Cloud Services

DevOps Intelligence

SonarQube configuration
Published On Oct 02, 2024 - 1:07 PM

SonarQube configuration

Learn how to configure DevOps Intelligence to collect data acquired by SonarQube, extending the single pane of glass DevOps Intelligence affords in your hybrid IT estate.
SonarQube is the leading tool for continuously inspecting the Code Quality and Security of codebases and guiding development teams during Code Reviews. For DevOps Intelligence to pull data from SonarQube, you must configure a SonarQube account.
The setup for DevOps integration with SonarQube, requires several procedures, most of which are in DevOps Intelligence, but the initial procedure requires access to the SonarQube console. Further, the following prerequisites are required:
  • SonarQube Account:
     The administrator should have an active SonarQube account on the specific SonarQube instance user want to connect to. If user don't have one, user need to sign up for a SonarQube account.
  • Access to a SonarQube Instance:
     Ensure that User have access to the specific SonarQube instance where the projects, test suites and test cases are hosted. Users need the URL or web address of the SonarQube instance user want to connect to.
  • Project Membership:
     Users must be part of the SonarQube projects user intend to access. Ensure that users have the necessary project membership to retrieve information about projects, test suites and test cases.
  • Access Policy as Platform Administrator and DevOps Intelligence Administrator:
     Ensure that the user has the necessary access policies. The user should have the Platform Administrator role to create and manage connections effectively. Users must be granted the DevOps Intelligence Administrator role, which allows them to create and manage configurations.
Review and execute the content in the following sections in the order they are presented.

Create a SonarQube token

  1. Navigate to the top right corner of the SonarQube homepage.
  2. Click on your profile picture and select
    My Account
    .
  3. Go to the
    Security
     tab.
  4. Provide the token name Click on
    Generate

Create a connection

Establishing a DevOps Intelligence connection to SonarQube is prerequisite to configuring the service. Use the following procedure:
  1. Click on
    Settings
     ->
    Service IAM
     ->
    Connections
     ->
    Add New
     ->
    Add connection
    .
  2. Choose
    Platfrom
     from the connection type dropdown list.
  3. Select
    SonarQube
    .
  4. Provide a local account name for reference.
  5. Add the Host SonarQube API URL of the SonarQube Host (e.g.,
    https://sonarqube.kyndryl.net/
    ).

Configure DevOps Intelligence for SonarQube for Secure phase

  1. Navigate to DevOps Intelligence → Settings & Utilities → Application Configurations.
  2. Select an existing application or create a new application.
  3. Navigate to
    Add Tools
     step.
  4. Select the phase as
    Secure
    . SonarQube is compatible in Test and Secure phases.
  5. Click
    Add Tool Configuration
    .
  6. Select Secure Categories
    Static Scan
    .
  7. Select SonarQube for
    Tool engine
    .
  8. Complete the required information, categorized by the three tabs:
    1. Release
      : The tool configuration inherits the release prefix and variable from the application. To override these values at the tool level, click the
      Edit
       button and make the necessary changes. Changing the values here will not affect the release prefix and variable set in the application. Data will be pulled only if releaseName can be extracted from branchName, making releaseName identical to branchName. Data will also be pulled for branches with the main parameter is set to true, apart from the identified release branches.
      • prefix
         signifies the starting sequence of characters for releases, with the default value being empty.
      • variable
         signifies the starting sequence of characters for releases, with the default value being empty.
      • DevOps Intelligence use the release ID to identify release names and the release branches.
    2. Severity
      : DevOps Intelligence considers severity category to be captured into five levels. Map your applications bug severity with predefined severity levels (BLOCKER, CRITICAL, MAJOR, MINOR, INFO)
    3. State
      :
      • Map your bug status to two states:
        Resolved
         or
        Unresolved
        .
      • Select all the bugs for which status is Resolved, all those for which bug statuses which is Unresolved.
  9. Click
    Add Configuration
    .
The presented practice is for organizations that were onboarded before 6 June 2024. If your organization was onboarded on 6 June 2024 or after, you are subject to a new process driven by a new onboarding mechanism.The configuration mechanisms that require these processes are in a transition phase driven by the fact that each tool must be individually adapted for the new mechanism, which is more efficient than the legacy mechanism. Both processes are supported until the transition of all supported tools from the old mechanism to the new mechanism is complete.
Click the following link to review the procedure for the new mechanism: Application configuration: recent customers

Configure DevOps Intelligence for SonarQube for Test phase

  1. Navigate to DevOps Intelligence → Settings & Utilities → Application Configurations.
  2. Select an existing application or create a new application.
  3. Navigate to
    Add Tools
     step.
  4. Select the phase as
    TestSecure
    . Note: SonarQube is compatible in Test and Secure phases.
  5. Press
    Add Tool Configuration
    .
  6. Select SonarQube for
    Tool engine
    .
  7. Complete the required information categorized into two tabs,
    Release
     and
    Test Analysis parameter
    . See the previous usage notes for *Release title construction. Provide the environement name to be used for analysis in
    Test Analysis
    .
  8. Click
    Add Configuration
    .

Onboard the technical service

Having configured DevOps Intelligence to pull data from SonarQube, you must now onboard it as a technical service. Take in consideration the following caveats:
  • SonarQube can be configured only at the project level.
  • Multiple metrics can be selected against projects.
  • Metrics is merely way to restrict which data is available to users for a given project.
  • SonarQube syncs only data available with connections configured against it.
  • At the project level, technical services are always configured as mutually exclusive – i.
  • If two users having the same privileges attempt to onboard technical services for the same project, only the first user is allowed to create the technical service; it will not be listed for the second user to onboard.
To onboard technical services
  1. Navigate to DevOps Intelligence → Settings & Utilities → Application Configurations.
  2. Click on Overflow menu for the chosen application and click
    Onboard Technical Service
    .
  3. Select the phase for which you want to configure SonarQube.
  4. Select
    Secure
     category.
  5. Select the tool engine as
    SonarQube
    .
  6. Connection - select the connection name from the drop down.

Deleting the SonarQube technical service

The administrator may, at will, delete the SonarQube technical service. Use the following procedure:
  1. Navigate to DevOps Intelligence → Settings & Utilities → Application Configurations.
  2. Expand the application to see all the associated phases.
  3. Click the Overflow menu associated with the phase (
    Test
     or
    Secure
    )
  4. Click on
    Delete Technical Service
    . In the case of
    Secure
     phase, you must also select the
    Secure
     category as
    Static Scan
    .
  5. Select the tool engine as SonarQube.
  6. Select the Project.
  7. Click
    Delete Technical Service
    .

Reviewing test suite data in DevOps Intelligence

After DevOps Intelligence has been fully configured, DevOps Intelligence displays all test suites being tracked by SonarQube in the table view at the bottom of the Test page. The view provides general information about each test suite such as status (how many tests were Skipped, Passed, Failed, and Blocked), Total number of tests in the suite, and the execution date.
Detailed information about each suite are available by clicking the overflow menu for that test suite and selecting
View Details
. DevOps Intelligence responds by navigating to the Details page for that suite, where additional information regarding activity and history is available. The Activity tab presents a graphic presentation of the tabular data on the table. The Historical details tab presents additional details such as Code Smells and Bugs. On both tabs you have the option of selecting a time frame for testing from the Duration control located in the upper right.
Do you have two minutes for a quick survey?
Take Survey