Integrating Jenkins with SonarQube provides you with an automated platform for performing continuous inspection of code for quality and security assurance.
In this lab, you will launch a Jenkins and SonarQube CICD environment using Docker containers on a provided EC2 instance. You will then configure a Jenkins build pipeline to build, compile, and package a sample Java servlet web application. The build pipeline will publish the source code into SonarQube, which in turn will perform a static analysis of the code to detect bugs, code smells, and security vulnerabilities.
This lab is aimed at DevOps and CICD practitioners, and, in particular, build and release engineers interested in managing and configuring Jenkins together with SonarQube to perform automated static code analysis.
Upon completion of this lab, you will be able to:
You should:
This lab will start with the following AWS resources being provisioned automatically for you:
To achieve the Lab end state, you will be walked through the process of:
June 21st, 2023 - Updated instructions and screenshots to reflect the latest UI
November 28th, 2022 - Updated lab to use EC2 Instance Connect and added check
January 12th, 2022 - Updated the instructions and screenshots to reflect the latest Jenkins UI
Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.
He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, Azure, GCP), Security, Kubernetes, and Machine Learning.
Jeremy holds professional certifications for AWS, Azure, GCP, Terraform, Kubernetes (CKA, CKAD, CKS).