Tag feed

#sonarqube

350 posts131 followers

Explore Hashnode

Alternatives

Trending tags this week

SPSAI PRANEETH BHATTUsaipraneethbhattu.hashnode.devJun 12 · 10 min read

Integrating SonarQube with Jenkins for Continuous Code Quality Analysis

What SonarQube Actually Does SonarQube is an open-source platform for continuous code quality and security. When it scans your code, it looks for: Bugs - code that will likely produce incorrect behav

0

PKPravin Khandkepravin-khandke.hashnode.devMay 4 · 10 min read

Clean Code at Scale: How Sonar Became Our Silent Reviewer

The pull request was three hundred lines of Java, touching seven files across two modules. A senior developer had reviewed it, left a dozen comments, and approved. But the build failed — not because o

0

GKGopinath Karunanithifreecodecamp.orgApr 28 · 27 min read

How to Apply STRIDE Threat Modeling and SonarQube Analysis for Secure Software Development

Secure software requires both design-time and code-time protection. STRIDE threat modeling helps identify risks early in system design, while SonarQube enforces secure coding practices through static

0

SSarthak-code786journeyindevops.hashnode.devApr 19 · 3 min read

From Auto Deployment to Controlled Deployment: Integrating SonarQube Quality Gates

I thought my CI/CD pipeline was complete. Build ✔Docker ✔Deployment ✔ Everything was working end to end. Then I added one more step: Code quality. Introducing Code Quality into the Pipeline To make t

0

HAHardik Arorahardik0811arora.hashnode.devMar 29 · 5 min read

🛡️Educonnect: A Deep Dive into Cloud-Native Security & K3s Orchestration

"If you can't measure it, you can't secure it." In this post, I’m pulling back the curtain on the EduConnect CI/CD pipeline. We aren't just looking at code; we are looking at real-time security telem

0

TCThankGod Chibugwum Oboboactocodes.hashnode.devMar 29 · 10 min read

Shift-Left Testing: How to Automate QA/QC Pipelines with SonarQube and GitHub Actions

Finding a bug in production costs significantly more to fix than catching it during development. This is the core argument behind shift-left testing, the practice of moving quality checks earlier in t

0

AGAshwin Guptaash-wins.hashnode.devMar 25 · 11 min read

Hacking Multi‑Branch Analysis in SonarQube Community Edition

Most teams hit this at some point: You’re using SonarQube Community Edition (8.9.9 in my case) You have multiple long‑lived feature branches, plus release branches You care about code quality and s

0

GSGaurav S Tayadegauravtayade11.hashnode.devMar 23 · 5 min read

Building a Production-Ready SonarQube Scanner Plugin for Devtron CI/CD

Introduction When managing multiple application pipelines using Devtron — an open-source Kubernetes-native CI/CD platform — teams often need a consistent way to enforce code quality standards across a

0

NMNoran Mohamednoran-mohamed-devsecops.hashnode.devMar 19 · 21 min read

Integrating SonarQube SAST with GitLab and Jenkins: A Complete DevSecOps Tutorial - Part 1

Introduction Hello everyone, and welcome to my very first blog post! In this post, I’ll be starting with a foundational task in DevSecOps. For those of you new to this world, DevSecOps is simply the p

0

DGDevTools Guidedevtoolsguide.hashnode.devMar 3 · 8 min read

Static Analysis Beyond Linting: CodeQL, Semgrep, SonarQube, and Snyk Code

Static Analysis Beyond Linting: CodeQL, Semgrep, SonarQube, and Snyk Code Linters enforce style. Static analysis finds bugs. The difference matters. ESLint will tell you about unused variables and inconsistent formatting. CodeQL will tell you that us...

0

#sonarqube

Search Hashnode

#sonarqube

Explore Hashnode

Trending tags this week

Integrating SonarQube with Jenkins for Continuous Code Quality Analysis

Clean Code at Scale: How Sonar Became Our Silent Reviewer

How to Apply STRIDE Threat Modeling and SonarQube Analysis for Secure Software Development

From Auto Deployment to Controlled Deployment: Integrating SonarQube Quality Gates

🛡️Educonnect: A Deep Dive into Cloud-Native Security & K3s Orchestration

Shift-Left Testing: How to Automate QA/QC Pipelines with SonarQube and GitHub Actions

Hacking Multi‑Branch Analysis in SonarQube Community Edition

Building a Production-Ready SonarQube Scanner Plugin for Devtron CI/CD

Integrating SonarQube SAST with GitLab and Jenkins: A Complete DevSecOps Tutorial - Part 1

Static Analysis Beyond Linting: CodeQL, Semgrep, SonarQube, and Snyk Code