Static Code Analysis - SonarQube

Integrate Sonarqube scan to Opsera pipeline as a security gate.

Configuring Sonarqube to Tool Registry:

1. Click Tool Registry under Operations in Home page

2. Click New Tool to add Sonarqube

   Open

   

3.Provide a Tool name and select Sonarqube as Tool Identifier

Open

4. Provide a description and click Create .

5. In Tool Details of Sonarqube , navigate to the Connections tab and provide URL, Username and Authentication Token. (Token can be generated under profile->security->Create New Token)

6. Click Save. Navigate to usage Tab or another tab, then back to Connection tab. Click Test Connection to validate the connectivity. If tool connection is successful, you will receive the following messages:

7. Navigate to Tool Registry and choose the Jenkins tool associated with your pipeline.

8. In Jobs, click New Jobs and choose Code scan under the job type drop down

9. Click create and close the tab

10. Navigate to Pipelines to add Sonar Scan tool to pipeline for code scan.

11. Open any pipeline and Click workflow → Edit Workflow → Click + icon to add Sonarqube step

12.Provide a unique step name of your choice and choose Sonarqube in Tool drop down.

13. Click Save and Click the Setting wheel icon to add the Sonarqube Configurations from Tool Registry.

14. Choose the Jenkins tool associated to Sonar Qube Tool

15. Click Save and exit the Step configuration form.

19. Click Start Pipeline to execute the Sonarqube Step.

20. Navigate to Summary view to validate the Sonarqube Console output.

21. Click the Console Log to view the logs.

22. Click the X on top of the screen to go to the summary view to validate other stages in the pipeline.