SonarQube (SAST + Quality ) : Complete course on SonarQube

SonarQube, Continuous Code Inspection, Quality Analysis, Static Analysis of Source Code of 27+ languages in real time .

Ratings: 3.93 / 5.00




Description

SonarQube: DevOps + Security + QA mostly used opensource tool

SonarQube is an open-source tool used for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 27+ programming languages.


Audience:

Freshers, Project managers, Developers, Architects, QA, Support Engineers, DevOps, DevSecOps, Infosec, Process engineers can master the course and excel in their careers.


Course Content:


Coding best practices.

Installation of SonarQube, Jenkins, docker, docker-compose.

Configure and connect Sonar Scanner

Installation & Configuration of ANT, Maven, Gradle, NodeJs, Python.

understanding the basic terminologies used in SonarQube.

Onboarding projects on Jenkins & SonarQube.

Integrating Jenkins Jobs to SonarQube & publishing the results of the projects for analysis.

Integrating Sonar Scanner with build tools like Ant, Maven, Gradle, NodeJs, Python, etc.

Installation of plugins in Jenkins & SonarQube.

Project Administration.

Analysis of Bugs, Vulnerabilities, Code Smells, Debt, Code Coverage, Unit/Integration test.

Configuration & Administration of SonarQube.

Configure & analyze Quality Gates and Quality Profiles

Fail SonarQube projects based on conditions of Quality gates.

Fail Jenkins projects based on conditions of Quality gates mentioned in the SonarQube project.

Learn to read and understand Complexity.

Identifying Duplicated lines, files, blocks  across the projects

SonarQube Rules and Rule Templates.

Managing rules and creating custom rules with templates

Maintainability, Reliability, and Security Ratings.

Handling identified issues.

Administration tasks - Users, Groups, Permissions, token creation.

SAST analysis.

SMTP settings and notifications via email on various criteria set for projects.

Branding Image: replace the sonar image with your company's brand image.

SonarQube market place.

SonarQube system details.

Integration with real time code analysis plugins like Sonar Lint with IDEs like Eclipse

What You Will Learn!

  • Improve Code quality of source code
  • Static Application Security Testing (SAST)
  • Coding Best Practices
  • secure coding
  • unit testing
  • intergation testing
  • coverage
  • DevOps
  • Secuity vulnerabilities testing
  • Free
  • Open Source
  • Jenkins
  • Ant
  • Maven
  • NodeJs
  • cobertura integration
  • Jacoco integration
  • Gradle
  • Python
  • SonarQube Administration
  • Quality Gate, Quality profile
  • Jenkins & SonarQube Pluggin Installation
  • Fail/Pass job based on Quality Gate Criteria
  • docker
  • docker-compose
  • containerization
  • installing docker client and engine
  • token creation, password management, user/group creation/management,
  • email notifications
  • differnce between community and enterprise edition
  • Sonar Lint
  • Sonar Cloud
  • DevSecOps
  • pen test
  • security
  • Sonar Scanner Integration with DevOps tools like Jenkins
  • Identifying Bugs, Vulnerabilities, Debt, Code Coverage and Code smells in Projects
  • Detect tricky issues, logic errors, resource leaks, null pointers during development cycle itself
  • jenkins sonarqube
  • sonarqube maven
  • learn sonarqube
  • sonarqube fasters
  • sonarqube complete guide
  • DevSecOps Bootcamp
  • sonarqube with CI/CD pipelines
  • sonarqube security vulnerabilities

Who Should Attend!

  • Developers
  • QA
  • Business Analyst
  • Support Engineers
  • Higher Management
  • Scrum Master
  • Infrastructure Engineer
  • Freshers
  • DevOps
  • InfoSec
  • Configuration Engineer
  • Architect
  • DevSecOps
  • Project Managers
  • Process engineers who wants to make continuous improvement in code quality & Security (SAST)