{"id":6273,"date":"2021-04-27T16:50:19","date_gmt":"2021-04-27T11:20:19","guid":{"rendered":"https:\/\/opstree.com\/blog\/\/?p=6273"},"modified":"2021-05-11T17:26:58","modified_gmt":"2021-05-11T11:56:58","slug":"sonarqube-integration-with-azure-devops","status":"publish","type":"post","link":"https:\/\/opstree.com\/blog\/2021\/04\/27\/sonarqube-integration-with-azure-devops\/","title":{"rendered":"SonarQube Integration with Azure DevOps"},"content":{"rendered":"\n<p><strong>What is SonarQube ?<\/strong><\/p>\n\n\n\n<p>In simple words, SonarQube is an open-source tool for continuous inspection of code quality. It does static code analysis, provides a detailed report of bugs, code smells, vulnerabilities and code duplications.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>SonarQube integration with Azure DevOps<\/strong><\/p>\n\n\n\n<p>We can utilize built-in Azure DevOps tasks for SonarQube which helps us to incorporate this tool into our CI\/CD pipelines. We will learn that with a use case.<\/p>\n\n\n\n<p><strong>Lets begin \ud83d\ude42<\/strong><\/p>\n\n\n\n<!--more-->\n\n\n\n<p><strong>Step 1:<\/strong> Launch a windows virtual machine. (I used Azure for launching the machine, you can use your favorite cloud provider)<\/p>\n\n\n\n<p><strong>Step 2:<\/strong> Install SonarQube into the machine. Here we have two options:<\/p>\n\n\n\n<ul><li>Either we can install sonarqube on our own machine.<\/li><li>Or you can also utilize public sonarqube hosted solution which is&nbsp;<strong><em>sonarcloud<\/em><\/strong><\/li><\/ul>\n\n\n\n<p>I am following the 1st option.<\/p>\n\n\n\n<p><strong>Step 3:<\/strong> <a rel=\"noreferrer noopener\" href=\"https:\/\/www.sonarqube.org\/downloads\/\" target=\"_blank\">Download Sonarqube<\/a> community edition zip file from the following link:  <\/p>\n\n\n\n<p><strong>Step 4:<\/strong> Once the file is downloaded and extracted, navigate to the below directory and run <em>StartSonar.bat<\/em> file.<\/p>\n\n\n\n<p><em>C:\\sonarqube\\bin\\windows-x86-64\\StartSonar.bat<\/em><\/p>\n\n\n\n<p><strong>Note: <\/strong>Jdk 11 need to be installed in the machine before launching the  <em>StartSonar.bat<\/em> file.<\/p>\n\n\n\n<p><strong>Step 5:<\/strong> Once the above step is done, hit the <em>URL: http:\/\/localhost:9000\/<\/em> and you should be able to see the dashboard.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2021\/03\/image-19.png?w=1024\" alt=\"\" class=\"wp-image-6290\" width=\"700\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Step 6:<\/strong> Now, we need to open port 9000 (which is by default) of our virtual machine so that Azure DevOps agent can reach out to this machine and able to establish connection.<\/p>\n\n\n\n<p>Also, by opening this port, you will be able to access the SonarQube dashboard using the public IP of your machine in which you installed SonarQube.<\/p>\n\n\n\n<p><em>http:&lt;public IP of the machine&gt;:9000<\/em><\/p>\n\n\n\n<p><strong>Step 7:<\/strong> Steps to open port in the machine: <\/p>\n\n\n\n<p><em>Go to Networking&#8211;&gt; Select Inbound Rule&#8211;&gt; Click Add Inbound Rule&#8211;&gt; Fill in the details (take help from below snapshot)<\/em><\/p>\n\n\n\n<p>Hit the URL  <em>http:&lt;public IP of the machine&gt;:9000<\/em> and you should be able to see the dashboard in your browser.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized is-style-default\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2021\/03\/image-23.png?w=973\" alt=\"\" class=\"wp-image-6318\" width=\"700\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>Note: In case you are using any machine on AWS or any other cloud provider, steps may differ.<\/p>\n\n\n\n<p><strong>Step 8:<\/strong> Now we have everything in place. We can start building our CI pipeline.<\/p>\n\n\n\n<p><strong>Step 9:<\/strong> Go to your Azure DevOps project and take an empty job. We will add sonarQube tasks in pipeline in the next step.<\/p>\n\n\n\n<p>Also, here I have used Maven POM.xml file as source code in my Azure Repos. You can take your own and move ahead with that. Else, you can also take .NET C#  code. In that case, there will be a minor change in the pipeline configuration which I will tell in future steps.<\/p>\n\n\n\n<p><strong>Step 10:<\/strong> Let us start building the CI pipeline. <\/p>\n\n\n\n<ul><li>Add <strong><em>Prepare analysis on SonarQube<\/em> <\/strong>task in the pipeline. This task configures required settings before executing the build. It is a kind of initialization of sonarqube in the pipeline.<\/li><\/ul>\n\n\n\n<p>Following details need to be passed in this task:<\/p>\n\n\n\n<p>Sonarqube server endpoint: This is a service connection which you need to create between Azure DevOps agent and sonarqube. You need to pass server URL (http:\/\/&lt;public ip of virtual machine&gt;:9000\/) and authentication token. (go to My Account &gt; Security &gt; Generate Tokens in sonarqube dashboard)<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"464\" height=\"600\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2021\/03\/image-24.png?w=464\" alt=\"\" class=\"wp-image-6322\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>Choose the way to run the analysis: I have taken &#8216;Integrate with Maven or Gradle&#8217;.