# SonarQube

## Overview

SonarQube is an automated code review tool that helps detect bugs, security vulnerabilities, and maintainability issues (code smells). It integrates with your development workflows, enabling continuous inspection of your project branches and pull requests.

***

## SonarQube Concepts

### Architecture

| Concept  | Definition                                                            |
| -------- | --------------------------------------------------------------------- |
| Analyzer | A client that analyzes source code and computes snapshots.            |
| Database | Stores configuration and snapshots.                                   |
| Server   | Web interface for browsing snapshot data and managing configurations. |

### Quality

| Concept          | Definition                                                          |
| ---------------- | ------------------------------------------------------------------- |
| Clean Code       | Reliable, secure, maintainable code adhering to defined attributes. |
| Bug              | A code issue that may cause a failure. Needs immediate fixing.      |
| Code Smell       | A maintainability issue. Increases developer confusion and risk.    |
| Technical Debt   | Estimated time to fix code smells.                                  |
| Issue            | A violation of a coding rule in source or test files.               |
| Measure          | Metric value for a file/project at a given time.                    |
| Metric           | A type of measurement (e.g., LOC, complexity).                      |
| Quality Profile  | Set of rules used in a project.                                     |
| Remediation Cost | Estimated time to fix reliability/security issues.                  |
| Snapshot         | A project’s analysis result at a given time.                        |
| Security Hotspot | Code that needs manual review for potential vulnerabilities.        |
| Rule             | Coding standards to avoid issues and vulnerabilities.               |

***

## Setting Up SonarQube in AutoRABIT

### Step 1: Generate a SonarQube Token

1. Log in to your SonarQube instance.
2. Navigate to **User > My Account > Security**.
3. Generate a new token and **copy it** immediately.
4. Use this token when storing credentials in AutoRABIT.

### Step 2: Store SonarQube Credential in AutoRABIT

1. In AutoRABIT, go to **Admin > Credentials**.
2. Click **Create Credential**.
3. Enter:
   * **Credential Name**
   * **Credential Type**: "User name with Password"
   * **Scope**: Global or Private
   * **Username**: SonarQube username (not email)
   * **Password**: Paste the token from Step 1
4. Click **Save**.

![Credential Setup](/files/02p8v4A2QgXmmIQSHPRw)

***

### Step 3: Integrate SonarQube with AutoRABIT

1. Go to **Admin > My Account > Plugins**.
2. Check **SonarQube** under **Static Code Analysis**.
3. Provide:
   * **SonarQube URL** (e.g., `https://sonarcloud.io`)
   * **Host Type**: Cloud or On-premise
   * **Organization Key** (if using SonarCloud)
   * **Select Credential**
4. Click **Test Connection**, then **Save**.

![Plugin Setup](/files/pkQ9FjdpBE6kGon5TVK2)

***

### Step 4: Configure SonarQube Quality Gate Criteria

1. Go to **Admin > My Account**.
2. Under **Validation Criteria - Static Code Analysis**:
   * Enable **SonarQube**
   * Set the **Quality Gate** status (default: ERROR)
   * Click **Save**

![Validation Setup](/files/dF8nw2ACcAun8UR0xizr)

***

### Step 5: Commit Validation Approval Settings

1. Under **Commit Validation - Approval Settings**:
   * Enable **criteria-based Review Process**
   * Enable:
     * **Should pass validation criteria for Static Code Analysis**
     * **SonarQube**
     * **Auto reject commit process if criteria are not met**
2. Click **Save**

![Commit Validation](/files/K0X7KjtlDW9nl69posgX)

***

### Step 6: Merge Settings (Optional)

1. Under **Merge Settings**:
   * Enable **criteria-based Review Process**
   * Enable **SonarQube**
2. Click **Save**

***

Once configured, SonarQube will be enforced during commits, CI builds, and merges within AutoRABIT, ensuring only clean and secure code progresses through the pipeline.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledgebase.autorabit.com/product-guides/arm/integration-and-plugins/sonarqube.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.