SonarQube - SirajChaudhary/comprehensive-example-on-microservices-using-spring-boot-with-spring-cloud GitHub Wiki

SonarQube (code quality review)

  • It is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
  • It is a quality management platform that analyzes and measures code's technical quality. It enables developers to detect code issues, vulnerabilities, and bugs in early stages.
  • It offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities.
  • It can record metrics history and provides evolution graphs. It provides fully automated analysis and integration with Maven, Ant, Gradle, MSBuild and continuous integration tools (Atlassian Bamboo, Jenkins, Hudson, etc.).
  • It integrates with Eclipse, Visual Studio, Visual Studio Code, and IntelliJ IDEA development environments through the SonarLint plug-ins.
  • It is static code analysis tool. (The static testing also called early testing happens while development of code and tools used such as SonarQube, Coverity, Pycharm whereas the dynamic testing happens while execution of code and tools used such as Selenium, CasperJS, Katalon, Etc).

SonarQube Setup

Step1: Download SonarQube https://www.sonarqube.org/success-download-community-edition/

Note: You can check prerequisites to setup SonarQube https://docs.sonarqube.org/latest/requirements/requirements/
-We need atleast JDK11 to run this bat file.
-We can use PostGre, Oracle, SQLServer RDBMS

Step2: Start SonarQube server by running 'StartSonar.bat'

Step3: Run SonarQube server 'http://localhost:9000/' with default username and password as admin

Step4: Setup to scan your microservices on sonarqube server
On SonarQube server -> click choose manually -> create a project "AirportPilotService" -> choose repository "locally" -> provide a token "something" -> continue -> select project type "maven" -> It will show one maven command as shown below which we need to run on microservice so it will be scanned to analyse for code quality by sonarqube server.

mvn clean verify sonar:sonar -Dsonar.projectKey=AirportPilotService -Dsonar.host.url=http://localhost:9000 -Dsonar.login=dd92c038614aa54b926e2b1f76cd32b32db80acd

Note: Similarly create a separate project on sonarqube server for every microservice.

Note:
-You can do more configuration on sonarqube server i.e. create sonarqube db to store code quality reports and check on sonarqube GUI.
-You can check all the logs in the logs folder
-You can enable/disable existing rules or create new rules.
-You can create custom quality gates (by defining your custom quality profiles).
-There is official docker image for SonarQube server.
-One generated token can be used for all sonar projects (microservices).

Sonarqube Server Snapshots










⚠️ **GitHub.com Fallback** ⚠️