<\/p>\n\n\n\n<p>In case you have C# code, you can choose &#8216;Integrate with MS Build&#8217; option.<\/p>\n\n\n\n<p>Leave rest of the fields to default.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<ul><li>Add <strong><em>Maven POM.xml task<\/em><\/strong> in the pipeline. Again, since my code is a POM.xml file, so I have used this task. You can choose the task depending on your code.<\/li><\/ul>\n\n\n\n<p> Following details need to be passed in this task: <\/p>\n\n\n\n<p>Goal: Maven has its own build lifecycle to deploy and distribute the target project. Each phase is a sequence of goals, and each goal is responsible for a specific task. I have used &#8216;test&#8217; goal. <\/p>\n\n\n\n<p>Configure advanced options section as per below snippet.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"429\" height=\"460\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2021\/03\/image-25.png?w=429\" alt=\"\" class=\"wp-image-6326\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>In code analysis section, tick mark <em>Run SonarQube or SonarCloud analysis<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"576\" height=\"314\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2021\/03\/image-26.png?w=576\" alt=\"\" class=\"wp-image-6328\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<ul><li>Add <strong><em>Run Code Analysis<\/em><\/strong> in the pipeline. &nbsp;This task executes the analysis of source code.<br>Leave the fields to default.<\/li><\/ul>\n\n\n\n<ul><li>Add <strong><em>Publish Gate Quality Result task<\/em><\/strong> in the pipeline. This task publishes the scan result as summary in build results page. This step is optional.<br>Leave the fields to default.<\/li><\/ul>\n\n\n\n<p>Finally, your pipeline will look like this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2021\/03\/image-27.png?w=1024\" alt=\"\" class=\"wp-image-6330\" width=\"700\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Step 11:<\/strong> Trigger your pipeline and once it succeeds, you should be able to see the full code scan report in sonarqube.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2021\/03\/image-29.png?w=900\" alt=\"\" class=\"wp-image-6337\" width=\"700\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/opstree.com\/blog\/\/wp-content\/uploads\/2021\/03\/image-28.png?w=1024\" alt=\"\" class=\"wp-image-6332\" width=\"700\" height=\"259\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>So, we have now learnt how we can use sonarqube tasks in Azure DevOps pipelines and check our code quality.<\/p>\n\n\n\n<p>Also, if you want, you can try executing the above pipeline using YAML instead of the classic editor. <\/p>\n\n\n\n<p>Let me know in comments in case you have any issues. Suggestions from your side will be appreciated.<\/p>\n\n\n\n<p><strong>Blog Pundit:\u00a0<a href=\"https:\/\/opstree.com\/blog\/\/author\/abhishekbhardwaj510\/\"><\/a><a href=\"https:\/\/opstree.com\/blog\/\/author\/abhishekbhardwaj510\/\"><strong> <strong><a rel=\"noreferrer noopener\" href=\"https:\/\/opstree.com\/blog\/\/author\/kapendrasingh\/\" target=\"_blank\">Kapendra Singh<\/a><\/strong><\/strong><\/a><\/strong><\/p>\n\n\n\n<p>Opstree is an End to End DevOps solution provider<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link\" href=\"https:\/\/www.opstree.com\/contact-us\" target=\"_blank\" rel=\"noreferrer noopener\">CONTACT US<\/a><\/div>\n<\/div>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is SonarQube ? In simple words, SonarQube is an open-source tool for continuous inspection of code quality. It does static code analysis, provides a detailed report of bugs, code smells, vulnerabilities and code duplications. SonarQube integration with Azure DevOps We can utilize built-in Azure DevOps tasks for SonarQube which helps us to incorporate this &hellip; <a href=\"https:\/\/opstree.com\/blog\/2021\/04\/27\/sonarqube-integration-with-azure-devops\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;SonarQube Integration with Azure DevOps&#8221;<\/span><\/a><\/p>\n","protected":false},"author":197679939,"featured_media":29900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[28070474],"tags":[44070,335778,328543109,4605929,656,637195,17723313],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/DevSecOps-1.jpg","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pfDBOm-1Db","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/6273"}],"collection":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/users\/197679939"}],"replies":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/comments?post=6273"}],"version-history":[{"count":26,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/6273\/revisions"}],"predecessor-version":[{"id":6672,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/6273\/revisions\/6672"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media\/29900"}],"wp:attachment":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media?parent=6273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/categories?post=6273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/tags?post=6273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}