SonarQube: DevOps + Security + QA mostly used opensource tool
SonarQube is an open-source tool used for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 27+ programming languages.
Audience:
Freshers, Project managers, Developers, Architects, QA, Support Engineers, DevOps, DevSecOps, Infosec, Process engineers can master the course and excel in their careers.
Course Content:
Coding best practices.
Installation of SonarQube, Jenkins, docker, docker-compose.
Configure and connect Sonar Scanner
Installation & Configuration of ANT, Maven, Gradle, NodeJs, Python.
understanding the basic terminologies used in SonarQube.
Onboarding projects on Jenkins & SonarQube.
Integrating Jenkins Jobs to SonarQube & publishing the results of the projects for analysis.
Integrating Sonar Scanner with build tools like Ant, Maven, Gradle, NodeJs, Python, etc.
Installation of plugins in Jenkins & SonarQube.
Project Administration.
Analysis of Bugs, Vulnerabilities, Code Smells, Debt, Code Coverage, Unit/Integration test.
Configuration & Administration of SonarQube.
Configure & analyze Quality Gates and Quality Profiles
Fail SonarQube projects based on conditions of Quality gates.
Fail Jenkins projects based on conditions of Quality gates mentioned in the SonarQube project.
Learn to read and understand Complexity.
Identifying Duplicated lines, files, blocks across the projects
SonarQube Rules and Rule Templates.
Managing rules and creating custom rules with templates
Maintainability, Reliability, and Security Ratings.
Handling identified issues.
Administration tasks - Users, Groups, Permissions, token creation.
SAST analysis.
SMTP settings and notifications via email on various criteria set for projects.
Branding Image: replace the sonar image with your company's brand image.
SonarQube market place.
SonarQube system details.
Integration with real time code analysis plugins like Sonar Lint with IDEs like Eclipse