[Webinar] Code Quality & Security in your Development Workflow

What: How SonarQube Pull Request Decoration helps your development team merge clean code every time
When: 28 May, 10 a.m. CDT (time zone conversion)
Presenter: @Clint.Cameron
Registration link: https://sonarsource.zoom.us/webinar/register/4815892946695/WN_6muXxsDJTzOWUWocICOmbQ

Join us for a 30 minute live webinar on our approach to helping developers and development teams enhance their workflows and merge clean code - every time!

During this live event, Clint will explain:

  • How developers can maximize their impact while coding
  • How it all works in your development pipeline and adds value to your whole team
  • SonarQube’s integration with 4 popular ALMs: GitHub, GitLab, Atlassian Bitbucket, Azure DevOps
  • Finally, he’ll demo SonarQube in action with GitHub!

Register now to reserve your seat >>


The recording is now available on YouTube from yesterday’s webinar:

1 Like

Thanks again to everyone that joined the webinar! We didn’t a chance to answer all of your questions, however, we rounded up a bunch of them and answered them below:

ALM Integration

Q. What cloud ALMs are supported?

A. GitHub.com and Gitlab.com. Support for Bitbucket.com and Azure DevOps Services is on our roadmap for future releases.

Q. Are the ALM built-in CI tools (e.g., GitHub Actions, GitLab CI) supported?

A. Yes, SonarQube works with these - in fact, most popular CI engines are supported: https://www.sonarsource.com/why-us/integration/

Q. Do I need a Jenkins plugin to integrate with GitHub?

A. No, Jenkins support is included with SonarQube and since v8.3, SonarQube fetches environment variables from Jenkins so analysis configuration isn’t required.

Q. What versions of MS TFS (Azure DevOps Server) are supported?

A. SonarQube is compatible with Azure DevOps Server 2017 Update 2+

Q. Is AWS CodeCommit supported?

A. Here’s an AWS page that describes using SonarQube with CodeCommit: https://aws.amazon.com/blogs/devops/integrating-sonarqube-as-a-pull-request-approver-on-aws-codecommit/

Best Practices

Q. Is it recommended to analyze every PR?

A. Yes, we recommend analyzing all of your PRs. The earlier you catch issues, the easier it is to fix them!

Q. If SonarLint supports the same rules as sonarQube, why do we need both?

A. The idea is that you catch code quality issues as soon as possible. With SonarLint, you can see the issues in your IDE, as you’re coding, without having to push the code to have it analyzed by SonarQube.

Q. Where can I learn more about code quality best practices?

A. We’ve published numerous articles on our blog. We suggest you start with this one.

Product Usage

Q. How does SonarLint collaborate with SonarQube?

A. If you connect SonarLint to a project in SonarQube, it will use the same analyzers and the same rule sets to analyze code in your IDE. This ensures that the results seen in SonarLint will match as best as possible the results that you’ll have in SonarQube once you push your code. That being said, SonarLint only reads data from SonarQube, it doesn’t push anything to it.

Q. Is it possible to have SonarLint use the ruleset directly from SonarQube instead of maintaining an intermediate ruleset file?

A. Yes. If you connect SonarLint to a specific project in SonarQube, it will use the same analyzers and the same quality profile (rule set) that is assigned to that project in SonarQube.

Q. Can we integrate a single instance of SonarQube to multiple ALMs (of the same type or not)?

A. Yes, this is supported starting with SonarQube 8.1

Q. Can you integrate with JIRA and then auto create issues/tasks?

A. We don’t recommend that approach. Here’s a post as to why: JIRA plugin alternate for connecting jira to sonarqube

Q. Is it possible to use one SonarQube instance to service two different GitHub organizations?

A. Yes, it shouldn’t be a problem. Just install your GitHub App in both organizations (or alternatively create an App for each org) and configure it in SonarQube. More details here: https://docs.sonarqube.org/latest/analysis/pr-decoration/

Q. Can we have multiple long-living release branches with full analysis and PR decoration against each of them?

A. Yes, you can!

Q. Is code uploaded to SonarQube servers?

A. The code is uploaded to your SonarQube instance so that the results of the analysis are shown. It’s not available to SonarSource.


Q. Can SonarQube generate code quality reports?

A. Reporting is available starting with Enterprise Edition: https://www.sonarqube.org/enterprise-edition/


Q. What version is required for the features covered in the webinar?

A. It’s available in all currently supported versions: LTS (7.9) and later

Q. Any chance for more demos e.g., an Azure DevOps quick demo?

A. Yes, we’ll, be posting more demos on YouTube for Azure DevOps, Bitbucket and GitLab in the future.

Q. What is the difference between SonarQube and SonarCloud?

A. See this blog for key differences between SonarQube and SonarCloud: https://blog.sonarsource.com/sq-sc_guidance

Q. Can I use Community Edition for commercial usage?

A. Yes, you can. Note that the Pull Request and branch analysis features demonstrated in the webinar require Developer Edition and above.

How can I try this all out?

If you’re interested in trying out the branch/PR analysis feature, you can request a 14-day trial license for Developer Edition.

Where can I ask more questions?

If you have general questions about product features, please ask them right here in the forum!

For questions about commercial editions, including pricing or trial licenses, try one of these:

For other commercial questions, contact us here.

Happy clean coding! :sunglasses:


A post was split to a new topic: Pull request decoration with GitHub and Jenkins

A post was split to a new topic: Sample code for Gitlab integration