The most important parts of any project are quality and security. While it’s important to have a solid user experience, it’s equally important to maintain security standards. This can be accomplished with SonarQube. This tool can be integrated with Azure DevOps to give you data where you need it, such as in your Pipeline and Pull Requests.
What is it?
SonarQube is a self-hosted code analysis services that detects issues to ensure the reliability, security, and quality of your project. It finds issues in your code and provides guidance on how to best address them. You can also use this tool to add Quality Gates to your CI/CD workflow. If the quality parameters are not passed, the job fails so you can correct it before it rushes into production. Additionally, SonarQube decorates your issues directly in your Azure DevOps Pull Requests, which will help you deal with them sooner. SonarQube is free for open-source projects; you’ll only pay when you start analyzing private repositories. In this article, we will be focusing on the cloud-hosted version of this product called SonarCloud.
How to Integrate with Azure DevOps
Integrating SonarCloud with AzureDevOps is as simple as installing the extension from the Visual Studio Marketplace and following the setup flow on SonarCloud’s website. The flow will ask you for things like your Azure DevOps Organization name and a Personal Access Token. Then, you’ll set up a SonarCloud organization and project, as well as choose a plan for your SonarCloud subscription. If all the repositories you want to analyze are public, you can choose the free plan. You’ll only pay if you analyze a private repo.
Now you’re ready to set up your analysis. To do this, follow the SonarCloud walk-through to set up scanning in Azure Pipelines. This analysis will be done during your build. You can include Quality Gates that will cause the build to fail if it does not pass the quality check. After your build runs, you’ll be able to view the Detailed SonarCloud Report in the build summary. Additionally, you can set up pull request integration that will allow the Azure DevOps UI to display when an analysis build is running. This is done by configuring your build policy in Azure DevOps, as well as giving SonarCloud access to your pull requests. The results are visible directly in Azure DevOps or on the SonarCloud dashboard.
The information provided by SonarCloud and its integration with Azure DevOps is invaluable. Now, you’ll be able to identify and repair issues faster and more efficiently. For more information about SonarCloud, or to get started today, contact our team of experts at PRAKTIK.