Course Information
Registration period
Year-round Recruitment
Course Level
Study Mode
Duration
3 Hour(s) 25 Minute(s)
Language
English
Taught by
Amrit Choudhary (DevSecOps | DevOps Expert | Docker | SonarQube )
Rating
Course Overview
SonarQube and SonarCloud 2026: Real-Time Static Code Analysis and Continuous Quality Inspection in 27+ Languages
SonarQube | SonarCloud | SonarLint – DevOps + Security + QA (Most Widely Used Open-Source Tool)
SonarQube is a leading open-source platform for continuous inspection of code quality. It performs automatic code reviews using static code analysis to detect bugs, code smells, security vulnerabilities, and maintainability issues across 27+ programming languages.
This course is designed with a learn-by-doing approach, enabling you to gain deep, practical expertise in SonarQube and its ecosystem.
Audience:
This course is suitable for:
Freshers, Developers, Project Managers, Architects, QA Engineers, Support Engineers, DevOps, DevSecOps, InfoSec, and Process Engineers who want to master code quality, security, and CI/CD best practices.
Fundamentals & Concepts
Introduction to SonarQube, SonarCloud, and SonarLint
Purpose and benefits of static code analysis
Understanding DevOps & DevSecOps use cases
SonarQube architecture, editions, versions, and ecosystem
Core SonarQube terminologies and metrics
Maintainability, Reliability, and Security concepts
Installation & Setup
Installation and setup of SonarQube using Docker & Docker-Compose
Installation and configuration of Jenkins
Installation & configuration of Sonar Scanner
Setup of build tools:
Ant, Maven, Gradle
NodeJS, Python
Overview of SonarQube UI and navigation
Hands-On Code Analysis
Onboarding projects into SonarQube & CI pipelines
Running code analysis for multiple programming languages
Publishing and interpreting analysis results
Reporting code coverage, unit and integration test results
Understanding and analyzing:
Bugs
Vulnerabilities
Code Smells
Technical Debt
Complexity
Duplicated lines, files, and blocks
SonarLint & IDE Integration
Installing SonarLint in:
Eclipse
IntelliJ IDEA
VS Code
Configuring SonarLint Connected Mode
Real-time code analysis and issue detection in IDEs
Quality Management
Quality Gates and Quality Profiles
Creating and managing custom rules & rule templates
Enforcing quality standards across teams
Failing builds based on Quality Gate conditions
Handling and fixing identified issues
Administration & Configuration
Project administration
User, group, permission, and token management
Plugin installation and management
Security configuration of SonarQube
SMTP configuration and email notifications
Branding SonarQube UI with company logo
SonarQube Marketplace & system details
Security & SAST
SAST (Static Application Security Testing) fundamentals
Security vulnerability analysis
SAST integration with CI/CD pipelines
CI/CD & DevOps Integrations
Integration with Jenkins (Jobs & Pipelines)
Integration with GitHub & GitHub Actions
Integration with GitLab & GitLab CI/CD
Automating quality checks in CI/CD workflows
Failing CI/CD pipelines based on SonarQube Quality Gates
Advanced Topics
Using the SonarQube Web API for automation, monitoring, and data extraction
Best practices for enterprise-grade SonarQube deployments
By the End of This Course, You Will Be Able To:
Define and manage Quality Gates, Quality Profiles, and Rules
Analyze code locally using SonarLint
Perform secure and scalable static code analysis
Integrate SonarQube with GitHub, GitLab, and Jenkins
Enforce code quality and security standards across CI/CD pipelines
Confidently administer and customize a SonarQube instance
Course Content
- 13 section(s)
- 16 lecture(s)
- Section 1 SonarQube : Introduction
- Section 2 SonarQube Pre-Requisites
- Section 3 SonarQube : SonarQube Setup with Jenkins
- Section 4 SonarQube : ANT | Java Project Analysis
- Section 5 Sonar Lint analysis with intellij
- Section 6 SonarQube : Maven Project Analysis
- Section 7 SonarQube : Gradle Based Project
- Section 8 SonarQube : NodeJs Based Project
- Section 9 SonarQube : Python Based Project
- Section 10 SonarQube : Miscellaneous
- Section 11 Bonus Lecture
- Section 12 Knowledge Check
- Section 13 Link to excel in my other courses
What You’ll Learn
- Understand SonarQube's role in enhancing code quality, security, and maintainability., Static Application Security Testing (SAST), Secure coding pratice, Sonar Scanner Integration with DevOps tools like Jenkins, Identifying Bugs, Vulnerabilities, Debt, Code Coverage and Code smells in Projects, Detect tricky issues, logic errors, resource leaks, null pointers during development cycle itself, Understand SonarQube's role in enhancing code quality, security, and maintainability., Identify bugs, security vulnerabilities, technical debt, code coverage gaps, and code smells in your projects using SonarQube., Secuity vulnerabilities testing, Install and set up SonarLint in popular IDEs like VSCode, Eclipse, and IntelliJ for real-time code quality analysis, Learn to install essential plugins and perform key administrative tasks in SonarQube for effective project governance., Learn how to seamlessly integrate SonarQube with GitHub Actions/ Gitlab for automated code quality checks in your CI/CD pipeline., Master managing Quality Profiles and Quality Gates in SonarQube to enforce coding standards and maintain high code quality across projects., Understand static code analysis and how SonarQube highlights code issues for better quality., Learn how to generate and report test coverage using SonarQube for improved code quality insights., Learn how to run SonarQube locally using Docker for seamless code quality analysis., SonarQube Administration, Quality Gate, Quality profile, Jenkins & SonarQube Pluggin Installation, Fail/Pass job based on Quality Gate Criteria, difference between community and enterprise edition, Sonar Cloud, sonarqube with CI/CD pipelines, sonarqube security vulnerabilities, Integrate SonarQube with Jenkins, integrate sonarqube with github, integrate sonarqube with gitlab
Skills covered in this course
Reviews
-
AAkshay Bharadwaj
In the video, the instructor primarily demonstrates the setup and configuration process using a Mac system. However, it would have been very helpful if the course also included guidance specifically for Windows users. Configuring the tools and environment on a Windows desktop can be quite different from Mac, and without Windows-specific instructions, learners may encounter errors or face challenges that are not addressed in the current material. Including a dedicated section for Windows setups would ensure a smoother learning experience for all users, regardless of their operating system.
-
AArun Kumar Kothapalli
It would be good if it was done in Windows machine also or on AWS EC2 instance.
-
TTedial Media
Los subtítulos son VERGONZOSOS. Entiendo que sean autogenerados en una primera etapa pero, qué mínimo que repasarlos y corregirlos.
-
MMilton Ramos
I thought this course would cover more administrative tasks from a security standpoint. I guess this course is more focused on developers.
