Performing Static Code Analysis with sonarqube
- Static Code Analysis results will check
- code quality and detect code smells
- code coverage from unit tests
- Sonarqube can be extended with custome rules
- Integrating sonar qube with jenkins Refer Here
- Refer Here for jenkins pipeline
- Pipeline
pipeline {
agent { label 'spc' }
stages {
stage('git') {
steps {
git url: 'https://github.com/spring-projects/spring-petclinic.git', branch: 'main'
}
}
stage('build with sonar') {
steps {
withSonarQubeEnv(credentialsId: 'SONAR_CLOUD', installationName: 'sonarcloud') { // You can override the credential to be used
sh '/opt/maven/bin/mvn clean package org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar -D sonar.organization=<your-project> -D sonar.projectKey=<your-token>'
}
junit testResults: '**/surefire-reports/*.xml'
archive '**/target/spring-petclinic-*.jar'
}
}
stage("Quality Gate") {
steps {
timeout(time: 1, unit: 'HOURS') {
// Parameter indicates whether to set pipeline to UNSTABLE if Quality Gate fails
// true = set pipeline to UNSTABLE, false = don't
waitForQualityGate abortPipeline: true
}
}
}
}
}
- If you are aware of Azure devops integrate sonar with azure devops Refer Here
- Refer Here for sonarscanner examples
