Saturday, April 3, 2021

Jenkins integration with SonarQube Scanner

Hello Guys, DevSecOps team members, In this post I would like to integrate Jenkins with SonarQube.  SonarQube is an open-source product for continuous inspection of code quality.  

The main objective of SonarQube to check Code Quality and provide the Code Security.
SonarQube empowers and ensure all developers to write cleaner and safer code. 
In this experiment we will be running the SonarQube on a Docker Engine.

Prerequisites

We must have following pre-requisites to do this experiment
  1. SonarQube Server installed, up and running state
  2. Jenkins installed and Master is up and running
  3. Sonar Scanner installed on same machine(container) where Jenkins build job executes

Important URLs 

The following links are very helpful while dealing with the SonarQube and its integration with Jenkins.
 Step 1: Preparing SonarQube on the Docker
You could installed Docker and it is Up and running,  then run the following docker run command to bring up the SonarQube server.
 
docker run -d --name sonarqube \
-e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true \
-p 9000:9000 sonarqube:latest

Open the 9000 port if it is not open automatically.

SonarQube Login

Please enter the default username as admin and the password as admin on the SonarQube login page.
Then immediately it will prompt for "Update your password". Here you can use the old password and new password, confirm password as per you company strong password rules.

SonarQube update password
Reset the password for SonarQube

after reset password for the SonarQube server, the web UI as shown:


SonarQube Console
SonarQube Web UI console
On the top right "Add project" or else in the middle of the work area "Create new project" button to start a project. which will be used to show up the analyzed report after SonarQube scan

Create User in SonarQube

In the SonarQube UI we will create User as "ci-admin" that can be used in the Jenkins.

In the "Administration" tab on the right side you can click on "Create User" button for creating individual user and manage.

Please enter the following fields
Login - Mandatory field the user which we can use in Jenkins
Name - Mandatory field to identify this user
Email - optional 
Password - Mandatory where this value should be strong password
SCM Account - Multiple values can be entered here using "Add" button below given to enter more GIT URLs.

SonarQube User Creation
SonarQube Administration tab select Security Create user

Click on the "Create" button on the right buttom side. 

After User creation you can see the updates as shown in the SonarQube Administration console select the tab Security and in the newly created User click on the Update Token

SonarQube Security User Token
SonarQube user token generation



Enter the required fields as expected. 
a. Enter Token Name: Jenkins CI admin
b. Generate
c. Copy the token value that can be used in the Jenkins Global credential creation scope as "secret text"

Generate Token
SonarQube User Token Generation

After Token Generation completes click on the "Done".


Running Jenkins on Docker

This step is optional step, you can have a individually Jenkins installed on your VM.
docker run --name jenkins-master -u root --rm \
 -d -p 8081:8080  -p 50001:50000 \
 -v jenkins-data:/var/jenkins_home \
 -v /var/run/docker.sock:/var/run/docker.sock \
 jenkinsci/blueocean

On the PWD automatically opens 8081 if not manually you can open that port, To view log files of Jenkins container you can run the following:
  docker logs jenkins-master
  
On the Jenkins Dashboard Sample credentials : SonarQube : admin/welcome1 Jenkins: ci-admin/welcome123

Jenkins Integration Setup for SonarQube

Step 1. Install plugin - SonarQube Scanner
Navigate to Manage Jenkins > Manage Plugin > Available > on the search for the word 'sonarqube'  select SonarQube Scanner to "Install without resart".

SonarQube Scanner plugin installation



Configure System for SonarQube

 
Step 2: Configure SonarQube Server on the Jenkins 
Manage Jenkins > Configure System > SonarQube Server 

a. Select the check box - Environment variables Enable injection of SonarQube server configuration as build environment variables 

Here you can give any name which is easy to represent that SonarQube Server. And enter the SonarQube Server URL and Save this confiburation.

SonarQube Server Configuration
Configure System on Jenkins for SonarQube Server




b. click on the 'Add SonarQube' under section SonarQube installations SonarQube URL [ You can enter your SonarQube running URL here]
http://ip172-18-0-13-c1ja09je75e000b5n1m0-9000.direct.labs.play-with-docker.com/projects 

c. Please enter the server authentication token clicks on the 'Add' button to SonarQube authentication token. 
Select the 'Secret Text' option. 
Keep in Global scope. Mandatory when anonymous access is disabled. [Remember this Token which you have generated and saved on the SonarQube console]

d. Save this SonarQube 'Configure System'.

