| SonarQube Integration
|| #story 2 =>Azure + SonarCloud — Block Pull Requests for every code merge.
AzureEliminate Bugs and Vulnerabilities in your Azure DevOps repositories
2 SonarQube Reports / Why use SonarQube?
3 SonarQube integration with Azure (Extension for Azure )
4 Configure SonarQube on Azure (Config pipeline)
5 Configure SonarQube
6 Analyzing Source Code Branch
SonarQube is an open-source platform developed by SonarSource ,
It is used to inspect the source code of software and applications under development and detect bugs, security vulnerabilities, instances of duplicate code and other anomalies that may affect the quality of the source code
The goal is to help developers create better quality code, while simplifying the development process.
2-1 SonarQube Reports ?
Architecture and design of the application
Unit testing (analysis of specific parts of the code)
2–2 Why use SonarQube?
we use sonar to improve the quality of the code and there are other reasons :
Quick error detection
3 SonarQube integration with Azure
Allows you to maintain code quality and security in your Azure DevOps repositories.
4-Analyzing Source Code
Once the SonarQube platform has been installed, you’re ready to install a scanner and begin creating projects. To do that, you must install and configure the scanner that is most appropriate for your needs :
Azure DevOps — SonarQube Extension for Azure DevOps: makes it easy to integrate analysis into your build pipeline. The extension allows the analysis of all languages supported by SonarQube.
5 Configure SonarQube on Azure
For our pipeline project. We have three dependencies for tasks that we will use.
# Prepare Analysis Configuration task
- task: SonarQubePrepare@5
# Run Code Analysis task
- task: SonarQubeAnalyze@5
# Publish Quality Gate Result task
- task: SonarQubePublish@5
Quality Profiles: Are collections of rules to apply during an analysis:
For each language there is a new profile created by ou team :
1- update Rules Sonarqube
2- Create Profiles
Quality Gates :
Considers all of the quality metrics for a project and assigns a passed or failed designation for that project. We have created a 4 Quality Gates :
[Project] Ultimate Level
[Project] High Level
[Project] Medium Level
[Project] low Level
3- Create Quality Gates :
Example for Quality Gates Ultimate
Duplicated blocks (duplicated_blocks)
A number of duplicated blocks of lines.
Code Smells : Total count of Code Smell issues..
Maintainability : Rating given to your project related to the value of your Technical Debt Ratio. The default Maintainability Rating grid is:
A=0–0.05, B=0.06–0.1, C=0.11–0.20, D=0.21–0.5, E=0.51–1
The Maintainability Rating scale can be alternately stated by saying that if the outstanding remediation cost is:
<=5% of the time that has already gone into the application, the rating is A
between 6 to 10% the rating is a B
between 11 to 20% the rating is a C
between 21 to 50% the rating is a D
anything over 50% is an E
Quality Gate :
For all the conditions of your Quality Gate, you know which condition is failing and which is not.
Bugs: Number of bug issues.
A = 0 Bugs
B = at least 1 Minor Bug
C = at least 1 Major Bug
D = at least 1 Critical Bug
E = at least 1 Blocker Bug
Vulnerabilities : Number of vulnerability issues.
A = 0 Vulnerabilities
B = at least 1 Minor Vulnerability
C = at least 1 Major Vulnerability
D = at least 1 Critical Vulnerability
E = at least 1 Blocker Vulnerability
6 Analyzing Source Code Branch