Installing SonarQube on AWS EC2 instance and Integrating it with AWS CodePipeline
Code Review and Analysis are one of the most important stages in any software development process and unlike earlier when we had to spend a lot of time going through all the code manually and pulling out the issues, SonarQube comes to our rescue and it’s a great Static code analysis tool which scans the code against coding standards, identifies bugs and even checks for code coverage.
SonarQube is open-source software and they’ve good documentation for integrating with various cloud providers and CI/CD tools.
But it has so no proper documentation for integrating SonarQube with AWS Codepipeline and in this article, we’ll learn how to install SonarQube on AWS EC2 instance and integrate it with AWS Codepipeline as a Code-review stage.
Note: Before, I publish this article I’ll destroy all the Resources used in this article, so please don’t try to play with any of the sensitive data present in the snapshots.
Create an EC2 Instance
Disclaimer: We need an EC2 with some higher configuration since we need Docker,docker-compose, and Sonarqube to run on a single machine and it might incur some cost if you leave the instance without terminating, so please read the last part of this article where we terminate all the resources.
Login to AWS Console and Change the region to Mumbai(ap-south-1). Go to EC2 Dashboard and click on Launch instance and select Ubuntu Server 18.04 LTS (HVM), SSD Volume Type as shown below, and click on Next.
Leave the Configure Instance details, Add Storage, Add Tags stages as defaults, and move to Configure Security Group Stage.
Configure the Security group as below and open Custom TCP 9000 port since SonarQube operates on port 9000
Click on Review and Launch and Choose an existing key pair if you’ve one or else just choose the existing Key
Click on Launch Instances.
After the Instance is Created successfully, connect to that instance through ssh using a command as below after moving to the directory where your key is downloaded.
ssh -i “sonarcube.pem” ubuntu@ec2–13–233–120–100.ap-south-1.compute.amazonaws.comOnce you are connected with the ubuntu instance we can start the actual SonarQube installation.
Installing SonarQube on Ubuntu EC2 Instance
We’ll be installing SonarQube inside docker and will use docker-compose to spin up the SonarQube Instance inside our ubuntu instance.
Paste the below commands in your ubuntu instance after connecting with it
# Install dockercurl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"sudo apt-get updateapt-cache policy docker-cesudo apt-get install -y docker-cesudo usermod -aG docker ubuntusudo systemctl status docker#Press CTRL+C or CTRL+Z to exit from the above command#Install docker composesudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose#Change permissionssudo chmod +x /usr/local/bin/docker-compose#Check the versiondocker-compose --version#Install sonarsudo sysctl -w vm.max_map_count=262144mkdir sonarwget https://raw.githubusercontent.com/awstechguide/devops/master/docker-compose.ymlsudo sucd sonardocker–compose up
Once all the above commands are executed, SonarQube will be successfully installed and will be running.
SonarQube runs on Port 9000, so in order to connect to the SonarQube Dashboard, we can use the public IP address of the Ubuntu instance with port 9000 at the end.
Go to AWS EC2 Console, select the Ubuntu EC2 you’ve created, and check for the public IP address below
You can connect with the SonarQube dashboard at http://13.232.164.32:9000/
The default credentials for the SonarQube will be as below
Username:admin
Password: admin
With the above credentials, log in to the SonarQube Dashboard, and let’s start the actual work(after changing the default password). You’ll see the below screen after logging in.
SonarQube is a static code analysis tool that can be integrated as a part of the CI/CD pipeline and before actually building the codebase we can scan the codebase for any possible bugs and security vulnerabilities and make the pipeline fail in case the code doesn’t meet the standards defined.
As a part of this exercise, we’ll be using an already built CI/CD pipeline which you can refer to from this article and we’ll add an extra stage named Code-Review for the same Pipeline.
Integrating SonarQube with AWS CodePipeline
Kindly read this article about the creating the code pipeline which we are going to use in this article
Let’s first create a project in SonarQube Dashboard where we’ll get to see all the bugs/issues and vulnerabilities.
Login to the SonarQube portal and click on Create project Manually
and click on setup, you’ll see the below screen
Choose Other CI and generate a taken by giving some token name
and click on setup and in the second stage choose your codebase Tech stack, Since I’m using Javascript, I’ll choose the same and select Linux as the Operating system since our SonarQube is running on Ubuntu instance
After choosing the OS and Techstack you’ll see a command to scan your codebase as below. Copy the same
It’ll look something like as below
sonar-scanner \
-Dsonar.projectKey=Test_Project \
-Dsonar.sources=. \
-Dsonar.host.url=http://13.232.164.32:9000 \
-Dsonar.login=84acfa305008ea2f70a3578fa5cb300b2b5acb67You can use the above command to scan your codebase and it’ll generate the sonarReport and it’ll be shown in the SonarQube Dashboard under Test_Project.
But in our use case, we have to scan the code which is being pulled by the AWS Codepipeline, so we will create one more stage in AWS Codepipeline where we will use this command to scan the code.
Go to AWS Codepipeline Console and open the already created pipeline and click on Edit as below
Add a stage after the source stage and give the stage name as Code-Review and click on Add Stage.
After the stage is created, click on addiction Group and enter the below details.
We have to create a new CodeBuild project, scroll down to the form on click on Create Project in the field of Project Name
in the BuildSpec file paste the below code
version: 0.2env:shell: bashphases:pre_build:commands:- mkdir /downloads/sonarqube -p- cd /downloads/sonarqube- wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.2.0.1873-linux.zip- unzip sonar-scanner-cli-4.2.0.1873-linux.zip- mv sonar-scanner-4.2.0.1873-linux /opt/sonar-scanner- echo -e "sonar.host.url=http://13.233.129.29:9000/ \n sonar.sourceEncoding=UTF-8 \n sonar.qualitygate.wait=true " >> /opt/sonar-scanner/conf/sonar-scanner.properties- echo -e "#/bin/bash \n export PATH='$PATH:/opt/sonar-scanner/bin'" >> /etc/profile.d/sonar-scanner.sh- source /etc/profile.d/sonar-scanner.sh- sonar-scanner -vbuild:commands:- cd ../..- cd /codebuild/output/src*/src- sonar-scanner -Dsonar.projectKey=Test_Project -Dsonar.sources=. -Dsonar.host.url=http://13.232.164.32:9000 -Dsonar.login=84acfa305008ea2f70a3578fa5cb300b2b5acb67
The last command in the above buildspec.yaml file is the once which we have copied from SonarQube Dashboard but without “\” symbols,kindly remove them before pasting it here.
and click on Continue to pipeline and click on done and finally save the pipeline.
Finally, Release the pipeline and check the code-review stage. After the code-review stage completes, you can check in the sonarQube Dashboard for the issues.
Terminating the Resources
Since the EC2 instance, we have used doesn’t come under the free tier, it will incur a charge if kept for a long time, so kindly terminate the instance if not required to save the cost.
You can go to the EC2 console and click on the Instance, go to actions->Instance State->Terminate.
