SonarQube is a fully automated source code analysis tool that can integrate into your existing development processes and immediately reap the benefits of powerful static analysis that finds bugs, vulnerabilities, and code smells in each build. It produces interactive reports for each build and stores them in projects so you can easily track issues as you work. This SonarQube training course starts with how to build a SonarQube server. Then, it covers how to set up source code analysis with a sample project. You will learn how to analyze a build and then customize the analysis for your project’s needs. Finally, you will integrate source code analysis into a Jenkins build server.
By attending SonarQube workshop, delegates will learn to:
- Run the SonarQube Docker image and take a tour of the SonarQube UI.
- Run with embedded H2 database, and map data to external partitions.
- Run with an external database, such as a PostgreSQL Container.
- Run with docker-compose and use it to map data partitions and run a database container.
- Create a SonarQube Project and Get a Key for a Scanner
- Perform a scan from Gradle.
- Fix an issue in a SonarQube project and run a new scan.
- Alter or add a scanning rule.
- Fix a build that fails a quality gate.
- Set up Jenkins integration.
- Install SonarLint in an editor such as IntelliJ and modify some code.
- Integrate SonarQube into a CI workflow.
- Prior exposure to JAVA /J2EE, Database skills
- Some knowledge about IDE, Ant build tool
The SonarQube class is ideal for:
- Security Administrators
- Any Security Staff
- System Administrators
- DevOps Practitioners
- IT Operations Staff
- Release Engineers
- Configuration Managers
- Anyone involved with IT infrastructure
- Developers and Application Team leads
- ScrumMasters
- Software Managers and Team Leads