click on create

Now, go to Dashboard → Manage Jenkins → System and Add like the below image.

Click on Apply and Save

In the Sonarqube Dashboard add a quality gate also

Administration–> Configuration–>Webhooks

Click on Create

Add details

in URL section of quality gate :
<http://jenkins-public-ip:8080>/sonarqube-webhook/

sonarqube setup is done

Jenkins Pipline example code is shown below.

stage("Sonarqube Analysis "){
            steps{
                withSonarQubeEnv('sonar-server') {
                    sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=zomato \
                    -Dsonar.projectKey=zomato '''
                }
            }
        }
        stage("quality gate"){
           steps {
                script {
                    waitForQualityGate abortPipeline: false, credentialsId: 'Sonar-Token'
                }
            }
        }