SonarQube is a SonarSource platform for continuous inspection of code quality to perform automatic reviews with static code analysis to detect various bugs, code smells, and security vulnerabilities on 20+ programming languages.
SonarQube server is available here: Install the Server. SonarSource provides examples using a standard installation with the zip file or Docker container using Docker images.
However, what about hosting SonarQube on Microsoft Azure Cloud? There are at least two possibilities, I tried both:
- Host SonarQube using Azure AppService (with Docker-Compose), navigate to the manual.
- Host SonarQube using Azure Virtual Machine (Linux, Nginx, Docker-Compose), navigate to the manual.
Additionally, a NET 6 application serves as a proxy to SonarQube API. Having man-in-the-middle is to abstract away SonarQube API, so users do not have to query SonarQube API directly using the secret key in the request.
The web application requires Docker, and currently we deploy it to the Azure App Service via CI/CD. Production requires merging a code to the master branch. SonarQube code analysis is trigerred when a code is merged from the custom branch to the development branch (dev).
There are two endpoints:
- GetMetrics - returns badge from SonarQube server for given project name and metric type. All badges have the same style.
- GetQualityGate - returns large quality gate badge from SonarQube server for given project name.
List of metric types:
- bugs
- code_smells
- coverage
- duplicated_lines_density
- ncloc
- sqale_rating
- alert_status
- reliability_rating
- security_rating
- sqale_index
- vulnerabilities