Secure Code Quality Tools SonarQube, Snyk, and Checkmarx for Devs and QA

Inquire now

Duration 3 days – 21 hrs

 

Overview

 

This hands-on training introduces SonarQube for static code analysis and code quality checks, Snyk for open-source dependency vulnerability scanning, and Checkmarx for advanced static application security testing (SAST). Participants will learn how to integrate these tools into CI/CD pipelines to detect issues early and ensure secure, maintainable, and compliant code. The course emphasizes DevSecOps best practices tailored to development and QA teams.

 

Objectives

  • Understand the principles of code quality and application security.
  • Use SonarQube to identify and fix code smells, bugs, and security hotspots.
  • Use Snyk to scan for vulnerabilities in open-source libraries and containers.
  • Use Checkmarx for comprehensive static code analysis.
  • Integrate all tools into CI/CD pipelines for automated scanning and reporting.
  • Interpret scan results and remediate findings in real-world projects.

 

Audience

 

  • Software Developers
  • QA Engineers
  • DevSecOps Engineers
  • Software Architects
  • Team Leads and Technical Managers involved in secure SDLC

 

Pre-requisites

  • Basic knowledge of software development lifecycle
  • Familiarity with Git, CI/CD, and IDEs
  • Understanding of source code and dependency management
  • (Optional) Familiarity with JavaScript, Java, Python, or similar languages

 

Content

 

Day 1: Code Quality & Static Analysis with SonarQube

 

Introduction to Code Quality & Technical Debt

 

  • Clean code principles
  • Role of static analysis in Dev-QA workflows

 

SonarQube Overview

 

  • SonarQube architecture: scanner, server, plugins
  • Supported languages and integration options

 

Installing and Configuring SonarQube

 

  • Local setup and connecting to projects
  • Using SonarScanner and SonarLint

 

Interpreting SonarQube Reports

 

  • Code smells, bugs, vulnerabilities, duplications
  • Quality Gates and technical debt ratio

 

Hands-on Lab

 

  • Run SonarQube analysis on a sample project
  • Interpret and fix identified issues

 

Day 2: Dependency & Container Security with Snyk

 

Introduction to Software Composition Analysis (SCA)

 

  • What are OSS vulnerabilities? CVEs and security databases
  • Why QA and Devs must monitor dependencies

 

Using Snyk CLI and Web Interface

 

  • Scanning for vulnerabilities in code, Docker, and Kubernetes
  • Understanding severity, exploit maturity, and remediation advice

 

Fixing Vulnerabilities

 

  • Auto-fix and manual patching
  • Ignoring or accepting risk where appropriate

 

Snyk Integrations

 

  • GitHub, GitLab, Jenkins, IDEs, and Docker Hub integrations
  • Managing projects and policies in Snyk dashboard

 

Hands-on Lab

 

  • Scan and fix vulnerabilities in a Node.js or Java project using Snyk

 

Day 3: Secure Code Analysis with Checkmarx + DevSecOps Integration

 

Secure Coding & Static Application Security Testing (SAST)

 

  • OWASP Top 10 and real-world risks
  • Why early detection is critical

 

Checkmarx Overview

 

  • Capabilities and scanning flow
  • Supported technologies and integration approaches

 

Using Checkmarx

 

  • Uploading projects, configuring scans, and interpreting reports
  • Understanding data flow analysis and security categories

 

CI/CD Pipeline Integration

 

  • Automating scans in Jenkins, GitLab CI, or Azure DevOps
  • Gates, thresholds, and fail criteria in pipelines

 

Hands-on Lab

 

  • Run a Checkmarx scan and configure a build breaker in a pipeline
  • Discuss and remediate issues collaboratively

 

Inquire now

Best selling courses

Duration 3 days – 21 hrs   Overview    This Portfolio Management Training Course is designed to provide banking professionals with a comprehensive understanding of how to effectively manage investment and credit portfolios. Participants will gain insights into strategic allocation, performance measurement, risk management, and optimization of banking portfolios to align with regulatory requirements and...

Duration 2 days – 14 hrs   Overview   This comprehensive Planning and Forecasting Training Course is designed to empower professionals with the tools and techniques necessary to accurately predict future outcomes and develop strategic, operational, and financial plans. The course provides a structured approach to planning and forecasting, integrating both qualitative and quantitative methods....

Duration 3 days – 21 hours   Overview   This Beginner-to-Intermediate PostgreSQL Training Course is designed to build strong foundational skills in PostgreSQL while preparing participants to confidently work with real-world database tasks in modern environments.   Participants will learn how PostgreSQL works, how to write efficient SQL queries, how to design and manage database...

RISK MANAGEMENT

Liquidity Risk Management

Duration 5 days – 35 hrs   Overview.   This Liquidity Risk Management Training Course is tailored for banking professionals in the Philippines, focusing on the skills and knowledge necessary to manage liquidity risk effectively. Participants will learn how to assess liquidity risk, apply regulatory standards, and develop strategies to maintain adequate cash flow and...

Duration 5 days – 35 hrs   Overview    This 5-day advanced training course is designed for senior PMO leaders, program managers, PMO directors, and executives aiming to enhance their leadership capabilities and transform their PMOs into strategic business drivers. The course will explore advanced concepts in PMO strategy, digital transformation, innovation, business case development,...

TRAINOSYS CUSTOMIZED COURSE

Data Analytics from SQL to Power BI

The “Data Analytics from SQL to Power BI” training course is a comprehensive program designed to equip participants with the knowledge and skills necessary to analyze and visualize data using SQL and Power BI. Over the course of five days, participants will learn essential data analytics concepts, master SQL querying techniques for data retrieval and...

Duration 2 days – 14 hrs   Overview   This course provides a comprehensive understanding of the Anti-Money Laundering Act (AMLA) of the Philippines and techniques for identifying and handling counterfeit money. It equips participants with the knowledge to detect suspicious transactions, fulfill AML compliance obligations, and mitigate financial crime risks. Real-world case studies, regulatory...

Duration 2 days – 14 hrs   Overview   This course introduces participants to the principles and tools of data visualization and dashboard design. It focuses on transforming raw data into compelling, clear, and actionable visuals that support decision-making. Participants will explore visualization best practices, storytelling techniques, and hands-on tools (such as Excel, Power BI,...

We use cookies on our website to personalize your experience by storing your preferences and recognizing repeat visits. By clicking “Accept”, you agree to the use of all cookies. You can also select “Cookie Settings” to adjust your preferences and provide more specific consent. Cookie Policy