Sonar scanner installation on Jenkins Container 


Enter into the Jenkins-master container and then do the following steps
1. Download Sonar scanner zip file
2. unzip it to /opt path rename the folder with sonar-scanner instead of having lengthy version attached.
3. modify the sonar-runner.properties file by adding following line 

Assuming you are using Docker Jenkins container so entering into the container

$ docker exec -it jenkins-master bash 
cd /tmp
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.0.2311-linux.zip
unzip sonar-scanner-cli-4.6.0.2311-linux.zip -d /opt
cd /opt
mv sonar-scanner-4.6.0.2311-linux sonar-scanner
ls # confirm
modify the properties file present in the conf folder
 vi /opt/sonar-scanner/conf/sonar-scanner.properties  
Now update the line as follows:
#----- Default SonarQube server
#sonar.host.url=http://localhost:9000
sonar.host.url=http://192.168.0.28:9000
  
update only the Default SonarQube server url line as shown above. 
Reference link : https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.0.2311-linux.zip

Global Tool Configuration

On the Global tool configuration page search for the "SonarQube Scanner" section under SonarQube Scanner Installation, Click on the   "Add SonarQube Scanner" button

 a. SonarQube Scanner Name: sonarqube-scanner 
 b. Deselect the 'Install Automatically' option. Enter the path for SONARQUBE_RUNNER_HOME /opt/sonar-scanner, make sure that correct path you have used here. 
 c. 'Apply and Save' the Global Tool configuration

Now all set to run the Jenkins Job!    

Create Jenkins FreeStyle project 

1. Create Job - Name it as 'SonarCodeAnalysisJob' 

2. Source Code management: Git Url where code resides to scan.

Example I've used:  https://github.com/BhavaniShekhar/my-app.git

 a. Please enter the Git repo URL : https://samsonawane@bitbucket.org/websym12/sampleweb.git 

 b. Add Credentials -> use Jenkins Credential provider on the pop-up window to enter the username and password for your git URL to access. then back select the newly created credentials. \


Jenkins Credentials Provider for Jenkins
Jenkins Credentials Provider for Jenkins

Select the GitHub credentials [optional if GIT repo is Public not required]

Jenkins SCM configuration Git
Git as SCM on Jenkins

3. Go to the Build section

"Execute SonarQube Scanner" Task to run JDK to be used for the sonar analysis path to project properties Analysis properties

Jenkins Build select Execute SonarQube Scanner


        #Required props as metadata
        sonar.projectKey=Vybhava
        sonar.projectName=Robotics
        sonar.projectVersion=1.0

        #Path to source code 
        sonar.sources=/var/jenkins_home/workspace/$JOB_NAME/src         
    
Additional arguments JVM Options Save the job Click on 'Build Now'.

It should trigger SonarQube Server Report


No comments:

Categories

Kubernetes (24) Docker (20) git (13) Jenkins (12) AWS (7) Jenkins CI (5) Vagrant (5) K8s (4) VirtualBox (4) CentOS7 (3) docker registry (3) docker-ee (3) ucp (3) Jenkins Automation (2) Jenkins Master Slave (2) Jenkins Project (2) containers (2) create deployment (2) docker EE (2) docker private registry (2) dockers (2) dtr (2) kubeadm (2) kubectl (2) kubelet (2) openssl (2) Alert Manager CLI (1) AlertManager (1) Apache Maven (1) Best DevOps interview questions (1) CentOS (1) Container as a Service (1) DevOps Interview Questions (1) Docker 19 CE on Ubuntu 19.04 (1) Docker Tutorial (1) Docker UCP (1) Docker installation on Ubunutu (1) Docker interview questions (1) Docker on PowerShell (1) Docker on Windows (1) Docker version (1) Docker-ee installation on CentOS (1) DockerHub (1) Features of DTR (1) Fedora (1) Freestyle Project (1) Git Install on CentOS (1) Git Install on Oracle Linux (1) Git Install on RHEL (1) Git Source based installation (1) Git line ending setup (1) Git migration (1) Grafana on Windows (1) Install DTR (1) Install Docker on Windows Server (1) Install Maven on CentOS (1) Issues (1) Jenkins CI server on AWS instance (1) Jenkins First Job (1) Jenkins Installation on CentOS7 (1) Jenkins Master (1) Jenkins automatic build (1) Jenkins installation on Ubuntu 18.04 (1) Jenkins integration with GitHub server (1) Jenkins on AWS Ubuntu (1) Kubernetes Cluster provisioning (1) Kubernetes interview questions (1) Kuberntes Installation (1) Maven (1) Maven installation on Unix (1) Operations interview Questions (1) Oracle Linux (1) Personal access tokens on GitHub (1) Problem in Docker (1) Prometheus (1) Prometheus CLI (1) RHEL (1) SCM (1) SCM Poll (1) SRE interview questions (1) Troubleshooting (1) Uninstall Git (1) Uninstall Git on CentOS7 (1) Universal Control Plane (1) Vagrantfile (1) amtool (1) aws IAM Role (1) aws policy (1) caas (1) chef installation (1) create organization on UCP (1) create team on UCP (1) docker CE (1) docker UCP console (1) docker command line (1) docker commands (1) docker community edition (1) docker container (1) docker editions (1) docker enterprise edition (1) docker enterprise edition deep dive (1) docker for windows (1) docker hub (1) docker installation (1) docker node (1) docker releases (1) docker secure registry (1) docker service (1) docker swarm init (1) docker swarm join (1) docker trusted registry (1) elasticBeanStalk (1) global configurations (1) helm installation issue (1) mvn (1) namespaces (1) promtool (1) service creation (1) slack (1)