Setting up your SonarQube services as fragile snowflakes is both common and not a recommended technique. Any developer should be able to quickly start a personal SonarQube service as well as rely on a team’s service that matches the same behaviors. The latest SonarQube version, its plugins, and its configurations should also be easily adjustable. Your software development lifecycle processes (SDLC) should embrace the versioned configuration and deployment of SonarQube across a variety of cattle (not pets) targets.

Follow these instructions to set up a personal SonarQube engine and dashboard . With this, you have a strong, static code analysis tool backing your code all before you submit your work for a pull request. Within SonarQube there are plugins such as Checkstyle , PMD and Findbugs . The Findbugs plugin includes rules for vulnerabilities such as the OWASP top 10 .

In this lab, you will learn how to:

    ☐ Install SonarQube onto Kubernetes
    ☐ Use Helm to install SonarQube
    ☐ Configure SonarQube plugins with the chart
    ☐ Access the SonarQube Dashboard
    ☐ Analyze code and inspect results with a Gradle plugin