SonarQube: DevOps + Security + QA mostly used opensource tool
SonarQube is an open-source tool used for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 27+ programming languages.
Freshers, Project managers, Developers, Architects, QA, Support Engineers, DevOps, DevSecOps, Infosec, Process engineers can master the course and excel in their careers.
- Coding best practices.
- Installation of SonarQube, Jenkins, docker, and docker-compose.
- Configure and connect Sonar Scanner
- Installation & Configuration of ANT, Maven, Gradle, NodeJs, and Python.
- understanding the basic terminologies used in SonarQube.
- Onboarding projects on Jenkins & SonarQube.
- Integrating Jenkins Jobs to SonarQube & publishing the results of the projects for analysis.
- Integrating Sonar Scanner with build tools like Ant, Maven, Gradle, NodeJs, Python, etc.
- Installation of plugins in Jenkins & SonarQube.
- Project Administration.
- Analysis of Bugs, Vulnerabilities, Code Smells, Debt, Code Coverage, Unit/Integration test.
- Configuration & Administration of SonarQube.
- Configure & analyze Quality Gates and Quality Profiles
- Fail SonarQube projects based on conditions of Quality gates.
- Fail Jenkins projects based on conditions of Quality gates mentioned in the SonarQube project.
- Learn to read and understand Complexity.
- Identifying Duplicated lines, files, and blocks across the projects
- SonarQube Rules and Rule Templates.
- Managing rules and creating custom rules with templates
- Maintainability, Reliability, and Security Ratings.
- Handling identified issues.
- Administration tasks - Users, Groups, Permissions, token creation.
- SAST analysis.
- SMTP settings and notifications via email on various criteria set for projects.
- Branding Image: replace the sonar image with your company's brand image.
- SonarQube market place.
- SonarQube system details.
- Integration with real-time code analysis plugins like Sonar Lint with IDEs like Eclipse
- Complete knowledge and practical HandsOn with SonarQube (DevOps, DevSecOps, QA, Infosec SAST tool)
- Basic IT knowledge.
- No specific requirements, everyone can learn this course from scratch.
- Introduction to development, coding practices, and hands-on with build tools will be an advantage.