Integrating SonarQube with Jenkins

Integrating SonarQube with Jenkins

Welcome back to the second article in our #BacktoBasics series. As many of us already know, SonarQube is an open-source tool for continuous inspection of code quality. It performs static analysis of code, thus detecting bugs, code smells and security vulnerabilities. In addition, it also can report on the duplicate code, unit tests, code coverage and code complexities for multiple programming languages. Hence, in order to achieve Continuous Integration with fully automated code analysis, it is important to integrate SonarQube with CI tools such as Jenkins. Here, we are going to discuss integrating SonarQube with Jenkins to perform code analysis.

Below are the things we will discuss in this article:

Running Jenkins and SonarQube on Docker

Enough on the introductions. Let’s jump into the configurations, shall we? First of all, let’s spin up Jenkins and SonarQube using Docker containers. Note that, we are going to use docker compose as it is an easy method to handle multiple services. Below is the content of the docker-compose.yml file which we are going to use.

docker-compose up is the command to run the docker-compose.yml file.

Note: The docker-compose command must be run from folder where the docker-compose.yml file is placed

This file, when run, will automatically host the Jenkins listening on port 8080 along with a slave.

Jenkins Hosted on Docker
Jenkins hosted using Docker

The SonarQube will be hosted listening on port 9000.

SonarQube hosted on Docker
SonarQube hosted using Docker

Configuring Jenkins for SonarQube Analysis

In order to run the SonarQube analysis in Jenkins, there are few things we have to take care before creating the Jenkins job. First of all, we need to install theSonarQube Scanner” plugin. For this, let’s go to Jenkins -> Manage Jenkins ->  Manage Plugins. There, navigate to “Available” view and look for the plugin “SonarQube Scanner”. Select the plugin and click on “Install without restart” and wait for the plugin to be installed.

Installing SonarQube Scanner Plugin
Installing SonarQube Scanner Plugin

Once the plugin is installed, we need to configure a few things in the Jenkins global configuration page.

For that, let’s click on Jenkins -> Manage Jenkins -> Configure System -> SonarQube Servers and fill in the required details.

SonarQube Server Configuration
SonarQube Server Configuration

Here,

  • Name: Anything meaningful. Eg. sonarqube
  • Server URL: <your sonarqube server url>
  • Server Authentication Token: Refer below

To get the server authentication token, login to SonarQube and go to Administration -> Security -> Users and then click on Tokens. There, Enter a Token name and click on Generate and copy the token value and paste it in the Jenkins field and then click on “Done”.

Creating Authorization Token
Creating Authorization Token

Finally, save the Jenkins Global configurations by clicking on the “Save” icon.

There is one last configuration which has to be set up. In order to run SonarQube scan for our project, we need to install and configure the SonarQube scanner in our Jenkins. For that, let’s go to Manage Jenkins -> Global Tool Configuration -> SonarQube Scanner -> SonarQube Scanner installations. Enter any meaningful name under the Name field and select an appropriate method in which you want to install this tool in Jenkins. Here, we are going to select “Install automatically” option. Then, click on “Save”.

SonarQube Scanner Configuration in Jenkins
SonarQube Scanner Configuration in Jenkins

Creating and Configuring Jenkins Pipeline Job

Since we are all set with the global configurations, let’s now create a Jenkins Pipeline Job for a simple node.js application for which code analysis will be done by SonarQube.

For that, let’s click on “New Item” in Jenkins home page and enter the job name as “sonarqube_test_pipeline” and then select the “Pipeline” option and then click on “OK”.

Creating Jenkins Pipeline job
Creating Jenkins Pipeline job

Now, inside the job configuration, let’s go to the Pipeline step and select Pipeline Script from SCM and then select Git and enter the Repository URL and then save the job.

Pipeline Job Configuration
Pipeline Job Configuration

As shown in the image, the source code is under “develop” branch of the repository “MEANStackApp”. We have also committed a Jenkinsfile there which will be the input for our pipeline job.

The Jenkinsfile has the logic to checkout the source code and for SonarQube tool to perform code analysis on the code. Below is the content of this Jenkinsfile.

Building the Jenkins Pipeline Job

Since we have configured everything, let’s build the job and see what happens. For that, click on the “Build Now” option in the job.

Building the Jenkins job
Building the Jenkins job

From the logs below, it can be seen that the Jenkins job is successful.

Logs of Jenkins Pipeline Job
Logs of Jenkins Pipeline Job

Below is the job view in Blue Ocean. Pretty, isn’t it?

Job View in Blue Ocean
Job View in Blue Ocean

To check the analysis report, let’s go to the link as shown in the build logs. The link basically points to the SonarQube server URL.

SonarQube Analysis Report
SonarQube Analysis Report

Here, it says there are no bugs and vulnerabilities in this code and the Quality Gate status looks “Passed“. Though it’s a simple app, it is good to know that code quality is good 🙂

Conclusion

We have reached the end of this article. Here, we have learned how to integrate SonarQube with Jenkins for a simple node.js app in order to perform code analysis. The same procedure can be followed for applications written in any other programming language. Here are the few example pipeline code for different technologies. The codebase used in this article is available here!

Also, have a look at our other #backtobasics article which talks about GIT branching and Merging with Jenkins Multibranch Pipeline. Please subscribe to our blog to stay up to date on any new articles and share your feedback below!