SonarQube

SonarQube is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code.

About this workshop

The introductory page of the workshop is broken down into the following sections:

• About this workshop
• Agenda
• Compatibility
• Technology Used
• Credits

Agenda

Lab 0: Pre-work	Install SonarQube
Lab 1: Get Started with SonarQube	Get Started with SonarQube, run a simple scan with scanner-cli on the NodeGoat project.
Lab 2: Run Sonar Scanner in Tekton Pipeline	TBD
Lab 3: Add OWASP Dependency Check to SonarQube	TBD

Compatibility

This workshop has been tested on the following platforms:

• MacOS: Catalina v10.15.6
• Brave: Version 1.12.114 Chromium: 84.0.4147.135 (Official Build) (64-bit)
• SonarQube: Community EditionVersion 8.4.1 (build 35646)
• SonarScanner: 4.4.0.2170
• Java: 11.0.3 AdoptOpenJDK (64-bit)

Technology Used

• SonarQube is an automatic code review tool to detect bugs, vulnerabilities, and code smells in your code.

Credits

• Remko de Knikker