Login to SonarQube and Generate Security Token
In this Lab step, you will login into the SonarQube administration web console and generate a security token that will be used within Jenkins to allow it to authenticate and connect to SonarQube.
1. The SonarQube docker container has been configured to listen for inbound connections on port 9000. Using your browser, navigate to the SonarQube home page: http://PUBLIC_IP_CICD_PLATFORM_INSTANCE:9000. Remember to use the public IP address assigned to the cicd.platform.instance EC2 instance, for example:
2. Using the SonarQube default credentials (
admin), click on the Log in menu item in the top righthand corner and enter:
Then, click on the Log in button to complete the authentication process.
3. Click Skip the tutorial on the "Welcome to SonarQube!" popup window:
4. Click on the top menu Quality Profiles option and confirm that the SonarQube Quality Profiles are loaded and available:
5. Click on the Administrator > My Account menu option, followed by clicking on the Security menu item to be taken into the Security Tokens configuration area:
6. Create a new security token giving it the name
Jenkins, click the Generate button, and then click the Copy button. Store the new security token carefully where you can reference it in the next Lab step.
7. Finally, click on the top menu Projects option. Notice that there are currently no projects listed. This is expected:
After completing the Jenkins installation and configuration (in the following Lab steps), and initiating a Jenkins CICD build of a sample Java servlet web application, you will revist this page. You will see that Jenkins automatically forwards the respective source code into SonarQube for static code analysis, resulting in a new project being registered here.
8. Leave the current SonarQube administration web console open, as you will come back to it towards the end of the Lab.
In this Lab Step, you logged into the SonarQube administration web console. You confirmed that the SonarQube Quality Profiles are loaded. Then, you generated a security token to be used later within Jenkins for authenitication purposes back into SonarQube. You will set this up in Jenkins in the next step. Finally, you confirmed that the SonarQube Projects area was empty.