Day 67: Integrate SonarQube For Nodejs with Github Actions

Vishesh GhuleVishesh Ghule
3 min read

Table of contents

🚀 Introduction

In this blog, we will see how to integrate SonarQube with a Node.js project using GitHub Actions. SonarQube helps us check code quality by analyzing bugs, vulnerabilities, and maintainability issues. By connecting it with GitHub Actions, we can automatically scan the code whenever changes are pushed to the repository. This ensures that our project follows secure DevOps practices and maintains clean, reliable code.

🔸What is SonarQube and SonarCloud?

SonarQube is an open-source platform used for continuous inspection of code quality. It helps developers detect bugs, security vulnerabilities, code smells, and duplications in their projects. SonarQube can be installed locally on your system or on a server, and it supports many programming languages like Java, JavaScript, Python, C#, and more. It is often used in DevOps pipelines to ensure code quality before deployment.

SonarCloud, on the other hand, is the cloud-based version of SonarQube. Instead of setting it up manually on a server, you can directly connect your GitHub, GitLab, or Bitbucket repositories to SonarCloud. It provides the same static code analysis but with zero setup hassle since everything runs on the cloud.

🔸Where is SonarQube/SonarCloud used?

  • In CI/CD pipelines – to automatically scan code on every commit or pull request.

  • For security – to identify vulnerabilities before pushing code to production.

  • For maintainability – to reduce technical debt and keep code clean.

  • In teams – to enforce coding standards and improve collaboration.

🔸SonarQube Set-Up

  • Create organization on sonarcloud website as shown in below picture

  • SonarQube website

  • Import an organization

  • Select the repository in which you want to work on the project

  • Select Free plan

  • Select repo and Click on Set Up

  • Select Previous version and create project

  • Choose Github Actions in Analysis Method

  • Add sonarqube secret in github action. (Follow step 1 as shown in below picture)

  • Select language in which (ex- python, c, c++ ,etc) If you are doing in Nodejs select Other option as shown in below picture.

  • After selecting other option it will give some code, copy paste given code in your repo (file). (It will tell where you have copy paste that code)

  • Like copy paste the code in .github/workflow file and in sonar-project.properties

🔸Github Actions CI-CD

  • Tigger pipeline (click on run all jobs)

  • After successfully cicd runs come back on sonarqube website it will show like as shown in below picture.

🚀 Conclusion

In this blog, we successfully integrated SonarQube with our Node.js project using GitHub Actions. We set up the SonarQube server, configured the GitHub Actions pipeline, and generated a code quality report. With this setup, every new commit will be scanned automatically, helping us detect and fix issues early while keeping our project secure and maintainable.

Thanks for reading to the end; I hope you gained some knowledge.❤️🙌

Linkedln

Twitter

Github

1
Subscribe to my newsletter

Read articles from Vishesh Ghule directly inside your inbox. Subscribe to the newsletter, and don't miss out.

GitHubsonarqubesonarcloudgithub-actions

Written by

Vishesh Ghule
Vishesh Ghule

I'm proficient in a variety of DevOps technologies, including AWS, Linux, Python, Docker, Git/Github, Shell Scripting, Jenkins and Computer Networking. My greatest strength is the ability to learn new things because I believe there is always room for self-development