Cyber Monday Deal : Flat 30% OFF! + free self-paced courses  - SCHEDULE CALL

- DevOps Blogs -

Ultimate and Easy Ways About Jenkins Code Analysis To make you Successful



Introduction

In the previous several blogs, we discussed automating/integrating several aspects of SDLC. We discussed Jenkins configuration, Building and compiling source code, integrated testing with our pipeline, notifications and so on. Now, here’s one more aspect of SDLC, code analysis. For this, we will integrate different tools with our pipeline which will analyse on the basis of the best practice essential for the development of code. 

Let’s start analysing code and obviously with the help of both kind of projects:

  • Freestyle
  • Pipeline/Multibranch Pipeline

So, here we proceed !!

What is Code Analysis?

Code Analysis tool is to analyse the code for vulnerabilities, bugs, code complexity and test coverage. Code Analysis is basically responsible for code quality which will help in removing duplicated code and reports of code complexity and code coverage also. There are various kinds of code analysis tools present in the market like:

Code analysis done on code without actually executing the code program. Code analysis assists project team(s) in stopping problems before they actually surface. If an organization is not able to identify vulnerabilities at the correct time, it can lead to higher cost, increased maintenance efforts, Business disruption and performance also will be affected

DevOps Training & Certification Course

  • No cost for a Demo Class
  • Industry Expert as your Trainer
  • Available as per your schedule
  • Customer Support Available

Jenkins - Code Analysis

The Jenkins Next Generation plugin helps in analyzing code, collects all warnings, and helps in visualizing the records through pie charts and graphs. This plugin replaces the entire Jenkins Static Analysis suite. Various other plugins become obsolete now after the launch of this like:

  • PMD
  • Static Analysis Collector
  • Findbugs
  • Warning

etc

  • Install Warnings Next Generation plugin from Manage Jenkins → Manage Plugins

Jenkins Code Analysis

  • Now, as this plugin gives us multiple tools options to analyse, just to note that we will be using “checkstyle” for our demo. Just a prerequisite, in your maven project, you should be using checkstyle plugin in reporting section of pom.xml like below:Jenkins Code Analysis2

This will enable the reporting of check style results, with a configuration file(required). Put your checkstyle.xml file which is required to have all modules utilized to capture the results, if the developer’s code is following best practice or not.

  • Proceed to already created freestyle project’s (in previous blogs) configuration page and add one more maven goal in already existing to execute check style on source code, that is: “check style:checkstyle

Jenkins Code Analysis3

  • Go to “Post-Build Actions” segment and look for “Record Compiler warnings and static analysis results

  • You will get the below options to choose and fill accordingly. For tool field, observe a list of multiple tools to work upon but as decided, for our example we will be utilizing “checkstyle”, so select that and then we will do the configuration on basis of chosen tool:

Jenkins Code Analysis5

  1. Report File Pattern -- Provide file(s) path from where to generate detailed reports and graphs.

  2. Report Encoding -- whether UTF-8 or ISO-8859-1 etc., I chose the default.

  3. Custom ID - Any unique ID, apart from default “checkstyle"

  4. Custom Name -- Unique Name, apart from default “checkstyle”.

  • You can add multiple tools by clicking the “Add” button depending on the requirement as every tool suffices different types of requirements and having different rulesets.
  • Press Advanced and it will open detailed configuration pane but useful one for us are:
    • Aggregate results -- To combine end reports of all defined tools 

    • Issue filters -- If need to include/exclude package, module, class file, etc, define filters and chose select from the drop-down:

Jenkins Code Analysis6

  1. Fail on Errors -- Fails the build, if errors have been reported.

  2. Quality Gate -- Similarly, you can specify a quality gate with threshold value to make build fail/unstable.

  • These configurations will be enough. Click Save and build the job.
  • Once your maven goals executed successfully, it will start reading from an XML file and record the result as can be checked from console output:
  • Go back to the Job dashboard and you will see the “Checkstyle Warnings” link on the left side. Click on the link:

Jenkins Code Analysis8

This will give you an overall result in the form of different pie-charts and graphs. In the pie charts, it will show you Severities distribution on the basis of  -

  • errors
  • High 
  • Normal and 
  • Low

In the below, you will see details on the basis of “categories”, “types” and “issues”. Just go through all these to have a better understanding.

