Phase 3a : Ops | Configure necessary tools in Jenkins | Integrate SonarQube

Install Java and Jenkins

Just run this code step by step it will 

sudo apt update

sudo apt install openjdk-17-jre

java -version

curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
  /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null

sudo apt-get update

sudo apt-get install jenkins

sudo systemctl start jenkins.service

sudo systemctl status jenkins

ipadress:8080

Plugins Required

Install below plugins

1 Eclipse Temurin Installer (Install without restart)

2 SonarQube Scanner (Install without restart)

3 NodeJs Plugin (Install Without restart)

4 Email Extension Plugin

Configure Java and Nodejs in Global Tool Configuration

Goto Manage Jenkins → Tools → Install JDK(17) and NodeJs(16)→ Click on Apply and Save.

Configuring SonarQube in Jenkins

Get Sonar Token

Create token from sonar and add to jenkins as below.

Sonarqube → Administration → Security → Users → Update Token → Copy the token.

Add Sonar token in Jenkins Credentials

Dashboard -> Manage Jenkins -> Credentials -> System -> Global credentials (unrestricted) → Select Secret text → add copied token under secret field and save

Sonarqube Installation in Jenkins

Go to system → search for sonar → under sonar installation add url and token adn server name.

Sonar Scanner installation in Jenkins

Goto tools → search for SonarQube Scanner installations → install automatically

Note : Name should match with the name in the jenkins files. (sonar-scanner).

Create Pipeline

Create pipeline job.

Build the project.

So far we have integrated sonarqube in jenkins for checking vulnerabilities of the code.

Now Lets integrate Trivy for container images scanning in next blog. 😁