Devops Exercise5

Uploaded by

manoj.professorcse

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

15 views

Devops Exercise5

Uploaded by

manoj.professorcse

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 14

Exercise5:

Module Name: Implementation of CICD with Java and open source stack Configure a static
code analyzer which willperformstatic analysisof the web application code and identifythe
coding practices that are not appropriate. Configure the profiles and dashboard of the static
code analysis tool. https://infyspringboard.onwingspan.com/web/en/app/search/learning?
lang=en&q=Implementation%20of%20CICD%20with%20Java%20and%20open%20source
%20stack&f=%7B%7D

Exercise-5
SonarQube–GetStartedwithStaticCodeAnalysis!

You are probably familiar with the termstatic code analysis, especially if you have a few years
of experience under your belt.

Andifyourejustgettingstarted,letsgo to thebeginning:

Why isitsoimportant?

Static analysis allows us to identify potential bugs, code smells and security vulnerability even
before our code goes into the production environment.

It allows us to fully enforce code quality practices across multiple teams and prevent
possibleerrors that might occur after the release.

Staticanalysisisanessentialpartoftheproductdevelopmentprocess.

There are a lot of tools that can be leveraged for this purpose today. Some of the most popular
and widely used tools areVeracodeandSonarQube. You can check out the pros and cons, as
well as user reviews for both tools hereand decide which option better suits your needs.

In this blog, we ll explainhow to set up SonarQube for.Netprojects in Microsoft Windows

environment.

Basicconfiguration

As Java run-time is the main prerequisite, the first thing we need to do is to download andinstall
a Java Development Kit (JDK).

You can run the JDK without setting theJAVA_PATHenvironment variable, or you can
optionallysetitsothatyoucanconvenientlyruntheJDKexecutablefiles
(javac.exe,java.exe,javadoc.exe) from any directory without having to type the full path of the
command. If you do not set theJAVA_PATHvariable, you need to specify the full path to the
executable file everytime yourunit.Ifyouare always lookingforwaystomakeyourworkflow more
efficient, let s choose a more practical way so you don t have to this every time.
NextstepistodownloadSonarQubeserverandextractittoaspecifiedlocatione.g. C:\
sonarqube.

Afterthis,navigatetothe“conf”sub-folderandenterapathtojavaexecutableina wrapper.conf
file

Nowtheonlythingleftistorunsonarserverfromthefollowingpath:

C:\sonarqube\bin\windows-x8664
Ifeverythinggoeswell,youshouldgetamessagethattheSonarserverisupandrunning:

Now,ifyouopenhttp://localhost:9000/addressyoullseethehomescreenfromwhichyoucan log in
and start exploring!
Althoughyoullhaveafullyfunctionalstaticanalysistoolatthispoint,keepinmindthat SonarQube uses
an embedded database. What does this mean?

Anembeddeddatabaseisusedforevaluationpurposesonly.Theembeddeddatabasewill not
scale, it will not support upgrading to newer versions of SonarQube, and there is no
support for migrating your data out of it into a different database engine.

Havingthisinmind,letsavoidtheabove-mentionedlimitationandmakeoursonarmore maintainable!

Settingupthedatabase

Inordertoavoidpossiblefutureroadblocks,weneedtosetupadatabase.WelluseMSSQL.If you don t

have it installed already, you can check the official site anddownloadthe edition that meets your
needs.

Aftersuccessfulinstallation,thefirstthingweneedtodoiscreateourdatabaseandseta proper
collation:

Dontforget:CollationMUSTbecase-sensitive(CS)andaccent-sensitive (AS)
Afterthedatabasehasbeensuccessfullycreated,weneedtocreateserverloginandauser:
Also,makesuretheuserhasDbOwnerrole:
At this point, we are almost done with the database set up. But, before we can test everything
fromSQLmanagementstudioweneedtoenableTCP/IPnetworkprotocolintheconfiguration
manager:

aswellastheSQLserverauthentication mode:
Ifyoufollowedallsteps,youshouldbeabletologintoSonarQubedatabase:
SonarQubeconfiguration

Whenweopen sonarproperties file in “conf” sub-folder, we llfind configuration sections for

database,webserver,SSOauthentication,elasticsearch,loggingandmuchmore.Inourcase, we are
only interested in database configuration so let s do the following:
AfterwerunStartSonar.batfile,SonarQubeshouldbeupandrunning! Project

analysis

Thefirstthingweneed todoistocreateanewproject:

Thenweneedtogenerateatokenthatwillbeusedforloginpurposeandalsotodownloadsonar scanner for the

targeted framework:

Nowadditspathaswellasanms-buildpathtotheenvironmentpathvariable:
Theonly thing thatsleftto donow istorungiven commands,oneafteranother,fromtheroot level of
your project: