Whenever a developer writes code, he definitely wants to get his code to be analyzed before going on to production, and SonarQube being a code analysis tool helps the developer to find out bugs, vulnerabilities, code smells, code coverage, duplications, etc,. It collects and analyses source code and helps to deliver clean code. Moreover, Azure DevOps is a Microsoft product that provides automated builds and as we know Azure DevOps has multiple pipelines/repositories whose code can get analyzed using SonarQueb very easily. Although we can integrate SonarQueb with many other tools such as Github, GitLab, Bitbucket, AzureDevOps, etc,.
In this blog, we will talk about SonarQube’s integration with Azure DevOps.This allows users to maintain code quality and security in Azure DevOps repositories.SonarQube integration is compatible with both Azure DevOps Services and Azure DevOps Server.
Prerequisite
- SonarQube Instance
- Azure DevOps Server 2020 or Azure DevOps Server 2019
Advantages
Using this integration users will be able to perform the following things :
- Import your Azure DevOps repositories: To easily set up SonarQube projects one can import Azure DevOps repositories into SonarQube
- Analyze projects with Azure Pipelines: Users can integrate analysis into their build pipeline.
- Report your quality gate status to your pull requests: User can view the quality gate and code matric results right there in Azure DevOps to know if it’s safe to merge the changes
Importing Azure DevOps repositories into SonarQube
One can easily create a Sonar project from Azure DevOps repositories by importing the Azure DevOps pipeline into SonarQube
To set the configuration of Azure DevOps repositories:
- Setup global DevOps platform settings which is present in SonarQube
- Add a personal access token (PAT) to import repositories
Setup global DevOps platform settings which is present in SonarQube:-
Go to your SonarQube UI. Click on Administration > Configuration > General Settings. Navigate to DevOps Platform Integrations, select the Azure DevOps tab, and click the Create configuration button.
To create a configuration we need the following 3 things :
- Configuration Name: This name will be useful to identify the configuration. Prefer giving a name that can be easily recognized.
- Azure DevOps URL: If you are using Azure DevOps Server, provide your full Azure DevOps collection URL. For example, <
https://ado.your-company-name.com/DefaultCollection>. If you are using Azure DevOps Services, provide your full Azure DevOps organization URL. For example, <https://dev.azure.com/your_organization_name>.
- Personal Access Token (PAT): It’s mandatory to use an Azure DevOps account with Administrator permission. You need to create a PAT from the Azure DevOps account which should have scope authorized for Code > Read & Write for all the repositories that are intended to be analyzed.
Add a personal access token (PAT) to import repositories:-
Once the global settings are done, you can add a project from Azure DevOps to SonarQube by navigating to the home page of SonarQube and clicking on Add project button present in the top right corner. Select Azure DevOps from the dropdown It will ask you to provide a PAT with Code (Read & Write) scope which helps SonarQube to access and list Azure DevOps projects. After the PAT is entered, you will be able to see all Azure DevOps projects that you can set up and add to SonarQube.
Conclusion:-
On following the above-mentioned approach you can easily integrate SonarQube with Azure DevOps which will definitely help developers to run code analysis, view quality gate and code matrix results right there in Azure DevOps, based on this developers will get to know if it is safe to merge the changes.
References:-
- https://docs.sonarqube.org/latest/devops-platform-integration/azure-devops-integration/
- https://learn.microsoft.com/en-us/previous-versions/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=tfs-2017&tabs=Windows