Duration 2 days – 14 hrs
Overview
This training is designed to give Developers and QA professionals a deep understanding of how to use SonarQube to ensure code quality, detect bugs, identify security vulnerabilities, and enforce coding standards. The course provides both theoretical foundations and hands-on experience in setting up, configuring, and integrating SonarQube into your software development lifecycle and CI/CD pipelines.
Objectives
- Understand the purpose and benefits of using SonarQube.
- Install and configure SonarQube for projects.
- Analyze code quality using SonarQube dashboards.
- Interpret metrics such as code smells, bugs, vulnerabilities, coverage, duplication, and maintainability.
- Customize and manage quality profiles and gates.
- Integrate SonarQube into CI/CD pipelines with tools like Jenkins, Git, and Bitbucket.
- Promote a culture of clean code and continuous inspection in development and QA teams.
Audience
- Software Developers
- QA Engineers / Testers
- DevOps Engineers (entry-level to mid-level)
- Tech Leads / Code Reviewers
- Build and Release Engineers
Pre-requisites
- Basic programming experience (Java, JavaScript, Python, etc.)
- Familiarity with version control (Git/Bitbucket)
- Understanding of basic software testing concepts
- Exposure to CI/CD concepts is helpful but not mandatory
Content
Day 1: SonarQube Fundamentals and Static Code Analysis
Introduction to SonarQube
What is SonarQube?
Role in Software Development Lifecycle (SDLC)
Key Terminologies: Issues, Rules, Profiles, Gates, Metrics
Installation and Setup
SonarQube Architecture and Components
Installing SonarQube and Scanner
Overview of Community vs Developer Editions
Static Code Analysis Basics
Running Your First Analysis (Java/.NET/JS Example)
Exploring the SonarQube Dashboard
Understanding Code Smells, Bugs, and Vulnerabilities
Quality Metrics Deep Dive
Code Coverage
Duplications
Cyclomatic Complexity
Maintainability Index
Hands-On Labs
Install and configure a local SonarQube server
Analyze a sample project
Review issues and explore dashboards
Day 2: Customization, Quality Gates, and CI/CD Integration
Managing Rules and Profiles
- Customizing Quality Profiles
- Activating/Deactivating Rules
- Creating and Managing Rule Sets per Language
Quality Gates
- Defining Thresholds
- Setting up Project Gates
- Breaking the Build on Violations
SonarQube in CI/CD Pipelines
- Integration with Jenkins
- Integration with Git/Bitbucket
- Running Sonar Scans during Pull Requests
- Automating Code Quality Checks
Security and Compliance
- OWASP Top 10 and SonarQube
- Secure Coding Practices
- Managing User Roles and Permissions
Hands-On Labs
- Customize quality profile and gate
- Integrate with Jenkins pipeline
- Generate and share reports
