Showing posts with label sonar. Show all posts
Showing posts with label sonar. Show all posts

Tuesday, May 5, 2020

Creating first Jenkins pipeline: tutorial

Jenkins uses a feature called Jenkins Pipeline which is a collection of jobs that brings the software from version control into the hands of the end-users by using automation tools. They represent multiple Jenkins jobs as one whole workflow in the form of a pipeline.

In this blog, I am going to share my knowledge on how can we write multiple Jenkins jobs as a pipeline and it uses two different syntaxes i.e. Declarative and Scripted pipeline and in our examples, we're going to use the Scripted Pipeline which is following a more imperative programming model built with Groovy.

  • Code on bitbucket/GitHub
  • Jenkins Installation
  • Download required plugins to run pipelines like Pipeline, SonarQube Scanner, Check Style, Junit, Git Integration, Maven Integration.
  • Sonar up and running. 
Let’s start creating pipeline will do below tasks:
  • Clone Project from Jenkins
  • Build and run Junit test cases
  • Run Sonar
  • Run Checkstyle
  • Package it as a jar file

Configuration Steps: 
  • Let's create new Jenkins jobs. Goto Jenkins -> New Item
  • Add name under 'Enter an item name', Select pipeline as the type, and click Ok button.

  • I am skipping the description and others tab here and directly jumping to the Pipeline tab as I already discussed it in my previous blog and we can run pipeline without worrying about it.
  • Add below script and check Use Groovy Sandbox and Save it.

node {
// clone the project from Github
    git ''
//Build the project
  sh "mvn clean install"
// Run Sonar for Code Coverage
       // Ignore this stage if sonar instance is not present
stage('Sonar') {
sh "mvn sonar:sonar"
// Run code check
stage("Checkstyle") {
        sh "mvn checkstyle:checkstyle"
        step([$class: 'CheckStylePublisher',
          canRunOnFailed: true,
          defaultEncoding: '',
          healthy: '100',
          pattern: '**/target/checkstyle-result.xml',
          unHealthy: '90',
          useStableBuildAsReference: true
    //package the application
     stage('Package') {
         junit '**/target/surefire-reports/TEST-*.xml'
         archiveArtifacts 'target/*.jar'

  • To configure Sonarqube URL, Goto Jenkins -> Manage Jenkins -> Configure System and set Server URL and save it. 
  • You can see your newly created pipeline on the Jenkins dashboard

  • Click on Jenkins-pipeline-demo and then on the right side, click on Build now to build the project, to start the Jenkins pipelines.

  • Once your job is completed, you will see below screen 

  • As the final job was packing as the jar. you can see a blue downward arrow button clicking on which will download your application as a JAR file.
  • you can check the logs by clicking on the blue circle button on the left side or you can hover over a stage cell and click the Logs button.

  • To Check Sonar report, goto Sonar Server URL that you configured it. It will show you total code coverage, unused import, and bad code.

  • We had also added the Checkstyle stage to the pipeline so to check the report. Click on the Checkstyle Warning present below build now link.

  • Here we see 12 High Priority Warning browsable by clicking it. The Details tab gives you more insight into each class error. 
Conclusion :
We are able to set up a simple Jenkins pipeline to show code pull, build, to run sonar, and other code analysis tools, and as always the source code used in this project can be found over on Github.

Friday, November 1, 2019

Sonar Integration with Maven

In my previous blog, we have already seen how to setup SonarQube server on Windows 10. We have also seen that how can we generate sonar report using sonar-scanner. In this blog, I’ll show you how to generate sonar report by configuring sonar dependency to maven project. 

Steps to setup sonar in Maven

  • We have to configure pluginManagement and Profile for Sonar in pom.xml file
  • Add below pluginManagement dependency to your pom.xml 



















  • Add Profile to pom.xml file































  • Build the project, execute all the tests and analyze the project with SonarQube Scanner for Maven:
                 mvn clean verify sonar:sonar

  • Once done, Check your SonarQube which will generate the code analysis report for your current project. My project name was api-gateway so it generated with the name api-gateway.

Code Analysis using SonarScanner on Windows 10

In my previous blog, we have already seen how to setup SonarQube server on Windows 10. In this blog, I’ll show you how to generate sonar report using SonarScanner. 

Step to setup SonarQube

  • Unzip it and open which are under conf directory.
  • Edit the below lines

  • Now, go to your project folder directory, open command prompt and run sonar-scanner.bat.

  • It will do the analysis and then post the result to the SonarQube server http://locathost:9000/ having the project name as sonar key that we have configured in file.

  • You can check the JUnit test code coverage as well by clicking on Coverage.

Happy Coding..!!!

SonarQube setup on windows 10


SonarQube is an automatic code review tool to detect bugs, vulnerabilities and code smell in your code. It can integrate with your existing workflow to enable continuous code inspection across your project branches and pull requests. 


Make sure you have JAVA 11 or higher version installed on your window machine.

Step to setup SonarQube

  • Download Community edition from
  • Extract it and go to the bin folder.
  • Choose windows-x86–32 or windows-x86–64 based on your machine configuration.
  • Run StartSonar.bat which will start the SonarQube server. 
  • Open browser and hit http://localhost:9000

  • If you want, you can start the sonarQube server to a different port by just updating the port number (sonar.web.port=9070) to which is present under conf directory.
  • You can login to the portal using default credential (admin:admin).

Congratulation! SonarQube server is up and running on localhost:9000.

How TOPT Works: Generating OTPs Without Internet Connection

Introduction Have you ever wondered how authentication apps like RSA Authenticator generate One-Time Passwords (OTPs) without requiring an i...