Deep dive Sonar Cloud & integration with Azure DevOps

Tools: IAR Compiler, Azure DevOps, Sonar cloud, Programming language is Embedded C, YAML file, Static code analysis

In this course, we are going to see how to integrate Sonar cloud analysis tool  in MS Azure pipelines for Embedded C.

What you’ll learn

  • Introduction to Static code analysis.
  • Work flow of Static Code Analysis.
  • Introduction to Sonarcloud.
  • Deep dive in to Sonar cloud including administration, Quality gates, quality profiles, Pull request Decoration etc.
  • Detailed steps to integrate sonar cloud with Azure Pipeline in Embedded domain.
  • Sonar cloud integration on Azure DevOps, mainly for embedded C language , IAR compiler.
  • IAR Build integration with Sonar cloud configuration steps.
  • Challenges faced in this Integrations, Limitations and lessons learnt.

Course Content

  • Introduction –> 5 lectures • 18min.
  • Section 2: WorkFlow & Sonarcloud Integration steps with Azure pipeline -indetail –> 17 lectures • 1hr 14min.
  • Sonar Cloud Deep dive –> 19 lectures • 1hr 31min.
  • Limitations, Lessons learnt and best practices –> 4 lectures • 11min.
  • Summary –> 5 lectures • 12min.

Deep dive Sonar Cloud & integration with Azure DevOps

Requirements

  • Introduction on SDLC will be good..
  • Introduction to any build tool and a development environment will also helpful to understand course in deeper way.
  • No Programming experience needed, will cover in detail about each step required..

In this course, we are going to see how to integrate Sonar cloud analysis tool  in MS Azure pipelines for Embedded C.

To integrate sonar build wrapper is used and a small power shell script written to download this build wrapper.

Creating IAR Compiler batch files for making build  with sonar cloud scanner.

YAML file creation for Build pipeline with detailed sonar cloud configuration steps.

Local Build agent is created and used for build pipelines. (Not a hosted agent)

Understanding and analyzing sonar cloud reports.

How to create a quality profiles?

How to create quality gates?

Walk through on Administration and settings.

Pull request decoration for auto comment in Pull request (in your Build pipeline).

Terminology understanding including code smells, Vulnerabilities , static code analysis (SCA) , build pipeline etc.

Focused more on version controlling of complete CI integration.

Will walkthrough on different SCA tools available and what need to be considered when we choose a SCA tool.

Will discuss on Challenges faced , limitations of these tools  and lessons learnt.

Difference between sonar cloud and sonarqube.

Work flow on the sonar cloud integration with Azure DevOps services.

Shift left testing and SCA advantages.

Will walkthrough on the sonar cloud creating project manually and scanning the project manually.

sonarcloud website walkthrough