🔥Trigger SonarQube Analysis from Jenkins🌟 || Part

🔥Trigger SonarQube Analysis from Jenkins🌟 || Part - 2 || engineerhoon

Рет қаралды 10,429

Күн бұрын

Пікірлер: 27

@elena_sol 11 ай бұрын

Thank you! This video was really helpful and steps are easy to follow, I've tried several tutorials but only with yours I succeeded.

@aejazawte-m4t Ай бұрын

which version of Sonarqube and Jenkins are you using in this video please answer?

@tosandeepyandra 6 ай бұрын

How do I get count of code smells, bugs count etc for all projects ? Any specific url via api? or any other way to retrieve such data ?

@Engineerhoon 6 ай бұрын

Check the Sonarqube playlist on my channel. You will find dedicated videos on these topics.

@honeypatel-v3q 9 ай бұрын

i am getting, 0 lines analyzed for .net core project in sonarqube panel. can you guide me?

@HimeshRana-m9z Жыл бұрын

can you please explain how sonar qube line of code, price of per edition, and how each edition use LOC limit is count. if we have source code of number of line (like 50 lac) then we will buy plan according to that ....then over lince limit will be over...if its over then we have again buy somthing.

@SaurabhPatil-bz3oc 6 ай бұрын

Please confirm if in sonarqube analysis shows failed then why pipeline is not getting failed?

@generalgyan8705 Жыл бұрын

Bro for every project , token should be same or it changes.

@Engineerhoon Жыл бұрын

Using a single token for all projects in SonarQube and Jenkins is not recommended for security reasons. Tokens are typically used to authenticate and authorize access to specific resources or actions. Using a single token for all projects can pose significant security risks: Lack of Granularity: A single token would provide the same level of access to all projects and actions within SonarQube and Jenkins. This means that anyone with the token would have unrestricted access to all projects, including potentially sensitive or critical ones. Difficulty in Revoking Access: If the token were compromised or if someone with access needed to have their permissions revoked, you would need to invalidate the token for all projects, affecting legitimate users and processes. Audit Trail Issues: Using a single token makes it challenging to track who performed specific actions within SonarQube and Jenkins. This can be critical for auditing and troubleshooting purposes. Limited Role-Based Access: Security best practices often involve implementing role-based access control (RBAC) to ensure that users and systems have appropriate permissions. Using a single token bypasses RBAC mechanisms. To maintain better security and access control: In SonarQube, consider creating separate tokens with appropriate permissions for each project or group of projects. This way, you can control who can access and perform actions on specific projects. In Jenkins, use built-in authentication and authorization mechanisms. Jenkins supports a wide range of authentication methods, including LDAP, Active Directory, and more. You can also set up fine-grained access control using the Role-Based Authorization Strategy plugin.

@generalgyan8705 Жыл бұрын

@@Engineerhoon Hi Bro thanks for clarifying my question. Much appreciated. Can I have your WhatsApp number Bro?

@Sathyavarun-d1i Жыл бұрын

I installed a plugin but I do not have an option( prepare SonarQube scanner environment )

@Engineerhoon Жыл бұрын

Please check Jenkins version. Try on latest. Try restarting Jenkins.

@SirJi-m6w 8 ай бұрын

ERROR: Error during SonarScanner execution ERROR: You're not authorized to analyze this project or the project doesn't exist on SonarQube and you're not authorized to create it. Please contact an administrator. -> getting this error, any idea how it can be resolved?