1. Create a Jenkins CICD Pipeline with SonarQube Integration to perform Static Code Analysis

Login to SonarQube and Generate Security Token

Lab Steps

lock
Logging In to the Amazon Web Services Console
lock
Connecting to the Amazon Virtual Machine Using EC2 Instance Connect
lock
Launch Jenkins and SonarQube Docker Containers
lock
Login to SonarQube and Generate Security Token
lock
Log in to Jenkins and Complete the Default Installation
lock
Install and Configure SonarQube and Gradle Plugins
lock
Create and Execute Jenkins Pipeline Gradle Job
lock
Review SonarQube Static Analysis Report
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

Introduction

In this Lab step, you will login into the SonarQube administration web console and generate a security token that will be used within Jenkins to allow it to authenticate and connect to SonarQube.

 

Instructions 

1. The SonarQube docker container has been configured to listen for inbound connections on port 9000. Using your browser, navigate to the SonarQube home page: http:// :9000. Remember to use the public IP address assigned to the cicd.platform.instance EC2 instance, for example:

alt

2. Using the SonarQube default credentials (admin, admin), click on the Log in menu item in the top righthand corner and enter:

Login:

Copy code
admin

Password:

Copy code
admin

alt

Then, click on the Log in button to complete the authentication process. 

3. Click Skip the tutorial on the "Welcome to SonarQube!" popup window:

alt

 4. Click on the top menu Quality Profiles option and confirm that the SonarQube Quality Profiles are loaded and available:

alt

5. Click on the Administrator > My Account menu option, followed by clicking on the Security menu item to be taken into the Security Tokens configuration area:

alt

alt

6. Create a new security token giving it the name Jenkins, click the Generate button, and then click the Copy button. Store the new security token carefully where you can reference it in the next Lab step. 

alt

7. Finally, click on the top menu Projects option. Notice that there are currently no projects listed. This is expected:
 alt

After completing the Jenkins installation and configuration (in the following Lab steps), and initiating a Jenkins CICD build of a sample Java servlet web application, you will revist this page. You will see that Jenkins automatically forwards the respective source code into SonarQube for static code analysis, resulting in a new project being registered here. 

8. Leave the current SonarQube administration web console open, as you will come back to it towards the end of the Lab.

 

Summary

In this Lab Step, you logged into the SonarQube administration web console. You confirmed that the SonarQube Quality Profiles are loaded. Then, you generated a security token to be used later within Jenkins for authenitication purposes back into SonarQube. You will set this up in Jenkins in the next step. Finally, you confirmed that the SonarQube Projects area was empty.