Setting Up SonarQube for Code Analysis: Part 1 - Docker Compose Configuration

Ali Mahdiyanjoo — Mon, 15 Apr 2024 09:34:29 +0000

SonarQube Overview:

SonarQube is an open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities. It supports multiple programming languages like Java, C#, JavaScript, Python, and more. SonarQube provides detailed reports and metrics to help teams improve code quality and maintainability.
Comparison with Other Tools:

Snyk: Snyk focuses primarily on open-source security, offering vulnerability scanning and dependency management. It's more specialized in managing third-party dependencies' security.
Checkmarx: Checkmarx is a robust tool for static application security testing (SAST), emphasizing identifying and fixing security vulnerabilities in the codebase.
Qualys: Qualys is a broader security platform that includes vulnerability management, compliance monitoring, and threat protection.
DeepSource: DeepSource is geared towards automated code reviews and provides actionable insights to improve code quality and maintainability.

Why SonarQube Might Be Better:

Comprehensive Code Analysis: SonarQube offers a comprehensive set of code quality checks, including security vulnerabilities, bugs, code smells, and code duplication.
Language Support: SonarQube supports a wide range of programming languages, making it suitable for diverse development environments.
Customizable Rules: It allows users to define and customize coding rules based on their specific requirements and standards.
Integration: SonarQube integrates well with popular CI/CD tools like Jenkins, GitLab CI/CD, and Azure DevOps, enabling seamless integration into the development pipeline.
Community Support: Being open-source, SonarQube has a vibrant community contributing to its development, plugins, and support.

Docker Compose Configuration for SonarQube:


version: "3"

services:
  sonarqube:
    image: sonarqube:community
    depends_on:
      - db
    environment:
      SONAR_JDBC_URL: jdbc:postgresql://db:5432/sonar
      SONAR_JDBC_USERNAME: {Your_Username_Here}
      SONAR_JDBC_PASSWORD: {Your_Password_Here}
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_extensions:/opt/sonarqube/extensions
      - sonarqube_logs:/opt/sonarqube/logs
    ports:
      - "9000:9000"
  db:
    image: postgres:12
    environment:
      POSTGRES_USER: {Your_Username_Here}
      POSTGRES_PASSWORD: {Your_Password_Here}
    volumes:
      - postgresql:/var/lib/postgresql
      - postgresql_data:/var/lib/postgresql/data

volumes:
  sonarqube_data:
  sonarqube_extensions:
  sonarqube_logs:
  postgresql:
  postgresql_data:

After creating the docker-compose.yml file, run the following command to start SonarQube in the background:

docker-compose up -d

Once SonarQube is up and running, you can access it using your browser at http://{Your_IP}:9000. Make sure to replace {Your_IP} with your actual server's IP address.

This setup will launch SonarQube with PostgreSQL as the database backend, allowing you to perform code analysis and quality checks seamlessly.

This is the first part of the setup. In the second part, we'll configure SonarQube for Java backend analysis, and in the third part, we'll set it up for frontend Node.js analysis. Let me know when you're ready to proceed with the next steps!

Updating Elasticsearch with P12 Certificate

Ali Mahdiyanjoo — Mon, 25 Mar 2024 14:54:04 +0000

🔍 Background:

For updating Elasticsearch to versions 17.10 and 17.5 with a P12 certificate, you can follow the steps outlined below.

Steps:

Access Docker Container:

docker exec -it {container_name} bash

Generate CA Certificate:

/usr/share/elasticsearch/bin/elasticsearch-certutil ca

Enter a file name for the CA certificate in P12 format (e.g., New_Cer.p12)
Specify the cipher for SSL encryption.

Sign the new Certificate:

/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca {First_created_file}.p12 --ca-pass "" --days {Date_Of_Expiration} --out "{Output_name}.p12" --pass ""

Replace SSL Certificate:

rm -rf /usr/share/elasticsearch/config/cert/elastic-stack-ca.p12

mv {Location_Of_Created_File} /usr/share/elasticsearch/config/cert/elastic-stack-ca.p12

Update File Permissions:

sudo chown {Username}:{Group} /usr/share/elasticsearch/config/cert/elastic-stack-ca.p12

Check SSL Validation:

Dev Tool in Kibana:

GET /_ssl/certificates

Check SSL Expiry Date:

curl -X GET http://{IP_Address}:9200/_ssl/certificates -u {Username}:{Password} | jq '.[-1].expiry' | cut -d '"' -f 2

🚀 Completion:

By following these steps, you would have successfully updated Elasticsearch to the specified versions and configured it with a P12 certificate for secure communication.

Good luck with your Elasticsearch update! 🎉

DEV Community: Ali Mahdiyanjoo

Setting Up SonarQube for Code Analysis: Part 1 - Docker Compose Configuration

Updating Elasticsearch with P12 Certificate

Steps: