What are all the basic things to be configured and noted to implement SonarQube?

I am new to SonarQube. I am using SonarQube and SonarScanner for static code analysis of our Java and React JS projects. And going to integrate the same under Jenkins. For that, I have more questions and asking only two now.

  1. What are all the basic things to be configured and noted to implement the same in the production for the first phase from a release team’s point of view?
  2. What all the important items should be considered in the analyzed project under SonarQube from the developer team’s point of view?

Hi,

Welcome to the community!

We try to keep it to one topic/question per thread. Otherwise, it can get messy, fast. I’ll give a go at answering both questions, but reserve the right to ask you to create a new thread if you have followups on both points.

There shouldn’t be too much beyond what you’ve already done in your prove-out phase. The one additional thing you’ll want to consider is whether or not a failing Quality Gate should fail your pipeline/block your release. The details of doing that will vary by CI, but you’ll find them in the docs.

Getting started, you should be good with default Quality Profiles and Quality Gate. Moving past that, you may want to take a closer look at the contents of both to make sure they fully reflect what you’re trying to accomplish. We feel most people will be good with a Quality Profile focused on New Code, for a Clean as You Code approach. Similarly, we feel the default Quality Profiles are a good fit for most people most of the time. But you may find rules, or Quality Gate conditions you want to add. When you come to that point, you’ll need to make a copy of the built-in Quality Profile / Gate (QP docs), set it as the default, and apply your changes. (You can’t make changes to the build-in ones).

 
HTH,
Ann

Thank you for the response.