Automating Code Analysis by Integrating SonarQube in the Azure DevOps

Published on
May 19, 2022
Contributor
Shubham Kadam
DevOps Engineer
Subscribe to newsletter
By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share

What is SonarQube?

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities in 20+ programming languages. (Source: Wiki)

In this article, we will see how we can continuously analyse the code which is stored in Azure Repos with the help of Azure DevOps Pipelines. With every commit, the pipeline will be triggered, and new code gets pushed to SonarCloud and code analysis will be generated. This article is a step by step set of instructions for SonarQube and Azure DevOps Integration.

Before starting the actual implementation, we will need the following things to accomplish our task.

  • SonarCloud Account
  • Project in Azure DevOps to store source code

We believe you have all the above-mentioned things sorted and set up.

Setup and Requirements

SonarQube and Azure DevOps Prerequisites

To implement sonar cloud in our pipeline, we need to do some prerequisites.

Right now, we will only focus on creating them, you’ll understand the use of each and every artefact we have gathered when we will actually use them.

Following are the few things which we will need at the time of our Pipeline creation.

  • Generate a Personal access token in Azure DevOps
  • Create Organization in Sonarcloud
  • Generate a token in SonarCloud
  • Create Service Connection in Azure DevOps  

  •  Generate a Personal access token in Azure DevOps

To create an organization in SonarCloud we need to generate a ‘Personal access token’ in Azure DevOps.

  1. In Azure DevOps click on ‘User Setting’ and then ‘Personal access tokens’
  1. Click on ‘New Token’, Enter the ‘Name’ and select the ‘organization’
  1. In the ‘Scopes’ provide ‘Code (Read & Write)’
  1. Click on ‘Create’. Our token will be generated. Copy the token for later use.

  • Create Organization in Sonarcloud

  1. Visit https://sonarcloud.io/ and login  

  1. Once you are logged in click on ‘+’ in the left corner and then ‘Create New Organization’
  1. Now Enter ‘Azure DevOps organization name’  
  1. Paste ‘Personal Access Token’ which we have generated in Azure DevOps and click on ‘Continue’.
  1. In ‘Import Organization details’ click on ‘Continue’ once again.
  1. Choose ‘Free plan’ in ‘Choose a plan’ and click on ‘Create organization’

  1. Our new organization is now created successfully

  • Generate a token in SonarCloud

We need this token for the creation of a service connection in Azure DevOps.

  1. Login to https://sonarcloud.io/
  1. Click on ‘Account’ then ‘My Account’
  1. Go to ‘Security’ and give your token a name and click on the ‘Generate’ button

  1. Copy this token we will need this for further configuration

  • Create Service Connection in Azure DevOps

To create this service connection from Azure DevOps to SonarCloud.

  1. Login to Azure DevOps  
  1. Click on ‘Project Setting’ then ‘Service Connections’  
  1. After this click on ‘Create Service Connection’ and search for ‘SonarCloud’ and click on ‘Next’ button

  1. Paste the token which we have generated from Sonarcloud here and click on ‘Verify’
  1. Add the name and description at your convenience

  1. Click on ‘Verify and save’

  1. Our Service connection is ready now

We have gathered all the artefacts which are required for the creation of the pipeline, so let go ahead and create our pipeline.

Create Pipeline in Azure DevOps

  1. Go to Pipelines and click on ‘New Pipeline’

  1. Select last option ‘Use the classic editor option’
  1. Select Source, Team Project, Repository and Branch

  1. After this select ‘Empty Job’ from the template selection page.
  1. Once you are done with the above steps, you’ll see a pipeline tasks page as below.

  1. In the ‘Agent Specification’ select the appropriate version as per your requirement, in our case, we have selected the latest Ubuntu Version.
  1. Click on the ‘+’ button in front of the Agent job option.
  1. A task menu will appear search for ‘Prepare Analysis on Cloud’ and ‘Run Code Analysis’.

Now we have added all the tasks which are needed to fulfil our activity, let’s move ahead and configure this pipeline as per the requirement with the help of all the prerequisites we have gathered.

Configure task 1: Prepare analysis on SonarCloud

  1. Click on task Prepare analysis on SonarCloud
  1. Select the ‘SonarCloud Service Endpoint’ which we created earlier
  1. Along with the ‘Organization’
  1. In ‘Choose the way to run the analysis’ select ‘Use standalone Scanner’
  1. In ‘Mode’ select ‘Manually provide Configuration’
  1. Simultaneously fill following fields ‘Project Key’, ‘Project Name’, Project Version’ and ‘Sources directory root’ as per your configuration

Configure task 2: Run Code Analysis

We don't need to configure anything in this task as this task is totally dependent on Task 1. This runs the analysis prepared on SonarCloud and makes it available for users to read/download on SonarCloud.

Once all the configuration is done click on ‘Save & Queue’, cross-verify all the details, and click on ‘Save and run’ it will run our pipeline.

Voila! Our pipeline has run successfully.

To Check the Sonar Analysis login to SonarCloud and go to your Organization. You’ll see a project has been generated and inside the project you’ll find the analysis/report.

Experience Azure to build and deploy the apps your way

Contact us to start your journey today

Privacy PolicyTerms of ServiceSitemap
© 2022 Cloudaeon All Rights Reserved.