Tuesday, February 14, 2023

How to Create Azure YAML build pipeline for SonarQube Code Scan | Automate Code Scan using SonarQube in Azure Build YAML Pipelines

Please find steps below for integrating SonarQube with Azure DevOps, Previously known as Visual Studio Team Services:


Pre-requisites:

https://marketplace.visualstudio.com/acquisition?itemName=SonarSource.sonarqube


Once added SonarQube plug-in, click on proceed to Organization..

How to integrate SonarQube with Azure DevOps:

Create Token in SonarQube to authenticate with Azure DevOps
You need to login to SonarQube using your admin password. admin/admin123 and click on Admin on your top side.
Click on My Account, Security. 
Under Tokens, Give some value for token name and choose Global analysis token, click on generate Tokens. Copy the token value generated.


Create Service Connections in Azure DevOps 

Login to Azure DevOps. Select your project dashboard.



Click on Project settings --> Service connections


click on New service connection

Type SonarQube and Click Next

Enter SonarQube server url and enter Token created 
Give name for service connection and select Grant access permission to all pipelines.
Click on Save.

Create a YAML Build Pipeline in Azure DevOps

1. Login to Azure DevOps. Go to Azure Pipelines. Click on create a new pipeline
2. Choose Azure Repos Git as our Java Web App is configured in Azure Repos
3. Choose mySonarProject as repo
4. Click on Maven
5. Now click on Show Assistant
6. Type SonarQube and select Prepare Analysis configuration task



Select SonarQube from dropdown
Choose Integrate with Maven or Gradle, click on Add
7. Now Modify path of Pom.xml to MyWebApp/pom.xml
8. Change jdkVersionOption to 1.11
9. change maven goal to install sonar:sonar


10. Now click on Save and Run pipeline.
11. Now login to SonarQube dashboard, click on Projects to the code analysis report





No comments:

Post a Comment