Sonar Qube

 SonarQube in Azure DevOps is a code quality and security analysis tool that integrates into your Azure DevOps pipelines to automatically scan your code for issues such as:

  • Code smells (bad practices)

  • Bugs

  • Vulnerabilities

  • Duplications

  • Security hotspots

  • Coverage from unit tests

πŸ” What Is SonarQube?

SonarQube is an open-source platform that:

  • Analyzes code across multiple languages (C#, Java, JavaScript, Python, etc.)

  • Enforces quality gates to fail builds if code doesn't meet standards

  • Helps teams track technical debt and improve maintainability

πŸ”§ How It Works in Azure DevOps

πŸ’‘ Use Case

When you're running a CI/CD pipeline in Azure DevOps (using YAML or classic), you want to automatically scan the code and fail the build if it doesn't meet your team’s code quality standards.

🧱 Key Components

  1. SonarQube Server:

    • Either hosted by you or use SonarCloud (SaaS version).

  2. SonarQube Extension for Azure DevOps:

    • Install from the Azure DevOps Marketplace.

  3. Pipeline Tasks:
    In your pipeline, you typically use:

    • Prepare Analysis Configuration

    • Run Code Analysis

    • Publish Quality Gate Result

✅ Example: YAML Pipeline Integration

yaml

trigger:
- main

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: SonarQubePrepare@5
  inputs:
    SonarQube: 'MySonarQubeServiceConnection'
    scannerMode: 'CLI'
    configMode: 'manual'
    cliProjectKey: 'my-project'
    cliProjectName: 'My Project'
    cliSources: '.'

- script: |
    dotnet build
  displayName: 'Build project'

- task: SonarQubeAnalyze@5

- task: SonarQubePublish@5
  inputs:
    pollingTimeoutSec: '300'

🧠 Why Use SonarQube with Azure DevOps?

FeatureBenefit
πŸ” Security ScanningIdentify vulnerabilities and security hotspots early
πŸ“ˆ Code Quality GatePrevent merging poor-quality code
πŸ” Continuous FeedbackCatch issues in pull requests
πŸ‘₯ Team MetricsMonitor technical debt, complexity, and coverage

πŸ†š SonarQube vs. SonarCloud in Azure DevOps

FeatureSonarQubeSonarCloud
HostingSelf-hostedSaaS (cloud)
IntegrationAzure DevOps, Jenkins, etc.Azure DevOps, GitHub, etc.
PricingFree (Community) / PaidFreemium
SetupMore control, more complexityEasier setup

Comments

Post a Comment

Popular posts from this blog

πŸ€– Copilot vs Microsoft Copilot vs Copilot Studio: What’s the Difference?

Microsoft’s AI-powered tools are transforming the way we work, create, and collaborate. But with all the buzz around “Copilot,” “Microsoft Copilot,” and “Copilot Studio,” it’s easy to get confused. Let’s break down what each of these really means—and when to use them. πŸš€ What Is “Copilot”? “ Copilot ” is Microsoft’s umbrella term for AI assistants built into its tools. Whether you’re in Word, Excel, or Teams, Copilot helps you do things faster —like generating text, summarizing information, analyzing data, or writing emails. Think of it like an intelligent assistant sitting next to you, helping with routine and creative tasks. πŸ” Example Copilots: Copilot in Word – Drafts documents, rewrites text, summarizes long reports. Copilot in Excel – Generates formulas, explains complex data, creates dashboards. Copilot in Teams – Summarizes meetings, drafts responses, manages tasks. πŸ‘‰ It’s not a separate product—it’s a built-in experience across Microsoft tools. 🧠 What Is Micro...
Read more

Automating Unique Number Generation in Dynamics 365 Using Plugins

Introduction When working with Dynamics 365, generating unique and sequential numbers for records such as invoices, quotes, or orders is a common requirement. Instead of manually assigning these numbers, we can use an Auto-Numbering Plugin to automate the process. In this blog, we’ll break down a C# plugin that implements this functionality in an easy-to-understand way. Why Do We Need Auto-Numbering? Manual numbering is prone to errors, duplication, and inefficiency. Automating this ensures: Unique numbering for each record Improved data consistency A structured format (e.g., INV-1001, INV-1002 ) How Does the Plugin Work? The plugin follows a structured approach to generate and assign unique numbers: Retrieve the Auto-Number Configuration Record Lock the record to prevent conflicts Increment the current number and update it Assign the new number to the created entity Let’s break down the code into simple steps. Understanding the Code Complete C# Code for Auto-Numbering Plugin...
Read more

In-Process vs Isolated Process Azure Functions: What’s the Difference?

 When building Azure Functions using .NET, one of the most important architectural choices you’ll face is deciding between In-Process and Isolated Process (Out-of-Process) hosting models. This decision impacts everything from startup time to dependency control and middleware capabilities. So let’s break it down. What is In-Process (InProc) Hosting? In the In-Process model: Your function code runs inside the same process as the Azure Functions runtime. It uses the same AppDomain and host environment . Benefits: Better performance (lower cold start time). Full access to features in the Microsoft.Azure.WebJobs SDK (like bindings, triggers, and logging). Easier to use existing .NET libraries and tools. Limitations: Tightly coupled to the Azure Functions runtime version. Less flexibility in middleware and custom startup configuration. Potential for dependency conflicts if runtime and your code use different versions of libraries. What is ...
Read more