SonarQube analysis: From local scans to CI/CD automation
45 minutes to complete
Overview
This course provides an overview of the SonarQube analysis workflow, from local scanner execution to fully automated CI/CD pipeline integrations. This course prepares you to maintain code quality and security at scale by implementing industry-standard static code analysis practices.
Learning objectives
- Describe the five-step SonarQube analysis process.
- Explain the purpose and benefits of automated code review using static code analysis.
- Implement the SonarScanner executable on development or CI/CD hosts to manage data transmission.
- Configure analysis parameters and scope to tailor scans to specific project needs.
- Integrate SonarScanner into automated pipelines to ensure consistent code quality checks.
Key topics
- Fundamentals of static code analysis and automated code review
- The five-step logical flow of a SonarQube analysis execution
- Installation and configuration of SonarScanner CLI for Windows, Linux, and macOS
- Project configuration using the
sonar-project.propertiesfile - Management of analysis parameters and hierarchy across Global, Project, and Scanner levels
- Definition of analysis scope using inclusion and exclusion glob patterns
- Verification techniques for analysis results using debug logs and the SonarScanner Context
- Integration of SonarScanner into CI/CD platforms, including Azure DevOps, Bitbucket, GitHub Actions, and GitLab
Target audience
- Administrator
- Developer
- DevOps engineer
- Engineering leader
Prerequisites
- Access to a SonarQube Cloud or SonarQube Server instance
- Execute Analysis permissions within your SonarQube project
- A scoped organization token for SonarQube Cloud, or a global project analysis token for SonarQube Server
- A functional Linux, Windows, or Mac development environment
- Java 21JRE installed in your environment
- A project repository cloned into your local environment