Day 67: Integrate SonarQube For Nodejs with Github Actions
#90daysofdevops
I'm proficient in a variety of DevOps technologies, including AWS, Linux, Python, Docker, Git/Github, Shell Scripting, Jenkins and Computer Networking. My greatest strength is the ability to learn new things because I believe there is always room for self-development
๐ Introduction
In this blog, we will see how to integrate SonarQube with a Node.js project using GitHub Actions. SonarQube helps us check code quality by analyzing bugs, vulnerabilities, and maintainability issues. By connecting it with GitHub Actions, we can automatically scan the code whenever changes are pushed to the repository. This ensures that our project follows secure DevOps practices and maintains clean, reliable code.
๐ธWhat is SonarQube and SonarCloud?
SonarQube is an open-source platform used for continuous inspection of code quality. It helps developers detect bugs, security vulnerabilities, code smells, and duplications in their projects. SonarQube can be installed locally on your system or on a server, and it supports many programming languages like Java, JavaScript, Python, C#, and more. It is often used in DevOps pipelines to ensure code quality before deployment.
SonarCloud, on the other hand, is the cloud-based version of SonarQube. Instead of setting it up manually on a server, you can directly connect your GitHub, GitLab, or Bitbucket repositories to SonarCloud. It provides the same static code analysis but with zero setup hassle since everything runs on the cloud.
๐ธWhere is SonarQube/SonarCloud used?
In CI/CD pipelines โ to automatically scan code on every commit or pull request.
For security โ to identify vulnerabilities before pushing code to production.
For maintainability โ to reduce technical debt and keep code clean.
In teams โ to enforce coding standards and improve collaboration.
๐ธSonarQube Set-Up
Create organization on
sonarcloudwebsite as shown in below pictureImport an organization
- Select the repository in which you want to work on the project
- Select
Free plan
- Select repo and Click on Set Up
- Select Previous version and create project
- Choose
Github Actionsin Analysis Method
Add sonarqube secret in github action. (Follow step 1 as shown in below picture)
Select language in which (ex- python, c, c++ ,etc) If you are doing in Nodejs select Other option as shown in below picture.
After selecting other option it will give some code, copy paste given code in your repo (file). (It will tell where you have copy paste that code)
Like copy paste the code in .github/workflow file and in sonar-project.properties
๐ธGithub Actions CI-CD
- Tigger pipeline (click on run all jobs)
- After successfully cicd runs come back on sonarqube website it will show like as shown in below picture.
๐ Conclusion
In this blog, we successfully integrated SonarQube with our Node.js project using GitHub Actions. We set up the SonarQube server, configured the GitHub Actions pipeline, and generated a code quality report. With this setup, every new commit will be scanned automatically, helping us detect and fix issues early while keeping our project secure and maintainable.
Thanks for reading to the end; I hope you gained some knowledge.โค๏ธ๐
