Creating and Analyzing a Project in SonarQube using Jenkins

SonarQube is an on-premise analysis tool designed to detect coding issues in 30+ languages, frameworks, and IaC platforms. By integrating directly with your CI pipeline or on one of our supported DevOps platforms, your code is checked against an extensive set of rules that cover many attributes of code, such as maintainability, reliability, and security issues on each merge/pull request.

As a core element of the Sonar solution, SonarQube completes the analysis loop to help you deliver clean co

Installing Docker

sudo apt-get install curl apt-transport-https ca-certificates software-properties-common -y

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

sudo apt update -y

apt-cache policy docker-ce

sudo apt install docker-ce -y

sudo systemctl enable docker

sudo systemctl status docker

sudo apt install docker-compose -y

Installing the SonarQube

docker run -d --name sonarqube -p 9000:9000 -p 9092:9092 sonarqube

After installing SonarQube, we will find GUI mode http://localhost:9000 and the default user and password is admin.

Creating and Analyzing a Project in SonarQube

1. Create a Local Project:

2. Log in to your SonarQube dashboard.

3. Navigate to the Projects tab and click on “Create Project.”.

4. Enter a display name for your project and click "Next.”.

Set up Project for Clean as You Code:
Use the global settings and click “Create Project.”.

After creating the project, we are going to analyze code using Jenkins.

Installation

1. Install the Jenkins Extension for SonarQube via the Jenkins Update Center.

2. Configure your SonarQube server(s):

   1. Log into Jenkins as an administrator and go to Manage Jenkins > Configure System.

   2. Scroll down to the SonarQube configuration section, click Add SonarQube, and add the values you're prompted for.

   3. The server authentication token should be created as a Secret Text credential.

      Generate Tokens

• Log in to your SonarQube dashboard.

• Click on “Security”.

• Enter a display name for your project.

• Enter “Type”

• Enter “project“

• Click “Generate“

Using a Jenkins pipeline

Bellow script need to add in my Jenkinspipeline

sshTransfer(
    execCommand: '''
        cd /home/services/staged/file-service && \
        docker run --rm \
        -e SONAR_HOST_URL="http://localhost:9000" \
        -e SONAR_SCANNER_OPTS="-Dsonar.projectKey=file-service" \
        -e SONAR_TOKEN="NEW_GENERATED_TOKEN" \
        -v "$(pwd):/usr/src" sonarsource/sonar-scanner-cli && \
        docker compose build && \
        docker compose up -d --force-recreate
    '''
)

Here,
-e SONAR_HOST_URL=my sonarqube url -e SONAR_SCANNER_OPTS="-Dsonar.projectKey=sonarqube project name -e SONAR_TOKEN="NEW_GENERATED_TOKEN"

After all of this step, we can see our project in SonarQube.