Sonar Code Scan automation by DevOps

Who will work on this

• DevOps need to Setup Sonar and configure

• Integration with Sonar and Gitlab

To enable the integration of SonarQube scan reports with GitLab merge requests, you can follow these steps:

1. Make sure that you have a SonarQube server set up and running, and that you have integrated it with your code repository in GitLab.

2. In GitLab, go to your project's settings and navigate to the "CI/CD" section.

3. Under "General pipelines settings", make sure that the "Git strategy" is set to "Merge request rebase".

4. Under "Variables", create a new variable named "SONAR_TOKEN" and set its value to your SonarQube authentication token. This token should have permission to access the SonarQube project associated with your code repository.

5. In your project's root directory, create a .gitlab-ci.yml file with the following contents:

// Some code
stages:
  - sonarqube

sonarqube:
  image: sonarsource/sonar-scanner-cli
  stage: sonarqube
  script:
    - sonar-scanner
  allow_failure: true
  only:
    - merge_requests

This YAML configuration file sets up a job named sonarqube that runs the SonarQube scanner on merge requests, using the sonarsource/sonar-scanner-cli Docker image. The only keyword ensures that the job is only run on merge requests, and the allow_failure keyword ensures that the job does not fail the pipeline if the SonarQube scan fails.

6. Save and commit the .gitlab-ci.yml file to your Git repository.

7. Create a new merge request in GitLab and ensure that the pipeline runs successfully. Once the pipeline is complete, you should see a "SonarQube" widget on the merge request page, displaying the results of the SonarQube scan.

By following these steps, you can enable the integration of SonarQube scan reports with GitLab merge requests, allowing you to track code quality and potential issues more effectively as part of your code review process