What is SonarCloud?
Analyzing Code Quality, Security and Bugs can be identified as a major task that we need to do during or after developing a software application. When the application is bigger and have so much components in it, it is somewhat harder to analyze manually. To solve this issue, We can use a tool like SonarCloud. You can import your GitHub, Bitbucket, Azure DevOps or GitLab repository but it doesn’t directly support AWS CodeBuild or CodeCommit Projects.
In this article, I’m going to guide you on how to integrate SonarCloud with your AWS Codebuild environment.
What you need?
- AWS Developer Account with Access to CodeCommit and CodeBuild
- SonarCloud Account
Step #1 — Creating a SonarCloud Project
First you’ve to login to your SonarCloud Account. Then click on the plus icon in the right side and click Analyze new Project
In the next page, click on Create a Project Manually
In the next page, enter a project key and display name you like and click Set up.
It will setup the project. Then click Manually to configure the project manually
Then Sonarcloud will ask about your build and Operating system. I have selected Other for build and Linux as the OS because CodeBuild projects run on Linux.
After selecting those two options, you will get the SONAR_TOKEN and a command that you can use in an upcoming step. Save the token and a command in a place where you can easily access.
Step #2 — Creating a CodeCommit Project
First, login to your AWS account and then navigate into CodeCommit.
Then Click Create Repository > Give the repository a name and Create the repository.
After creating the repository, Clone the repository . After that, you can add your code into the repository.
Here, we need to add a special file to initiate the build process in CodeBuild. It is known as the buildspec.yml file. Create a file called buildspec.yml and paste the below content in it.
Then change the following values with the values you got when creating the sonarcloud project
- SONARCLOUD_ORG = Your Sonar Cloud Organization name
- PROJECT_KEY = Your Sonar Project Key
- SONARCLOUD_TOKEN = Your Sonar Project Token
Then push the entire codebase to the repository.
Step #3 — Creating CodeBuild Project
Then navigate into CodeBuild and create a project.
When creating the project, select the CodeCommit repository you created earlier. Then click create to create the project.
After creating the project, You can run the build. If everything is correctly configured, the sonar scanner will analyze the project. After everything is completed, you will be able to see the analyses report on Sonarcloud.