DevOps Classroomnotes 05/Mar/2023

Static Code Analysis

  • Static Code Analysis focuses on
    • Coding Standards
    • Best Practices
    • Security Checks
    • Code Coverage
  • To perform Static Code Analyis we will be using Sonar Qube.
  • Sonar Qube can be installed on any linux/windows instance Refer Here
  • Refer Here to install sonar qube on ubuntu 22.04
  • For this class purposes i would be using Refer Here
  • We have a Jenkins master with 4 executors and node with 4 executors.
  • Jenkins master has JDK 17 and Maven where as node 1 has JDK8, JDK11 and maven
  • We have two free style projects of java (build,test, package)
    Preview
  • We have two declarative projects of java (build,test, package)
    Preview
  • To integrate sonar qube with jenkins Refer Here for previous blog article and [Refer Here](https://docs.sonarqube.org/latest/analyzing-source-code/scanners/jenkins-extension-sonarqube/#:~:text=Configure%20your%20SonarQube%20server(s,as%20a%20Secret%20Text%20credential.) for official docs of sonar qube
  • Install SonarQube Scanner Extension
    Preview
  • Now login into sonar cloud/sonar qube and generate token from Account => Security => Generate a new token
    Preview
  • Now Add SonarQube Server to Jenkins
    Preview
    Preview
  • Refer Here for the declarative pipeline to perform sonar analyis for spring petclinic
  • Refer Here for sonar qube with jenkins and Refer Here for azure devops
  • Once we scan our appliction with sonar qube we get the report which is accesible from jenkins
    Preview
    Preview
  • To make code secure organizations add more rules than what exist by default Refer Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner