Sonar is a great framework that usually is used with Jenkins to create a real CI/CD, in this post I bring the minimal things that you need to know to make it works:
Plugins
There are some plugins in Sonar that are useful to integrate with Jenkins, for example:
- Builder Breaker, used to break the build when quality gate is not reached and to assure that only good code could go to production in a CI/CD way.
Quality Profiles
There is an option to personalize which rules you can use to analyse your code. It’s possible to use many rules from different plugins:
- SonarQube (default rules)
- PMD
- Checkstyle
- FindBugs
You can create a new profile and set it as the default.
Quality Gates
You can set many conditions to alert warnings or errors using thresholds, for example:
- Blocker issues
- Comments (%)
- Coverage
- Critical issues
- Major issues
- Minor issues
- Coverage on new code
- Public documented API (%)
- Unit tests duration
It means that you can specify rules and limits for code coverage, major issues, minor issues, code complexity, bad smells, repetition of code, etc for each project. You can set many projects to one quality gate.