DevSecOps-2: Integrating and Running SonarQube into Azure Pipelines, and Examining The Test Results from The SonarQube Dashboard.
In this article series, I will talk about the installation, concepts, and usage of SonarQube, Trivy, OWASP Dependency Check, OWASP ZAP, and JaCoCo. Also, I will show you step-by-step how to use them in practice, with hands-on.
In this article, we will integrate the SonarQube Server with Postgresql Database into the Azure Pipeline that runs a microservice Java application in it. Then, we will create and run the Azure pipeline for SonarQube analysis. Finally, we will examine and evaluate the test results in the SonarQube dashboard.
The article will cover the following topics:
1. Integrating SonarQube into Azure DevOps Pipelines
1. a. Installing SonarQube extension for Azure DevOps
1. b. Generating a New Token for Your Project
1. c. Adding a New SonarQube Service Endpoint to Your Azure DevOps Project
2. Configuring Azure Pipelines
2. a. Creating an Azure Pipeline
2. b. Selecting Your Source Code Repo
2. c. Adding and Preparing “Maven” Task
2. d. Adding a New “Java tool installer” Task
2. e. Adding and Preparing SonarQube “Prepare Analysis Configuration” Task
2. f. Adding and Preparing “Publish Quality Gate Result” Task
2. g. Enabling Continuous Integration in Azure…