Quality mgmt tool / continuous code quality integration
-------------------------------------------------------
Quality
1. code quality
2. test quality
-> code quality:- peer code review (from seniors)
-> Static Code Review/analysis :- code would review code (code=set of rules)
note:- all the rules in one tool to give code quality.
One rule would review code
set of rules would review code
tool would review code (all rules goup it together)
- Rule--->Rules--->Tool--->code
- Rule + Rules = Tool (which would review code)
- SonarQube is a product of sonarsource developed in java,and it is platform independent.
list of static code analysis tools
----------------------------------
ReSharper.
SonarQube.
CodeScan.
FusionReactor APM.
Checkmarx.
Klocwork.
DeepSource.
Micro Focus Fortify On Demand.
- Releases:
1. Community - Free
2. Developer - Paid
3. Enterprice - Paid
- Version 9.9 LTS (Long Term Support)
Code Coverage reports nothing but test quality
SonarQube architecture(how sonar works)
======================================
1. Source Code
2. SonarQube Scanner
3. SonarQube Server
i. Rules
ii. Web Interface
iii. Data Base
SonarQube Scanner versions
--------------------------
SonarScanner for Gradle
SonarScanner for .NET
SonarScanner for Maven
Jenkins extension for SonarQube
SonarScanner for CMD
Config files
------------
sonar.properties - Server
sonar-scanner.properties - Scanner
sonar-project.properties - Code
Note:- always clone the code from github, do not download it. if you download it will not to version control.
/home/ec2-user/sonar-scanner-4.8.0/bin/sonar-scanner.bat
SonarQube::
==========
sonarqube is opensource continuous code quality integration tools with which we can identify code bugs, smells, Vulnerabilities, quality.
* open source
* it written in java and support varies languages (like C#,java,ruby,php...etc)
* it supports duplicates, unit tests(fails & success)
* code coverage
* code complexity
* bugs
* week code
6. Install sonar scanner plugin in jenkins
7. Manage Jenkins --> Configure System -> SonarQube Servers -> Add SonarQube
Note:- generate sonarqube token to connect to sonarqube from jenkins.
Go to --> administration-->security-->user-->geneate
8. Download - https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
9. Manage Jenkins --> Global Tool Configurations -> SonarQube Scanners -> Path of scanner home directory
10.Goto jenkins job -> Add new ->Build ->Add build step ->Execute SonaQube Scanner ->Analysis properties
project properties:-
# Metadata
Sonar.ProjectKey=tek
Sonar.ProjectName=tekteacher
Sonar.ProjectVersion=1.0
# Give path to src directory of maven project
Sonar.sources=target
Sonar.jacoco.reportPath=target\\coverage-reports\\src
Sonar in EC2
------------
Pre-Req:-
-------
1. - Refer:- https://docs.sonarqube.org/latest/requirements/requirements/
- SonarQube server requries at least 2GB of RAM to run efficiently and 1GB of free RAM for the OS
- Both the SonarQube server and the SonarQube scanners require Java version 11 or 17.
- free -h
- sudo yum install wget unzip -y
2. java 11 and above is the pre-req for sonarqube server
- install Java(openJdk)
- /usr/sbin/alternatives --config java
Note:- it'll show you how many java versions are installed in your machine and you can select which one want to use.
- yum install java-17-openjdk-devel -y
- java and javac (Java Compiler)
- java -version
- which java
- whereis java
- ls -l /usr/bin/java
- ls -l /etc/alternatives/java
- java path --->> /usr/lib/jvm/jre-17-openjdk-17.0.5.0.8-2.el9_0.x86_64/bin/java
- yum list installed | grep java
- JAVA_HOME: /usr/lib/jvm/java-17-openjdk-17.0.5.0.8-2.el9_0.x86_64
Steps To Install:
----------------
1. Download sonarqube server software, and unzip it
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-9.9.0.65466.zip
unzip sonarqube-9.9.0.65466.zip
mv sonarqube-9.9.0.65466.zip sonarqube-9.9.0
Note:- https://www.sonarsource.com/products/sonarqube/downloads/
2. changing the ownship, group and permissions to sonarqube-9.9.0
chown -R vmtutes:vmtutes sonarqube-9.9.0
chmod -R 775 sonarqube-9.9.0
3. as a good security pratice, sonarqube server is not advised to run sonar server as a root user.
- create Normal-user
# useradd VmTutes
- Generate Password for vmtutes
# passwd VmTutes
- add VmTutes user in "visudo" (or) /etc/sudoers file for sudo permissions
# vmtutes ALL=(ALL) NOPASSWD: ALL
- Enable "PasswordAuthentication yes" in vi /etc/ssh/sshd_config file.
- Restart the "sshd" service
# systemctl restart sshd
4. start sonar
-> su - vmtutes
-> cd sonarqube-9.9.0/bin/linux-x86-64
-> ./sonar.sh start
-> ./sonar.sh status (confirmation)
Default UserName: admin
Default Password: admin
Changed Password: root123
Note:- Default SonarQube runs on port "9000"
Note:- we can change the default port-->> Goto-> /home/vmtutes/sonarqube-9.9.0/conf/sonar.properties.
- search in sonar.properties conf file with :\sonar.web
- and uncomment #sonar.web.port=9091
Note:- administration--->> securitys-->> user-->> generate token
sqp_f37d6db9f4b350b8b41f5218b1631b2a86a5b642
Troubleshooting
---------------
sonar server is not starting?
> check whether java is installed or not by using java -version
> make sure you changed the ownship and group to /opt/sonarqube-9.2.0 for sonar user.
> make sure you trying to start sonar service with sonar user.
unable to access sonarqube server URL in browser?
> make sure the port 9000 is opened in security group in aws ec2 instance.
> " WrapperSimpleApp: Encountered an error running main: java.lang.IllegalStateException: SonarQube requires Java 11+ to run
jvm 1 | java.lang.IllegalStateException: SonarQube requires Java 11+ to run "
solution
--------
Go to--->> A:\TekTeacher\Softwares\DevOps\sonarqube-8.3.0.34182\conf/wrapper.conf
and change --->> wrapper.java.command=C:\Program Files\Java\jdk-14.0.1\bin\java
mvn clean verify sonar:sonar \
-Dsonar.projectKey=mvn-project \
-Dsonar.host.url=http://35.175.176.57:9000 \
-Dsonar.login=b1ec827375095d0d6ac725456a002bbc702b1098
console overview
----------------
project:- pass project name
issues:- once the build is completed, all the issues will appear here. usually developers will come here once their code analysis is done. and they try to fix the errors.
Rules:- pre-defined set of rules which is used to set the quality profiles.
Quality Profiles:- collection/set of rules
Quality Gates:- it will check whether the code quality is reaching threshold value
Administrator:- here you cna manage users and deleting account...etc