Difficulty: Introduction
Estimated Time: 10 minutes

SonarQube on Kubernetes

SonarQube

Setting up your SonarQube services(s) as fragile snowflakes is both common and not a recommended technique. Any developer should be able to quickly start a service or rely on a team service that matches the same behaviors. The latest SonarQube version, it's plugins and it's configurations should also be easily adjustable. Your software development lifecycle processes (SDLC) should embrace the versioned configuration and deployment of SonarQube across a variety of cattle (not pets) targets.

Follow these instructions to setup a personal SonarQube engine and dashboard. With this you have a strong static code analysis tool backing your code changes all before you submit your work for pull requests. Within SonarQube there are plugins such as for Checkstyle, PMD and Findbugs. The Fingbugs plugin includes rules for vulnerabilities such as the OWASP top 10.

You will learn how:

  • Install SonarQube onto Kubernetes
  • Use Helm to install SonarQube on Minikube
  • Configure SonarQube plugins with the chart
  • Access SonarQube Dashboard
  • Analyze code and inspect results with a Gradle plugin

SonarQube is an open source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities. -- Wikipedia

Conclusion

TODO...

Lessons Learned

With these scenarios you have learned how:

  • TODO
  • TODO
  • TODO

Additional information

Don’t stop now! The next scenario will only take about 10 minutes to complete.

SonarQube

Step 1 of 3

Kubernetes Running for You

As you see, your Kubernetes cluster based on Minikube is will be available in a moment. Verify it's ready for your use:

minikube version && minikube status && kubectl cluster-info

Notice that while Minikube is running, there is nothing deployed except for a single service/kubernetes item,

kubectl get deployments,pods,services

and no services are listed.

minikube service list --namespace default

A clean slate, let's deploy our first application.

Terminal
Kubernetes Dashboard
SonarQube Dashboard