How To Integrate SonarQube with Jenkins For Continous Code Quality Check

Hello everyone, let us see, how to integrate Sonarqube on the Jenkins console.

What is SonarQube?

SonarQube is an open-source platform for inspecting the code quality continuously. It analysis code to detect bugs, code smells, and security vulnerabilities. It provides support for around 20 programming languages.

What is Jenkins?

On the other hand, Jenkins — is an open-source automation server that enables developers around the world to reliably build, test, and deploy their software.

It facilitates continuous integration and continuous delivery (CICD process). It helps to automate the process of building, testing and deploying in a software development

So, when a continuous integration and deployment is happening through Jenkins, the SonarQube can be integrated into it for reviewing the code quality, running unit tests, etc.,

Requirements

Jenkins

SonarQube

Jenkins will provide a CLI to manage pipelines and builds.

Let’s see how to integrate SonarQube into Jenkins, in Jenkins CLI

• First, install the plugin SonarQube Scanner, in Jenkins CLI under Manage Jenkins -> Manage Plugins. The plugin can be searched under theAvailable tab.
• Need to add Sonar username and password using the kind Username with password under Manage Jenkins -> Manage Credentials (Mandatory when anonymous access is disabled.)
• Once the SonarQube Scanner plugin is installed, the option to configure the Sonar plugins is available under Manage Jenkins -> Configure System -> SonarQube servers
• Enter a name.
• Enter the sonar server URL.
• In the server, authentication token add the sonar credentials created in Manage Jenkins -> Manage Credentials.
• Save/Apply the configuration
• Then need to install SonarQube Scanner in Manage Jenkins -> Global Tool Configuration -> SonarQube Scanner. Here a heading by name ‘SonarQube Scanner’ will already be available.
• Click on the SonarQube Scanner installations button .
• Enter the name, this name will be used in Jenkins Pipeline Script.
• Make the Install Automatically checked.
• Select the SonarQube Scanner version need to be installed
• Save/Apply the configuration

That’s it SonarQube is integrated with Jenkins.

Next, we will look into the pipeline scripts to process the code into Sonar automatically.

Jenkins Pipeline Script

• Create a property file in your project to store the Sonar properties like Sonar server URL, authentication details, etc. Say you can have a filename as ‘sonar-project.properties ’. This file will be read into the Pipeline script. Find below the sample content. Or you can also directly use the below contents into the pipeline script without having it in a file by maintaining them as constants.

# Required Sonar Host URL
sonar.host.url=
sonar.login= <SONAR_AUTHENTICATION_TOKEN>
# Project Key and Project name 
sonar.projectKey=
sonar.projectName=
# Should be changed for every version release
sonar.projectVersion=
# Path to the parent source code directory.
# Example for multiple directory option, sonar.sources=srcDir1,srcDir2
sonar.sources= <Include the code path to be scanned>(For example, for Angular project it would be 'src/app/')
## Files to be excluded from sonar check
sonar.exclusions=
#Language
sonar.language=<CODE_LANGUAGE>
# Encoding of the source files
sonar.sourceEncoding=UTF-8

• Jenkins supports ‘Groovy’ script so that the following illustrated code is in Groovy language.
• Read the properties defined in the mentioned file ‘sonar-project.properties’ and store it in a variable as below,

def sonarProperties = script.readFile encoding: 'UTF-8', file: "${SONAR_PROP_FILEPATH}"

• Load the contents in the file as properties,

Properties propSonar = new Properties();
// load a properties string
propSonar.load(new StringReader(sonarProperties));

• Now all the properties mentioned in the file can be accessed as below,

// Access sonar project key from the property file
def sonarProjectKey = propSonar.getProperty("sonar.projectKey") + "_" + key.toUpperCase();
// Access sonar project name from the property file
def sonarProjectName = propSonar.getProperty("sonar.projectName") + "-" + key;

• Next need to run the SonarQube Scanner into the pipeline script configured earlier in Jenkins console. The below code will start scanning the codebase mentioned in the properties file for the propertysonar.sources .

// The name: '<SonarQubeScanner>' should be the name mentioned while installing the `SonarQube Scanner` in Jenkins console at "Manage Jenkins -> Global Tool Configuration -> SonarQube Scanner".
def sonarqubeScannerHome = script.tool name: '<SonarQubeScanner>', type: 'hudson.plugins.sonar' +'.SonarRunnerInstallation'

Next need to process the status of the Quality gate as passed/failed to do that need to send a request as below,

//Make the script to sleep for 10 seconds and wait for SonarQube to process report for us
script.sleep 10;
def SONAR_QUALITY_GATE_API = "<SONAR_HOST_URL>/api/qualitygates/project_status?format=json&projectKey="
//Authentication: '<SonarQubeScannerUNPW>' is the credentails created for Sonar in Jenkins console at "Manage Jenkins -> Manage Credentials"
def response = script.httpRequest authentication: '<SonarQubeScannerUNPW>', acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON',url: "${SONAR_QUALITY_GATE_API}+${sonarProjectKey}"
def json = parseJSON(response.content)
def status = json['projectStatus']['status'].toString()
if (str2.toUpperCase() == status.toUpperCase()) {
  script.println("GREEN")
  script.currentBuild.result = "SUCCESS"
} else {
  script.println("RED")
  script.println("SonarQube Check FAILED")
  script.currentBuild.result = "FAILED"
  script.currentBuild.description = "Quality Gate Failed"
}