  • On the basis of these warnings provided in the “Details” section, work on your code, resolve it and then re-run the job. You will observe less number of issues next. 

This checkstyle will run on your overall code and try to capture all best practices and vulnerabilities on the ruleset defined in the corresponding xml file( e.g. checkstyle.xml, in this case). Resolve on the basis of priority and severity and proceed. This is how you can integrate your check style warnings in freestyle projects. Graphs will also determine the number of severities fixed from the last run.

On a high level, it will show:

  • Total number of warnings in a job
  • Fixed and new warnings of build
  • Trend reports per build
  • Detailed view of warnings/errors per module, package, category and type.
  • The detailed report of warnings sorted by severity.

Code Analysis - Pipeline project

For similar discussions like above, in the pipeline we can use:

  • scanForIssues and
  • publishIssues

To scan and publish static analysis scans and reports. E.g. for scan, following line to be added in “post” block

scanForIssues tool: checkStyle(pattern: '**/target/checkstyle-results.xml')

SONARQUBE - Jenkins Integration

Sonarqube is the most widely known tool used for static analysis. It will help in catching bugs and vulnerabilities also in your project. 

We will use SonarScanner to scan code and will connect to Sonarqube instances. Sonarscanner is available as Jenkins and Maven Plugin.

 

Create Sonarqube Instance

1. We will use the Community edition of Sonarqube for this blog which comes with its own ES and DB set up. Download latest Sonarqube Community Edition, as a non-root user, start sonarqube server after unzipping the zip file:

/opt/sonarqube/bin/linux-x86-64/sonar.sh console

2. Open URL http://:9000 and login with default credentials- admin/admin.

Changes in Source Code

  1. Open your pom.xml and include the following code. We will be using default tool “Jacoco” for code coverage:

Configuring Jenkins with Sonarqube

  1. Install Sonarqube Scanner plugin 
  2. Proceed to Manage Jenkins → Configure System. Look for Sonarqube servers and Add Sonarqube.

  1. Provide a user-defined name and Server URL. For Server Authentication token, go to your Sonarqube server, click on User at top right, select My Account

  1. Go to the Security Section, Provide token name under “Generate Tokens” and click Generate. Copy the token and go back to Jenkins. Click on “Add”.

  2. There can be an issue that ADD will not pop up anything, just save the configuration and come back. Click on Add → Jenkins → Select “Secret Text” and add the generated Token there with proper ID(otherwise, it will take a random ID). I provided an ID as “sonarqube-token”.

  3. Click Save.

  4. Proceed to Manage Jenkins → Global Tool Configuration → Sonarqube Scanner. Click on Add Sonarqube Scanner

  1. Now, Proceed to Job configuration. Update maven goals section with “verify sonar:sonar install”. Provide sonar host url in Maven properties section:

sonar.host.url=http://:9000/

  1. From Build Step, Select “Execute Sonarqube Scanner

  1. In this section, we will update “Analysis properties” only with following values:

# Metadata Info
sonar.projectKey= //User Declared
sonar.sources=src/main
sonar.sourceEncoding=UTF-8
sonar.language=java

# Tests Configuration
sonar.tests=src/test
sonar.junit.reportsPath=target/surefire-reports
sonar.surefire.reportsPath=target/surefire-reports
sonar.jacoco.reportPath=target/jacoco.exec
sonar.java.binaries=target/classes
sonar.java.coveragePlugin=jacoco

 

  1. Press Save and Build.

  2. Code will be scanned successfully and you can check from Console output also. Once completed, your Jenkins dashboard will look like:

Verify Sonarqube Instance

  1. Click on Link from Jenkins, it will open your Sonarqube instance with project key specified in job’s configuration:

I was having 2 projects running, so it is showing two instances in my case. As it was a sample project, so no coverage happened but there is 1 “code Smells” issue. Similarly, go through your analysis and rectify problems as per priority /severity.

