TL;DR: code example to build your own SonarQube server with TLS activated to proactively scan your code for quality, test coverage and security breaches
SonarQube is a well known tool for improving code quality and code security. It has capabilities to scan code on real time using command-line commands and therefore is a great piece of software to add to our pipelines. Using it continuously we make one important step towards security for the software we produce.
All the code for this demo is available here: https://github.com/guisesterheim/sonar_ansible
This code installs Sonar on a given instance based on Ubuntu Server 18. The repo has code examples to be run on Microsoft Azure but will work with no issues in any other cloud provider that provides Ubuntu Server 18 as a base image just like AWS.
First, fix the specifics
This installation is very independent. The app layer (SonarQube) is well separated from the data layer (postgres database). Also, it allows enabling TLS out of the box, and therefore all the information for this connection to run must be passed as parameters.
Search globally for the following strings and replace the values with your information:
Second, run Sonar installation
I’m not gonna dive deep on the installation driven by Ansible here because I’ve already done it here. So follow the step 1 “How to run it” and for your own internal tests you should be fine with Vagrant section of step 1.
Third, let’s use Sonar
If you’ve used Vagrant, you’re gonna have a SonarQube up and running on port 5555. Use admin/admin as Sonar’s default user and password so you can get in and change your configurations