Skip to content

Integrating SonarQube

Jump to bottom
mohanpaladugu edited this page Apr 1, 2022 · 2 revisions

What is Sonar Qube​

SonarQube is a web-based open-source platform used to measure and analyze the source code quality.​ SonarQube is written in java, but it can analyze and manage code of more than 30 programming languages, including c/c++, PL/SQL, JSON, JavaScript etc. through plugins.​ Plugins extend the functionality of SonarQube. More than 50 plugins are available. SonarQube is maintained by Sonar Source​

Sonar Qube covers the below sections of code quality:​

  1. Unit tests​
  2. Duplicated code​
  3. Potential bugs​
  4. Complex code​
  5. Coding standards​
  6. Comments​

SonarQube receives files as an input and analyzes them . Then calculates a set of metrics and then stores them in a database and shows results on dashboard. This recursive implementation helps in analysis of code quality and how code improves over time​

Benefits of using SonarQube :​

Detects And Alerts:​ SonarQube reduces the risk of software development within a very short amount of time. It detects bugs in the code automatically and alerts developers to fix them before rolling it out for production.​

Sustainability:​ SonarQube significantly increases the lifetime of applications by reducing complexities, duplications and potential bugs in the code, by keeping neat and clean code architecture and increased unit tests. SonarQube increases maintainability of the software.​

Productivity: SonarQube increases productivity by enabling development teams to detect duplication and redundancy of code. SonarQube facilitates the team members to reduce code complexity, maintenance time and cost and make code easy to read and understand.

Increase Developer Skills:​ SonarQube provides enormous value to the development teams. The development teams receive regular feedbacks on quality issues, and it helps them increase their programming skills. SonarQube helps developers to understand the quality of their software and ensures the transparency of code.​

Sonar cloud Login Page​

Signup with any one of the Providers credentials

After signup success you will navigate to Homepage.​

Select the project from your select repositories to analyze

Generating the Sonar token:​

By using token users don't need to provide a password (so when running analyses on your code, the property sonar. Password is optional). Using a token is the preferred method over using a login and password.​

You can generate new tokens at User > My Account > Security​

Revoking a token​

​You can revoke an existing token at User > My Account > Security by clicking the Revoke button next to the token.​

How to Integrate the sonar cloud with GitHub Action​

In GitHub Actions secrets user need to configure sonar token which was generated in sonar qube tool. ​

Create SonarQube workflow in github action​

Run the workflow in github action​​

Check the generated report in Sonar Cloud​

Clone this wiki locally