  1. This is how Sonarqube is integrated with Jenkins using the Freestyle project.

SONARQUBE - Jenkins Integration - Pipeline

Your sample Jenkinsfile will look like:

  • withSonarQubeEnv -- will take the Name set in Jenkins’ Configuration system
  • waitForQualityGate -- will halt pipeline for 10 minutes and wait for the Quality gate to pass
  • All the properties we described in the Freestyle project can be configured in sonar-project.properties file and put it in your root location of source code.

After successful completion, verify your Sonarqube instance:

Conclusion

In this blog, we discussed integrating code analysis tools with Jenkins and how code analysis can help in your project. Happy coding and do let me know if stuck anywhere while trying. In the next blog, we will discuss master-slave architecture in Jenkins, how to manage different nodes for different jobs. See you soon discussing some more interesting stuff on another blog!!

Hope this helps.

fbicons FaceBook twitterTwitter lingedinLinkedIn pinterest Pinterest emailEmail

     Logo

    JanBask Training

    A dynamic, highly professional, and a global online training course provider committed to propelling the next generation of technology learners with a whole new way of training experience.


  • fb-15
  • twitter-15
  • linkedin-15

Comments

Trending Courses

Cyber Security Course

Cyber Security

  • Introduction to cybersecurity
  • Cryptography and Secure Communication 
  • Cloud Computing Architectural Framework
  • Security Architectures and Models
Cyber Security Course

Upcoming Class

3 days 14 Dec 2024

QA Course

QA

  • Introduction and Software Testing
  • Software Test Life Cycle
  • Automation Testing and API Testing
  • Selenium framework development using Testing
QA Course

Upcoming Class

9 days 20 Dec 2024

Salesforce Course

Salesforce

  • Salesforce Configuration Introduction
  • Security & Automation Process
  • Sales & Service Cloud
  • Apex Programming, SOQL & SOSL
Salesforce Course

Upcoming Class

3 days 14 Dec 2024

Business Analyst Course

Business Analyst

  • BA & Stakeholders Overview
  • BPMN, Requirement Elicitation
  • BA Tools & Design Documents
  • Enterprise Analysis, Agile & Scrum
Business Analyst Course

Upcoming Class

3 days 14 Dec 2024

MS SQL Server Course

MS SQL Server

  • Introduction & Database Query
  • Programming, Indexes & System Functions
  • SSIS Package Development Procedures
  • SSRS Report Design
MS SQL Server Course

Upcoming Class

2 days 13 Dec 2024

Data Science Course

Data Science

  • Data Science Introduction
  • Hadoop and Spark Overview
  • Python & Intro to R Programming
  • Machine Learning
Data Science Course

Upcoming Class

3 days 14 Dec 2024

DevOps Course

DevOps

  • Intro to DevOps
  • GIT and Maven
  • Jenkins & Ansible
  • Docker and Cloud Computing
DevOps Course

Upcoming Class

6 days 17 Dec 2024

Hadoop Course

Hadoop

  • Architecture, HDFS & MapReduce
  • Unix Shell & Apache Pig Installation
  • HIVE Installation & User-Defined Functions
  • SQOOP & Hbase Installation
Hadoop Course

Upcoming Class

9 days 20 Dec 2024

Python Course

Python

  • Features of Python
  • Python Editors and IDEs
  • Data types and Variables
  • Python File Operation
Python Course

Upcoming Class

10 days 21 Dec 2024

Artificial Intelligence Course

Artificial Intelligence

  • Components of AI
  • Categories of Machine Learning
  • Recurrent Neural Networks
  • Recurrent Neural Networks
Artificial Intelligence Course

Upcoming Class

3 days 14 Dec 2024

Machine Learning Course

Machine Learning

  • Introduction to Machine Learning & Python
  • Machine Learning: Supervised Learning
  • Machine Learning: Unsupervised Learning
Machine Learning Course

Upcoming Class

16 days 27 Dec 2024

 Tableau Course

Tableau

  • Introduction to Tableau Desktop
  • Data Transformation Methods
  • Configuring tableau server
  • Integration with R & Hadoop
 Tableau Course

Upcoming Class

9 days 20 Dec 2024

Search Posts

Reset

Receive Latest Materials and Offers on DevOps Course

Interviews